Bring all your workloads to the edge with AKS Edge Essentials. Now Generally Available!
Announcing the General Availability (GA) of Azure Kubernetes Service (AKS) Edge Essentials! AKS Edge Essentials has been developed as a managed Kubernetes for the operational edge on small-footprint devices to orchestrated workloads and drive business optimization.Powering the next generation of Digital Transformation with Windows IoT and Azure Kubernetes Service
As edge computing becomes mainstream and a key strategy for enterprises to enhance their operations digitally, they require a reliable and comprehensive technology platform to fuel their ambitious goals. This platform needs to support a heterogenous device and cloud environment which enables running, deploying, and managing cloud-native applications. Microsoft is at the forefront of understanding evolving customer needs in this space and is providing solutions like Azure Kubernetes Service (AKS) Edge Essentials to run modern containerized applications on embedded devices running Windows operating systems. This blog explores the latest updates for these products and how they provide a rich platform for customers and partners to build intelligent, secure, cloud-native edge solutions with enterprise-grade security, reliability, and manageability.Announcing the Firmware Analysis Public Preview
Consider an organization with thousands of smart sensors, IoT/OT and network equipment deployed on factory floors. Most of these devices are running full operating systems, but unlike traditional IT endpoints which often run security agents, IoT/OT and network devices frequently function as “black boxes”: you have little visibility into what software they’re running, which patches are applied, or what vulnerabilities might exist within them. This is the challenge many organizations face with IoT/OT and networking equipment - when a critical vulnerability is disclosed, how do you know which devices are at risk? To help address this challenge, we are excited to announce the public preview of firmware analysis, a new capability available through Azure Arc. This extends the firmware analysis feature we introduced in Microsoft Defender for IoT, making it available to a broader range of customers and scenarios through Azure. Our goal is to provide deeper visibility into IoT/OT and network devices by analyzing the foundational software (firmware) they run. Firmware analysis will also help companies that build firmware for devices better meet emerging cybersecurity regulations on their products. In this post, we’ll explain how the service works, its key features, and how it helps secure the sensors and edge devices that feed data into AI-driven industrial transformation. Securing Edge Devices to Power AI-Driven Industrial Transformation In modern industrial environments, data is king. Organizations are embracing Industry 4.0 and AI-driven solutions to optimize operations, leveraging advanced analytics and machine learning. The path to AI-driven industrial transformation is fueled by data – and much of that data comes from sensors and smart devices at the edge of the network. These edge devices measure temperature, pressure, vibration, and dozens of other parameters on the factory floor or in remote sites, feeding streams of information to cloud platforms where AI models turn data into insights. In fact, sensors are the frontline data collectors in systems like predictive maintenance, continuously monitoring equipment and generating the raw data that powers AI predictions. However, if those edge devices, sensors, and networking equipment are not secure and become compromised, the quality and reliability of the data (and thus the AI insights) cannot be guaranteed. Vulnerable devices can also be used by attackers to establish a foothold in the network, allowing them to move laterally to compromise other critical systems. In an industrial setting this could mean safety hazards, unplanned downtime, or costly inefficiencies. This is why securing the smart devices and networking equipment at the foundation of your industrial IoT data pipeline is so critical to digital transformation initiatives. By using firmware analysis on the devices’ firmware before deployment (and regularly as firmware updates roll out), the manufacturer and plant operators gain visibility into the security posture of their environment. For example, they might discover that a particular device model’s firmware contains an outdated open-source library with a known critical vulnerability. With that insight, they can work with the vendor to get a patched firmware update before any exploit occurs in the field. Or the analysis might reveal a hard-coded passwords for maintenance account in the device; the ops team can then ensure those credentials are changed or the device is isolated in a network segment with additional monitoring. In short, firmware analysis provides actionable intelligence to fortify each link in the chain of devices that your industrial systems depend on. The result is a more secure, resilient data foundation for your AI-driven transformation efforts – leading to reliable insights and safer, smarter operations on the plant floor. Firmware analysis is also a key tool used by device builders – by analyzing device firmware images before they are delivered to customers, builders can make sure that new releases and firmware updates meet their and their customers’ security standards. Firmware analysis is a key component to address emerging cybersecurity regulations such as the EU Cyber Resilience Act and the U.S. Cyber Trust Mark. How Firmware Analysis Works and Key Features Firmware analysis takes a binary firmware image (the low-level software running on an IoT/OT and network device) and conducts an automated security analysis. You can upload an unencrypted, embedded Linux-based firmware image to the firmware analysis portal. The service unpacks the image, inspects its file system, and identifies potential hidden threat vectors – all without needing any agent on the device. Here are the main capabilities of the firmware analysis service: Identifying software components and vulnerabilities: The first thing the analysis does is produce an inventory of software components found inside the firmware, generating a Software Bill of Materials (SBOM). This inventory focuses especially on open-source packages used in the firmware. Using this SBOM, the service then scans for known vulnerabilities by checking the identified components against public Common Vulnerabilities and Exposures (CVEs) databases. This surfaces any known security flaws in the device’s software stack, allowing device manufacturers and operators to prioritize patches for those issues. Analyzing binaries for security hardening: Beyond known vulnerabilities, our firmware analysis examines how the firmware’s binaries were built and whether they follow security best practices. For example, it checks for protections like stack canaries, ASLR (Address Space Layout Randomization), and other compile-time defenses. This “binary hardening” assessment indicates how resistant the device’s software might be to exploitation. If the firmware lacks certain protections, it suggests the device could be easier to exploit and highlights a need for improved secure development practices by the manufacturer. In short, this feature acts as a gauge of the device’s overall security hygiene in its compiled code. Finding weak credentials and embedded secrets: Another critical aspect of the analysis is identifying hard-coded user accounts or credentials in the firmware. Hard-coded or default passwords are a well-known weakness in IoT devices – for instance, the Mirai botnet famously leveraged a list of over 60 factory-default usernames and passwords to hijack IoT devices for DDoS attacks. Firmware analysis will flag any built-in user accounts and the password hash algorithms used, so manufacturers can remove or strengthen them, and enterprise security teams can avoid deploying devices with known default credentials. Additionally, the firmware analysis looks for cryptographic materials embedded in the image. It will detect things like expired or self-signed TLS/SSL certificates, which could jeopardize secure communications from a device. It also searches for any public or private cryptographic keys left inside the firmware – secrets that, if found by adversaries, could grant unauthorized access to the device or associated cloud services. By uncovering these hidden secrets, the service helps eliminate serious risks that might otherwise go unnoticed in the device’s software. All these insights – from software inventory and CVEs to hardening checks and secret material detection – are provided in a detailed report for each firmware image you analyze. Firmware analysis provides deep insights, clear visibility, and actionable intelligence into your devices' security posture, enabling you to confidently operate your industrial environments in the era of AI-driven industrial transformation. Getting Started and What’s Next If you have IoT/OT and network devices in your environment, use firmware analysis to test just how secure your devices are. Getting started is easy: access firmware analysis public preview by searching on “firmware analysis” in the Azure portal, or access using this link. In the future, firmware analysis will be more tightly integrated into the Azure portal. Onboard your subscription to the preview and then upload firmware images for analysis - here is a step-by-step tutorial. The service currently supports embedded Linux-based images up to 1GB in size. In this preview phase, there is no cost to analyze your firmware – our goal is to gather feedback. We are excited to share this capability with you, as it provides a powerful new tool for securing IoT/OT and network devices at scale. By shedding light on the hidden risks in device firmware, firmware analysis helps you protect the very devices that enable your AI and digital transformation initiatives. Firmware is no longer just low-level code—it’s a high-stakes surface for attack, and one that demands visibility and control. Firmware analysis equips security teams, engineers, and plant operators with the intelligence needed to act decisively—before vulnerabilities become headlines, and before attackers get a foothold. Please give the firmware analysis preview a try and let us know what you think.Introducing Microsoft Planetary Computer Pro — Now in Public Preview
Today, we’re excited to announce the public preview of Microsoft Planetary Computer Pro — a turnkey platform that makes it dramatically easier for organizations to harness geospatial data for real-world impact. Planetary Computer Pro is built on the trusted foundation of Microsoft Planetary Computer, which offers access to over 120 distinct geospatial datasets totaling over 50PB in volume. Planetary Computer Pro is a new Azure-native service purpose-built to help organizations manage, transform, and operationalize geospatial data at enterprise scale. Geospatial data and insights are critical for solving high-impact problems across industries, from climate risk assessment and regulatory compliance to supply chain optimization and precision agriculture. Yet, traditional geospatial tooling is complex and fragmented, limiting access to a small group of geospatial specialists. Planetary Computer Pro bridges that gap — making geospatial data cloud-native, AI-ready, and accessible to data scientists, developers, and business analysts alike. We built Microsoft Planetary Computer Pro to make geospatial data a first-class citizen in modern data stacks — standardized, scalable, and seamlessly integrated with the tools enterprises already use. Geospatial Data Management, Reimagined Planetary Computer Pro is a fully managed geospatial data platform designed to ingest, catalog, store, process, and disseminate large volumes of private geospatial data in Azure. Planetary Computer Pro makes it possible to: Empower your entire organization with secure, governed access to geospatial data Accelerate time-to-insights with built-in ingestion, transformation, and visualization pipelines Standardize and optimize your datasets for cloud-native analytics, machine learning and AI modeling Unify geospatial and enterprise systems under shared security, identity, and governance Key Capabilities in Public Preview You can deploy, manage, and monitor Planetary Computer Pro resources through Azure Portal, CLI, or SDKs, just like any other Azure-native resource provider. Capability Description Cloud Optimization Auto-convert raw geospatial assets into cloud-optimized formats with built-in ingestion pipeline for AI/ML and big data analytics Data Interoperability Organize multiple datasets into SpatioTemporal Asset Catalog (STAC) open specification, allowing for robust spatial/temporal queryability and interoperability Managed Storage & APIs Fully managed storage and interact with data using intuitive REST APIs (API Reference Guide) Rich Visualization Explore and analyze large datasets in a web-based Data Explorer, including tiling and mosaic rendering for raster data and data cube formats (Supported Data Types) Scalability & Security Built on zone-redundant storage, governed by Microsoft Entra ID and Azure RBAC Use Cases Across Industries Microsoft Planetary Computer Pro supports a broad spectrum of scenarios across sectors such as: Energy & Utilities: Power grid optimization, site monitoring, methane detection Agriculture: Precision farming, pest & disease prediction Supply Chain: Risk-aware routing, climate-resilient sourcing Finance & Insurance: Underwriting, claims validation, exposure modeling Government: Emergency response, environmental monitoring, land use compliance Defense & Intelligence: ISR, threat detection, terrain analysis Sustainability Teams: Deforestation mapping, EUDR compliance, biodiversity tracking Get Started with Public Preview The public preview of Microsoft Planetary Computer Pro is available now in select Azure regions including East US, North Central US, and West Europe. To get started: Visit Microsoft Planetary Computer Pro Review our documentation Microsoft Planetary Computer Pro | Microsoft Learn Contact us at MPCPro@microsoft.com What’s Next? We’re actively working on: Platform Integration: Expanded integration with Microsoft Fabric Direct access to Microsoft Planetary Computer Commercial satellite imagery access via Azure Marketplace AI and Automation: Automated raster data workflow environment Copilot and agent-assisted insights generation Platform Enhancement: Additional geospatial data type support New region availability and government cloud supportPartners accelerating industrial transformation with Azure IoT Operations
In the digital age, the essence of innovation lies not only in groundbreaking technology but also in the power of collaboration. At Microsoft, we have always recognized that our success is intertwined with the success of our partners. Our platform products, including the newly released Azure IoT Operations, are designed to be the foundation upon which our partners can build transformative solutions. These collaborations are more than just business arrangements; they are the bedrock of a thriving ecosystem that drives innovation, addresses customer needs, and propels industry standards forward. Partnerships enable us to extend our reach and impact far beyond what we could achieve alone. By combining our technological prowess with the domain expertise and creativity of our partners, we create a dynamic synergy that fosters groundbreaking advancements. This collaborative spirit is vital as we navigate the complexities of the Internet of Things (IoT) landscape, where diverse applications and specialized knowledge are paramount. Our partners bring unique perspectives and capabilities to the table, ensuring that Azure IoT Operations can cater to a broad spectrum of industries and use cases.
