Edge Secured-core: Azure Certified IoT devices with built-in security
Published Jun 21 2022 10:24 AM 12.5K Views

[Updated Feb 2024 to reflect new Edge Secured-core program website]

[Updated March 2023 to include expansion of Edge Secured-core to Linux and Azure Sphere devices]


Edge computing gives customers the ability to move cloud-like workloads out of the data center to the very places where data is collected—delivering real-time intelligence and solving intermittent connectivity issues. Yet as the number of devices making up IoT increases, so do the IoT security risks that companies must address.


A recent article Gartner stated “the rapid increase in organizations using IoT to solve business use cases continues to increase the number of new vulnerabilities and their exposure to threats”. Complicated by additional challenges to mitigate risks ranging from “lack of standardization”, “poor vendor support and security practices” and “regulatory compliance and privacy implications”, partners and customers are asking us how to secure their IT/OT and IoT environments.


In keeping with the Microsoft end-to-end security promise and our belief that every IoT device should be secured by design, we are excited to announce the expansion of our Edge Secured-core program beyond Windows IoT to include Linux and Azure Sphere enabled devices. Below, we’ll share how Edge Secured-core addresses vulnerabilities and helps enterprise customers, device manufacturers, and solution builders accelerate the development and deployment of secure, scalable IoT solutions.


Edge Secured-core devices meet additional security requirements

Edge Secured-core is a certification for IoT and edge devices running a full operating system such as  Windows IoT, Linux and Azure Sphere. Edge Secured-core certified devices meet additional security requirements around device identity, secure boot, operating system hardening, device updates, data protection, and vulnerability disclosures. All of this is designed to help prevent attacks, protect your data, and defend against those attempting to infiltrate your infrastructure.


Building on the expertise Microsoft developed around Secured-core for commercial Windows PCs, Edge Secured-core takes a similar approach for devices on the edge. This certification can be used to validate that certified devices include specific security hardware technology, have an operating system with built-in security, and utilize security services such as Microsoft Defender for IoT that continually monitor for threats on the device.


For companies building devices, Edge Secured-core provides a low-cost differentiator that enables customers to easily identify your device that has been configured to meet a higher security standard.


Edge Secured-core drives scalable security

Through the use of Edge Secured-core, companies can trust that IoT devices are built with a foundation of security and can be deployed seamlessly and securely. Partners such as Intel and Nexcom have also recently certified or are actively working on certifying their Windows IoT products through the Edge Secured-core program.  In addition, all Azure Sphere based devices are eligible for Edge Secured-core certification.


These additions bring choice and breadth to the Secured-core and Edge Secured-Core ecosystem, which now encompasses devices with footprints from a few megabytes through to many gigabytes of RAM, includes both Windows and Linux and x86-64 and ARM devices, and spans use cases ranging from single-purpose devices through PCs and edge servers.


Across each of these spaces Secured-Core and Edge Secured-Core provide the same fundamental security properties that represent Microsoft’s recommended best practices for security, including:


  • Hardware-based device identity
  • Capable of enforcing system integrity
  • Stays up to date and is remotely manageable
  • Provides data-at-rest protection
  • Provides data-in-transit protection
  • Built-in security agent and hardening

Here are a few specific scenarios where you can see the added value for Edge Secured-core devices compared to devices without it.



Device without Edge Secured-core

Edge Secured-core device

Six months after purchasing the device, there’s a vulnerability. The device receives an update and the vulnerability is fixed.

At the discretion of the OEM to supply device updates.

OEMs required to supply device updates for a period of at least 60 months from the date of submission.

A malicious actor attempts to identify vulnerable devices to install malware on.

At the discretion of the OEM to supply device updates and OT to keep device secure.

Microsoft Defender for IoT monitors traffic and devices for malicious actors and vulnerabilities.

A malicious actor attempts to decrypt user data in transit. 


At the discretion of the OEM or OT to utilize modern protocols to protect data.

The device must support modern protocols & algorithms to protect data at rest and in transit.

A malicious actor attempts to hijack a gateway device stored in a secure location.

At the discretion of the device builder to correctly implement device identities and enforcing system integrity.

The device is validated to have correctly implemented a modern device identity and an approved form of enforcing system integrity.



Learn more about Edge Secured-core certification

To get started with Edge Secure-core certification, check out the following resources:

ASUS GREEN.png LenovoLogo-POS-Red (jpg).jpg AAEON_ASUS_logo_cmyk-01.png intel-nuc-logo.png


LenovoSE30.png AaeonSRG-TG01.png IntelNUC.jpg
PE200U ThinkEdge SE30 SRG-TG01 Intel NUC
Version history
Last update:
‎Feb 26 2024 07:28 AM
Updated by: