When we announced general availability of firmware analysis enabled by Azure Arc last October, our goal was clear: help organizations gain deep visibility into the security of the firmware that powers their IoT, OT, and network devices. Since then, adoption has continued to grow as customers use firmware analysis to uncover vulnerabilities, inventory software components, and secure their software supply chain.
Leading into the Hannover Messe (HMI) 2026 conference, we’re excited to share the next wave of firmware analysis capabilities, delivering enhancements that help customers connect firmware risk to real-world fleet impact, prioritize vulnerabilities more effectively, scale to larger and more complex firmware images, and expand security analysis for UEFI-based platforms.
These updates are driven directly by customer feedback and by the rapidly evolving threat landscape facing embedded and edge devices.
Connecting Firmware Risk to Your Deployed Fleet with Azure Device Registry (Preview)
Securing connected devices doesn’t stop at identifying vulnerabilities in firmware—it requires understanding where those vulnerabilities exist in your deployed fleet and which devices are affected.
We’re excited to announce a new preview integration between firmware analysis enabled by Azure Arc and Azure Device Registry, bringing fleet-level visibility of IoT and OT devices directly into the firmware analysis experience. This helps customers quickly understand how many devices and assets are running a given firmware image, and which ones may be exposed to known security issues.
From firmware insights to fleet impact
Firmware analysis helps customers uncover security risks hidden deep inside the firmware running IoT, OT, and network devices—risks such as known CVEs, outdated open-source components, weak cryptography, and insecure configurations. Until now, these insights were primarily scoped to the firmware image itself.
With this new preview integration, firmware analysis now connects directly to Azure Device Registry, allowing customers to:
- See how many devices from IoT Hub integration with ADR (preview) and assets from Azure IoT Operations are associated with a specific analyzed firmware image
- Understand the real-world blast radius of vulnerabilities discovered in firmware
- Quickly identify which devices may require patching, mitigation, or isolation
This preview bridges an important gap between security analysis and operational decision-making.
What’s included in this preview
With this release, we’re introducing new fleet-level context directly into the firmware analysis experience:
- A new Devices + Assets count column in the firmware analysis workspace showing how many Azure Device Registry devices and assets are running each analyzed firmware image
- A click-through experience that lets users view the list of affected devices and assets in Azure Device Registry
- Visibility spanning both:
- Devices connected via IoT Hub
- Assets managed through Azure IoT Operations
This information is derived by correlating firmware metadata with device and asset inventory in Azure Device Registry, giving customers immediate insight into deployment exposure.
Key use cases
- Identify vulnerable devices at scale: When critical CVEs are discovered in a firmware image, customers can immediately see how many deployed devices are impacted—without manually correlating spreadsheets, tools, or inventories.
- Prioritize remediation actions: With fleet visibility, teams can decide whether to patch devices, temporarily isolate affected devices from the network, or disable devices that pose unacceptable risk.
- Bridge security and operations teams: Security teams gain clear insight into where vulnerabilities exist, while operations teams can quickly act on specific devices and assets—all within the Azure portal.
This integration is especially valuable in environments where downtime, safety, or regulatory compliance matter—such as manufacturing, energy, telecommunications, and critical infrastructure.
Prioritizing Vulnerabilities with Enhanced CVE Metadata (Preview)
The number of publicly disclosed vulnerabilities continues to rise year over year, making it increasingly difficult for security teams to determine which CVEs truly require urgent action. Simply knowing that a vulnerability exists is no longer enough—teams need context to prioritize remediation efforts.
With this release, firmware analysis now provides richer metadata for each discovered CVE, helping customers focus on vulnerabilities that pose the greatest real-world risk.
New CVE metadata includes:
- CISA Known Exploited Vulnerabilities (KEV) status – Indicates whether a CVE is listed in the CISA KEV catalog, signaling that the vulnerability is actively exploited in the wild.
- EPSS score (Exploit Prediction Scoring System) – A data-driven probability score that estimates the likelihood of a vulnerability being exploited in the next 30 days, complementing traditional severity metrics by focusing on exploitation likelihood rather than impact alone.
- Additional vulnerability context, including CVSS vectors and base scores, CWE classifications, and expanded metadata to support filtering and analysis.
Together, these enhancements make it easier to triage findings, align remediation with risk, and communicate priorities across security, engineering, and product teams.
Faster Performance for Large and Complex Firmware Images
As firmware analysis adoption has grown, we’ve seen customers analyze increasingly large and complex firmware images—particularly in domains like networking equipment, where a single image can generate thousands of findings.
To support these scenarios, we’ve made architectural enhancements to the service that significantly improve performance when working with large result sets.
Key improvements include:
- Up to 90% reduction in load times of analysis results, especially for firmware images producing 10,000+ findings
- More responsive filtering and exploration of results
These changes ensure that firmware analysis remains fast and usable at scale, even for complex network and infrastructure firmware images.
Expanding UEFI Firmware Analysis (Preview)
Modern devices increasingly rely on UEFI firmware as a foundational security boundary. In this release, we’re expanding our UEFI analysis capabilities to provide deeper visibility into UEFI executables and components.
New UEFI-focused capabilities include:
- Detection of OpenSSL libraries and related CVEs within UEFI firmware
- Binary hardening analysis for UEFI executables, including detection of proper configuration of Data Execution Prevention (DEP) memory protection
- Continued support for discovering cryptographic material in UEFI images, including embedded certificates and keys
This preview allows customers to evaluate the new capabilities, provide feedback, and help shape future enhancements in this area.
Note: UEFI SBOM and binary analysis features are currently in preview and intended for evaluation and feedback.
Bulk Export of Analysis Results for Supply Chain Collaboration
We also recently released a highly requested feature that makes it easier to share firmware analysis results with partners and suppliers. Customers can now:
- Bulk download analysis results across one or more firmware images
- Export results as CSV files packaged into a ZIP archive
This capability simplifies workflows such as sharing findings with device manufacturers or firmware suppliers, integrating results into downstream analysis or reporting pipelines, and supporting software supply chain security and compliance processes.
Looking Ahead
We’re excited about the progress we’ve made with this release and what it means for customers securing IoT, OT, and network devices. From connecting firmware risk to fleet-level impact with Azure Device Registry, to richer vulnerability prioritization, improved scalability, and deeper UEFI analysis—these enhancements reinforce firmware analysis as a critical tool for addressing some of the most challenging blind spots in modern infrastructure security.
Firmware security is foundational to trustworthy systems—especially as edge devices continue to play a central role in industrial operations, networking, and data collection.
If you’re already using firmware analysis and Azure Device Registry, the ADR integration preview will appear directly within the firmware analysis experience as it rolls out. We look forward to your feedback as we continue building secure, observable, and manageable digital operations with Azure.
As always, we value your feedback, so please let us know what you think.
Microsoft