• 3 min read

Expanding Azure Certified for IoT program for the intelligent edge

Three years ago, we launched the Azure Certified for IoT program to help customers ensure their device of choice was tested to work with Azure IoT technology. Since then, our customers and partners…

Three years ago, we launched the Azure Certified for IoT program to help customers ensure their device of choice was tested to work with Azure IoT technology. Since then, our customers and partners have embraced the benefits of bridging the cloud with IoT devices together. With their enthusiasm, we have grown Azure Certified for IoT into one of the largest hardware ecosystems in the industry, with more than 250 partners and 1,000 different devices and starter kits already discoverable in the Azure IoT device catalog.

With the emergence of the intelligent edge and hardware innovations, we are expanding the certification program to support a wide range of hardware from low powered, constrained devices to AI-capable industrial gateways. We introduced Azure IoT Edge as a fully supported edge offering over a year ago, supporting Windows and Linux devices, and have seen huge customer momentum with increasing use of devices at the edge.

“Intelligent computing with real-time analytics at the edge is a key trend going forward – and increasingly a business requirement in the IoT business.”

–  Tomoyasu Suzuki, President of Plat'Home Co., Ltd

Today, we are excited to announce certification of Azure IoT Edge devices in the Azure Certified for IoT program, supporting certification of core functionalities such as device management, security, and advanced analytics. We have seen extremely positive momentum from hardware partners such as Advantech, Beckhoff Automation, Dell, HPe, Moxa, NexCom, Plat’Home, and Toshiba — and can’t wait for you to join us.

Azure IoT Edge device certification program overview

IoT Edge certification program has the capability-based certification concept. Each capability has its own level to provide granularity of the IoT Edge device that device seekers are looking for, and allows the Azure Certified for IoT program to evolve in the future.

Each capability contains its own leveling with “Level 1” being the lowest.

For the device to be certified as IoT Edge device, the device needs to pass all mandatory requirements:

  • [Mandatory] Edge runtime (Level 1 only)
  • [Mandatory] Device management (Level 1 only)
  • [Optional] Security (4 levels: Level 1 – 4)

Device prerequisites

An IoT Edge device is required to pre-install Azure IoT Edge runtime to be certified as Azure IoT Edge device. Pre-installing IoT Edge runtime in your device can occur at multiple stages in value chain.

IoT Edge device certification is certifying against the pre-installed Azure IoT Edge runtime in the device controlled by either OEMs or channels to provide the best out-of-the-box experience on IoT Edge devices. However, this does not mean that Azure IoT Edge runtime do not run or support devices that are not certified.

Certification criteria: Description of capabilities and levels

Below describes the IoT Edge device certification criteria and associated capabilities for each level.

  • Device management: Basic device management operations (reboot, FW/OS upgrades) triggered by messages from IoT Hub.
  • Security: Azure IoT Edge is secure from the ground up. However, additional threats with operating at the edge demands security enforcements using secure hardware. This certification aims to communicate diligence to security that goes above and beyond, provided by Azure IoT Edge as in deployment using HSM secured devices.

The below capabilities describe the risks within the device’s mitigation capabilities. It is neither a security guarantee nor a statement of the strength of security.

Security feature Standard feature Secure element Secure enclave
Secure hardware requirements None Standalone security processor (e.g. TPM and secure elements) Integrated security processor
Expectation Edge base security processes

Secure hardware protection of storage and use of secrets (e.g. keys)

Secure element features, plus protection of execution environment
Examples of typical transactions All transactions in accordance with deployment risk assessment
  • Authentication
  • Session key generation
  • Certificates processing

All of the secure element transactions plus:

  • Metering
  • Billing
  • Secure I/O
  • Secure Logging
Max security grading Level 2 Level 4 Level 4
Grading Level 1 Level 2 Level 3 Level 4
  • Custom
  • Azure Device SDK
  • Azure Device SDK
  • FIPS 140-2 Level 2
  • Common Criteria EAL 3+
  • Azure Device SDK
  • FIPS 140-2 Level 3
  • Common Criteria EAL 4+

Read Microsoft’s approach to deliver a secure platform for Azure IoT Edge devices in the blog post Securing the intelligent edge. Microsoft is working to define validation process for security requirement including exploration of leveraging 3rd party validation labs.

Next steps

If you are a hardware partner and want to certify your IoT Edge device today, you can submit your IoT Edge device through the partner dashboard.

If you have any questions, please contact Azure Certified for IoT at iotcert@microsoft.com.