Microsoft's Bringing Azure and Xbox Security to the Edge

A diagram of Azure Sphere MCU chips

A diagram of Azure Sphere MCU chips

The announcement marks Microsoft's latest embrace of a former rival technology, as the company relies less on its legacy Windows franchise and more on providing powerful cloud-connected services.

Microsoft announced a new program called Azure Sphere today aimed at better securing the millions of devices coming online as part of the internet of things (IoT) that are powered by microcontrollers.

Chipmaker Mediatek said in a statement that it's sampling compatible Azure Sphere-certified chips with some customers. Sphere MCUs incorporate an application processor, a real-time processor, flash storage, and memory, along with Microsoft's security module (named "Pluton") and network connectivity.

The third and final part of the Azure Spere offering is a "turnkey cloud security service", which is created to protect every Azure Sphere device, meaning those that have the custom MCUs and Azure Sphere OS.

The new MCU architecture "combines the versatility and power of a Cortex-A processor with the low overhead and real-time guarantees of a Cortex-M class processor", says Microsoft. "The Microsoft-secured Linux kernel used in the Azure Sphere IoT OS is shared under an OSS license so that silicon partners can rapidly enable new silicon innovations". The service brokers trust for device-to-device and device-to-cloud communication through certificate-based authentication. Finally, Microsoft is launching an Azure Sphere Security Service that's supposed to handle security and management of those chips.

Azure Sphere eco-system conceptual diagram (left) and list of silicon partners Azure Sphere will target industries including whitegoods, agriculture, energy, and infrastructure. MediaTek will have the first such device, the MT3620, shipping later this year. Application code is run within containers to provide isolation, and Microsoft will have a custom security monitor running beneath the Linux kernel to protect system integrity and arbitrate access to critical resources. The software giant has sweetened the pot by "licensing our silicon security technologies to them royalty-free".

In recent years, we've seen Microsoft has increasingly softened its long-time anti-Linux stance by adding Linux support to its Azure service and targeting Windows 10 IoT at the Raspberry Pi, among other experiments. In doing so, he downgraded the role of Windows, the foundation of Microsoft's success for much of its 43 years.

It wasn't always so. For years, Microsoft CEO Steve Ballmer took turns deriding Linux and open source while warning about the threat they posed to the tech industry. By 2009, a Microsoft exec openly acknowledged the threat of embedded Linux and open source software. In 2011, Windows 8 came out with a new UEFI system meant to stop users from replacing Windows with Linux on major PC platforms.