Smaller updates, faster downloads with delta updates in Azure Device Update for IoT Hub
Keeping IoT fleets secure and up to date shouldn't mean shipping the full software image to every device, every time. With delta updates in Azure Device Update for IoT Hub, fleet operators can send only what has changed between versions, reducing download size, bandwidth use, and download time on most networks. In our demo below, an incremental change produced a delta ~97% smaller than the full image — a glimpse of what's possible for small, incremental changes. The timing matters. Security patch cadence keeps rising as Common Vulnerabilities and Exposures (CVEs) accumulate, more fleets (like smart meters and remote agricultural sensors) are running over metered networks such as cellular and satellite, and deployments are crossing scales where every megabyte per device adds up. At that point, full-image rollouts stop being a minor inefficiency and become a real cost and reliability problem. As part of a broader Azure IoT investment in more efficient edge-to-cloud data delivery, the new Device Update reference implementation agent 1.3.0 provides delta updates as a starting point that customers can build, validate, and integrate into their own environments. In this post, we'll walk through what delta updates are, how they work, and what else is new in 1.3.0 — including expanded Linux platform support to build on Debian 13 and Ubuntu 24.04, and new device-side visibility for tighter update control and coordination with device operations. Improving over-the-air (OTA) efficiency with delta updates When deploying OTA updates across a fleet, update size directly affects how quickly and efficiently updates move through the system. Traditional full image updates require every device to download the entire software image, even when only a small portion has changed. As deployments scale, this increases bandwidth usage and delivery overhead. Delta updates take a more efficient approach. Rather than transferring a full image each time, devices download a smaller delta artifact and reconstruct the target version locally, reducing the amount of data transferred across the fleet. By sending only what's changed between versions, delta updates improve efficiency in three ways: Less data on the network. Smaller payloads consume less bandwidth per device, and the savings multiply across large fleets. Faster downloads. Smaller artifacts reduce the time each device spends downloading the update, especially on variable or constrained networks. Lower delivery overhead at scale. With less data per rollout, teams can deliver updates more flexibly across large fleets, reducing the need to stagger deployments for bandwidth caps or capacity windows. This approach works particularly well for frequent, incremental changes such as bug fixes or small feature updates. For larger updates where most of the image has changed, or on devices with limited processing capacity, using a full image update may be more practical. How delta updates work Delta updates fit into the same Device Update deployment model you already use for full image updates. What changes is how update content is delivered and applied on the device. When you import an update into Device Update, you include both the full target update and one or more delta artifacts as part of the same update. When that update is deployed, the Device Update agent on each device picks the right path: If a compatible delta is available, the device downloads the delta, reconstructs the full target update locally, and installs it through the standard update workflow. If no compatible delta is available, the device falls back to downloading and installing the full target update. For details on integrating delta updates into your update workflow, see Deploy delta updates to devices. It guides you through generating delta artifacts on your build machine using the DiffGen reference tool, or as part of your image build process, and setting up the right components on the device to apply them. See the impact: Delta updates in action The following demo shows what a typical incremental change looks like with delta updates: a single-file change between image versions produces a 7 MB delta against a 240 MB full image — roughly a 97% reduction in data transferred for that scenario. Across 10,000 devices, that’s about ~2.3 TB less data crossing your network in a single rollout. Savings may vary depending on how much the versions have changed and how quickly the device can rebuild the full image locally, but they compound quickly at fleet scale. For example, a utility company patching firmware across hundreds of thousands of cellular-connected smart meters, or an agricultural operator updating remote field sensors over satellite links, sees carrier data costs drop significantly during each rollout. To bring this to life, the demo below shows what’s possible with delta updates — generating, deploying, and applying them on a Raspberry Pi device using Device Update for IoT Hub. Beyond delta updates: What’s new in the 1.3.0 reference implementation The 1.3.0 reference implementation also includes improvements that strengthen device-side coordination and expand Linux platform support. Coordinate updates with device workloads On many devices, updates run while the device is doing other work, such as handling sensor data, running a local UI, or managing background tasks. Without visibility into update status, device software can trigger conflicting operations or let battery-powered devices enter sleep mid-update. The 1.3.0 reference implementation helps your device software work alongside the update process rather than against it — coordinating with active updates, keeping devices awake through long downloads, and surfacing update status to local applications. A new device-local agent status API makes this possible: applications on the device can see what the Device Update agent is doing at any time, for example, whether an update is in progress. With that visibility you can: Avoid triggering operations that would conflict with an active update Keep battery-powered or low-power devices awake while an update is downloading or installing Surface update status in local applications or user interfaces Diagnose update behavior using local signals. Because the API runs locally, it works even when network connectivity is limited or intermittent. The payoff is fewer disrupted rollouts, more reliable updates across your fleet, and easier troubleshooting when something needs attention. Expanded Linux platform support The 1.3.0 reference implementation now adds Debian 13 and Ubuntu 24.04 to the Linux distributions you can already build on, including Debian 12 and Ubuntu 22.04. That gives you flexibility to work on newer OS versions without changing your existing update workflow. Call to action Ready to see the benefits? Extending and adapting the 1.3.0 reference implementation is a device-side change — existing service-side deployments and configurations stay as they are, so you can move at your own pace. Build from the Device Update for IoT Hub GitHub repository, integrate delta artifact generation into your build pipeline, and run your first delta in your next rollout to measure the bandwidth and download savings across your fleet. Learn more: Device Update for IoT Hub documentation | Microsoft Learn Deploy delta updates with Azure Device Update for IoT Hub | Microsoft Learn We’d love your feedback. Help shape the future of Azure Device Update for IoT Hub at aka.ms/dufeedback.
Azure IoT Hub with ADR (preview): Extending Azure capabilities and certificate management to IoT
Operational excellence in every industry begins by linking the physical world to the digital, enabling organizations to turn raw data from connected assets into actionable insights and real-world improvements. Azure IoT Hub and Azure IoT Operations make this possible by seamlessly integrating data from machines whether on a single factory floor or spread across the globe into a unified platform. Together, they serve as the backbone of connected operations, ensuring that assets, sensors this data is then moved to Microsoft Fabric for real-time analytics and further leveraged by AI agents to drive informed decisions. This approach lets organizations scale efficiently, unifying teams, sites, and systems under the Adaptive Cloud Strategy. It enables use of cloud-native and AI technologies across hybrid, multi-cloud, edge, and IoT environments in a single operational model. Azure IoT Hub empowers organizations to securely and reliably manage connected assets across the globe, providing real-time visibility and control over diverse operations. With proven scalability, broad device support, and robust management tools, IoT Hub delivers a unified platform for developing and operating IoT solutions. Organizations in various industries are using Azure IoT Hub to enhance their operations. In mining, sensors provide real-time safety data and support compliance. Fleet managers track equipment health to boost efficiency and prevent failures, while rail operators use GPS and vibration sensors for precise monitoring and issue detection. Ports utilize conveyor and loading system metrics to optimize scheduling and reduce delays. These examples show how Azure IoT Hub delivers actionable insights, greater safety, and operational efficiency through connected devices. As customers evolve, Azure IoT Hub continues to advance, deepening its integration with the Azure ecosystem and enabling AI-driven, connected operations for the next generation of applications. Today, we’re announcing the public preview of Azure IoT Hub integration with Azure Device Registry bringing IoT devices under the purview of Azure management plane via ARM resource representation and securing them with best-in-class Microsoft-backed X.509 certificate management capabilities. From Connected Devices to Connected Operations Ready-to-use AI platforms are enabling organizations to unlock untapped operational data and gain deeper insights. Organizations are leveraging AI to unify machine and enterprise data, extract actionable insights, and translate them into measurable business gains. They are broadly transitioning from connected devices that simply gather and transmit telemetry, to connected operations which empower supervisors and AI agents to interpret events and respond to scenarios in real time. The integration of Azure IoT Hub with ADR enhancements extends the comprehensive capabilities of Azure to IoT devices. With this integration, Azure Device Registry (ADR) acts as the unified control plane for managing both physical assets from Azure IoT Operations and devices from Azure IoT Hub. It provides a centralized registry, ensuring every entity whether an industrial asset or a connected device is uniquely represented and managed throughout its lifecycle. By integrating with Azure IoT Hub, ADR enables consistent device onboarding, certificate management, and operational visibility at scale. This integration simplifies large-scale IoT fleet management and supports compliance and auditability across diverse deployments. What’s New in this Preview We’re excited to announce the public preview of new capabilities that bring IoT devices into the broader Azure ecosystem. This integration allows IoT to be managed at scale through the Azure management plane. It also strengthens security and enables consistent governance across large deployments: Deep integration with Azure: The Azure Device Registry (ADR) now offers a unified control plane, simplifying identity, security, and policy management for millions of devices. New ADR features make it easier to register, classify, and monitor devices, supporting consistent governance and better operational insights. Combined with Device Provisioning Service (DPS), these enhancements help reduce deployment challenges, speed up time-to-value, and lower operational risks. With IoT Hub integration, IoT Hub devices are represented as Azure resources, providing: One unified registry across multiple IoT Hubs and Azure IoT Operations (AIO) instances. ARM-based management for all Azure resources from cloud to edge. A consolidated view of the entire IoT fleet, simplifying large-scale deployments, monitoring and management. Certificate lifecycle management: Now in public preview, this capability enables secure onboarding and automated certificate rotation for IoT devices, directly integrated with ADR and IoT Hub. X.509 certificates are widely recognized for providing a robust security posture by establishing trusted, cryptographically verifiable device identities. Starting today, customers can use a Microsoft-backed PKI to issue X.509 certificates across their IoT fleets. Devices receive operational certificates that authenticate with IoT Hub, chained to Certificate Authorities (CAs). Policy-driven lifecycle management makes certificate renewal simpler and keeps state in sync with your Hubs. This integration sets the stage for Physical AI by connecting digital and physical systems, thus unlocking new possibilities for data and artificial intelligence. Customer feedback from Private Preview This release has received positive feedback from private preview customers. Particularly the Microsoft-supported PKI and certificate management capabilities, highlighting that previous manual processes were inefficient and fragmented. Customers further noted the advantages of grouping devices from multiple IoT Hubs under a unified namespace, which streamlined management. Moreover, the integration of certificate management within ADR has diminished the reliance on custom solutions. “We were genuinely impressed by how seamless it was to implement. With just a few clicks, clear policy definitions, and two calls in firmware, the entire process became automated, frictionless, and reliable with no external dependencies.” – Uriel Kluk, CTO, Mesh Systems Why It Matters These investments make Azure IoT Hub the cornerstone for connected operations at scale, empowering customers to: Reduce manual cert ops with policy‑driven rotation (fewer outages due to expired certs). Consolidate device registry in ADR for cross‑hub fleet governance. Accelerate compliance audits with centralized certificate lineage. Apply advanced AI tooling for predictive insights and automation. Call to Action Explore the new capabilities in public preview today and start building the next generation of connected operations with Azure IoT Hub and ADR. Learn more on Azure IoT Hub documentationPartners accelerating industrial transformation with Azure IoT Operations
In the digital age, the essence of innovation lies not only in groundbreaking technology but also in the power of collaboration. At Microsoft, we have always recognized that our success is intertwined with the success of our partners. Our platform products, including the newly released Azure IoT Operations, are designed to be the foundation upon which our partners can build transformative solutions. These collaborations are more than just business arrangements; they are the bedrock of a thriving ecosystem that drives innovation, addresses customer needs, and propels industry standards forward. Partnerships enable us to extend our reach and impact far beyond what we could achieve alone. By combining our technological prowess with the domain expertise and creativity of our partners, we create a dynamic synergy that fosters groundbreaking advancements. This collaborative spirit is vital as we navigate the complexities of the Internet of Things (IoT) landscape, where diverse applications and specialized knowledge are paramount. Our partners bring unique perspectives and capabilities to the table, ensuring that Azure IoT Operations can cater to a broad spectrum of industries and use cases.
