Announcing the Firmware Analysis Public Preview
Consider an organization with thousands of smart sensors, IoT/OT and network equipment deployed on factory floors. Most of these devices are running full operating systems, but unlike traditional IT endpoints which often run security agents, IoT/OT and network devices frequently function as “black boxes”: you have little visibility into what software they’re running, which patches are applied, or what vulnerabilities might exist within them. This is the challenge many organizations face with IoT/OT and networking equipment - when a critical vulnerability is disclosed, how do you know which devices are at risk? To help address this challenge, we are excited to announce the public preview of firmware analysis, a new capability available through Azure Arc. This extends the firmware analysis feature we introduced in Microsoft Defender for IoT, making it available to a broader range of customers and scenarios through Azure. Our goal is to provide deeper visibility into IoT/OT and network devices by analyzing the foundational software (firmware) they run. Firmware analysis will also help companies that build firmware for devices better meet emerging cybersecurity regulations on their products. In this post, we’ll explain how the service works, its key features, and how it helps secure the sensors and edge devices that feed data into AI-driven industrial transformation. Securing Edge Devices to Power AI-Driven Industrial Transformation In modern industrial environments, data is king. Organizations are embracing Industry 4.0 and AI-driven solutions to optimize operations, leveraging advanced analytics and machine learning. The path to AI-driven industrial transformation is fueled by data – and much of that data comes from sensors and smart devices at the edge of the network. These edge devices measure temperature, pressure, vibration, and dozens of other parameters on the factory floor or in remote sites, feeding streams of information to cloud platforms where AI models turn data into insights. In fact, sensors are the frontline data collectors in systems like predictive maintenance, continuously monitoring equipment and generating the raw data that powers AI predictions. However, if those edge devices, sensors, and networking equipment are not secure and become compromised, the quality and reliability of the data (and thus the AI insights) cannot be guaranteed. Vulnerable devices can also be used by attackers to establish a foothold in the network, allowing them to move laterally to compromise other critical systems. In an industrial setting this could mean safety hazards, unplanned downtime, or costly inefficiencies. This is why securing the smart devices and networking equipment at the foundation of your industrial IoT data pipeline is so critical to digital transformation initiatives. By using firmware analysis on the devices’ firmware before deployment (and regularly as firmware updates roll out), the manufacturer and plant operators gain visibility into the security posture of their environment. For example, they might discover that a particular device model’s firmware contains an outdated open-source library with a known critical vulnerability. With that insight, they can work with the vendor to get a patched firmware update before any exploit occurs in the field. Or the analysis might reveal a hard-coded passwords for maintenance account in the device; the ops team can then ensure those credentials are changed or the device is isolated in a network segment with additional monitoring. In short, firmware analysis provides actionable intelligence to fortify each link in the chain of devices that your industrial systems depend on. The result is a more secure, resilient data foundation for your AI-driven transformation efforts – leading to reliable insights and safer, smarter operations on the plant floor. Firmware analysis is also a key tool used by device builders – by analyzing device firmware images before they are delivered to customers, builders can make sure that new releases and firmware updates meet their and their customers’ security standards. Firmware analysis is a key component to address emerging cybersecurity regulations such as the EU Cyber Resilience Act and the U.S. Cyber Trust Mark. How Firmware Analysis Works and Key Features Firmware analysis takes a binary firmware image (the low-level software running on an IoT/OT and network device) and conducts an automated security analysis. You can upload an unencrypted, embedded Linux-based firmware image to the firmware analysis portal. The service unpacks the image, inspects its file system, and identifies potential hidden threat vectors – all without needing any agent on the device. Here are the main capabilities of the firmware analysis service: Identifying software components and vulnerabilities: The first thing the analysis does is produce an inventory of software components found inside the firmware, generating a Software Bill of Materials (SBOM). This inventory focuses especially on open-source packages used in the firmware. Using this SBOM, the service then scans for known vulnerabilities by checking the identified components against public Common Vulnerabilities and Exposures (CVEs) databases. This surfaces any known security flaws in the device’s software stack, allowing device manufacturers and operators to prioritize patches for those issues. Analyzing binaries for security hardening: Beyond known vulnerabilities, our firmware analysis examines how the firmware’s binaries were built and whether they follow security best practices. For example, it checks for protections like stack canaries, ASLR (Address Space Layout Randomization), and other compile-time defenses. This “binary hardening” assessment indicates how resistant the device’s software might be to exploitation. If the firmware lacks certain protections, it suggests the device could be easier to exploit and highlights a need for improved secure development practices by the manufacturer. In short, this feature acts as a gauge of the device’s overall security hygiene in its compiled code. Finding weak credentials and embedded secrets: Another critical aspect of the analysis is identifying hard-coded user accounts or credentials in the firmware. Hard-coded or default passwords are a well-known weakness in IoT devices – for instance, the Mirai botnet famously leveraged a list of over 60 factory-default usernames and passwords to hijack IoT devices for DDoS attacks. Firmware analysis will flag any built-in user accounts and the password hash algorithms used, so manufacturers can remove or strengthen them, and enterprise security teams can avoid deploying devices with known default credentials. Additionally, the firmware analysis looks for cryptographic materials embedded in the image. It will detect things like expired or self-signed TLS/SSL certificates, which could jeopardize secure communications from a device. It also searches for any public or private cryptographic keys left inside the firmware – secrets that, if found by adversaries, could grant unauthorized access to the device or associated cloud services. By uncovering these hidden secrets, the service helps eliminate serious risks that might otherwise go unnoticed in the device’s software. All these insights – from software inventory and CVEs to hardening checks and secret material detection – are provided in a detailed report for each firmware image you analyze. Firmware analysis provides deep insights, clear visibility, and actionable intelligence into your devices' security posture, enabling you to confidently operate your industrial environments in the era of AI-driven industrial transformation. Getting Started and What’s Next If you have IoT/OT and network devices in your environment, use firmware analysis to test just how secure your devices are. Getting started is easy: access firmware analysis public preview by searching on “firmware analysis” in the Azure portal, or access using this link. In the future, firmware analysis will be more tightly integrated into the Azure portal. Onboard your subscription to the preview and then upload firmware images for analysis - here is a step-by-step tutorial. The service currently supports embedded Linux-based images up to 1GB in size. In this preview phase, there is no cost to analyze your firmware – our goal is to gather feedback. We are excited to share this capability with you, as it provides a powerful new tool for securing IoT/OT and network devices at scale. By shedding light on the hidden risks in device firmware, firmware analysis helps you protect the very devices that enable your AI and digital transformation initiatives. Firmware is no longer just low-level code—it’s a high-stakes surface for attack, and one that demands visibility and control. Firmware analysis equips security teams, engineers, and plant operators with the intelligence needed to act decisively—before vulnerabilities become headlines, and before attackers get a foothold. Please give the firmware analysis preview a try and let us know what you think.Microsoft Industrial AI Partner Guide: Choosing the Right Data Expertise for Every Stage
As organizations scale Industrial AI, the challenge shifts from technology selection to deciding who should lead which part of the journey -- and when. Which partners should establish secure connectivity? Who enables production grade, AI ready industrial data? When do systems integrators step in to scale globally? This Partner Guide helps customers navigate these decisions with clarity and confidence: Identify which partners align to their current digital transformation and Industrial AI scenarios leveraging Azure IoT and Azure IoT Operations Confidently combine partners over time as they evolve from connectivity to intelligence to autonomous operations This guide focuses on the Industrial AI data plane – the partners and capabilities that extract, contextualize, and operationalize industrial data so it can reliably power AI at scale. It does not attempt to catalog or prescribe end‑to‑end Industrial AI applications or cloud‑hosted AI solutions. Instead, it helps customers understand how industrial partners create the trusted, contextualized data foundation upon which AI solutions can be built. Common Customer Journey Steps 1. Modernize Connectivity & Edge Foundations The industrial transformation journey starts with securely accessing operational data without touching deterministic control loops. Customers connect automation systems to a scalable, standards-based data foundation that modernizes operations while preserving safety, uptime and control. Outcomes customers realize Standardized OT data access across plants and sites Faster onboarding of legacy and new assets Clear OT–IT boundaries that protect safety and uptime Partner strengths at this stage Industrial hardware and edge infrastructure providers Protocol translation and OT connectivity Automation and edge platforms aligned with Azure IoT Operations 2. Accelerate Insights with Industrial AI With a consistent edge-to-cloud data plane in place, customers move beyond dashboards to repeatable, production-grade Industrial AI use cases. Customers rely on expert partners to turn standardized operational data into AI‑ready signals that can be consumed by analytics and AI solutions at scale across assets, lines, and sites. Outcomes customers realize Improved Operational efficiency and performance Adaptive facilities and production quality intelligence Energy, safety, and defect detection at scale Partner strengths at this stage Industrial data services that contextualize and standardize OT signals for AI consumption Domain-specific acceleration for common Industrial AI scenarios Data pipelines integrated with Azure IoT Operations and Microsoft Fabric 3. Prepare for Autonomous Operations As organizations advance toward closed‑loop optimization, the focus shifts to safe, scalable autonomy. Customers depend on partners to align data, infrastructure, and operational interfaces, while ensuring ongoing monitoring, governance, and lifecycle management across the full operational estate. Outcomes customers realize Proven reference architectures deployed across plants AI‑ready data foundations that adapt as operations scale Coordinated interaction between OT systems, AI models, and cloud intelligence Partner strengths at this stage Industrial automation leadership and control system expertise Edge infrastructure optimized and ready for Industrial AI scale Systems integrators enabling end‑to‑end implementation and repeatability Data Intelligence Plane of Industrial AI - Partner Matrix This matrix highlights which partners have the deepest expertise in accessing, contextualizing, and operationalizing industrial data so it can reliably power AI at scale. The matrix is not a catalog of end‑to‑end Industrial AI applications; it shows how specialized partners contribute data, infrastructure, and integration capabilities on a shared Azure foundation as organizations progress from connectivity to insight to autonomous operations. How to use this matrix: Start with your scenario → identify primary partner types → layer complementary partners as you scale. Partner Type Adaptive Cloud Primary Solution Example Scenarios Geography Advantech Industrial Hardware, Industrial Connectivity LoRaWAN gateway integration + Azure IoT Operations Industrial edge platforms with built in connectivity, industrial compute, LoRaWAN, sensor networks Global Accenture GSI Industrial AI, Digital Transformation, Modernization OEE, predictive maintenance, real-time defect detection, optimize supply chains, intelligent automation and robotics, energy efficiency Global Avanade GSI Factory Agents and Analytics based on Manufacturing Data Solutions Yield / Quality optimization, OEE, Agentic Root Cause Analysis and process optimization; Unified ISA-95 Manufacturing Data estate on MS Fabric Global Capgemini GSI The new AI imperative in manufacturing OEE, maintenance, defect detection, energy, robotics Global DXC GSI Intelligent Boost AI and IoT Analytics Platform 5G Industrial Connectivity, Defect detection, OEE, safety, energy monitoring Global Innominds SI Intelligent Connected Edge Platform Predictive maintenance, AI on edge, asset tracking North America, EMEA Litmus Automation Industrial Connectivity, Industrial Data Ops Litmus Edge + Azure IoT Operations Edge Data, Smart manufacturing, IIoT deployments at scale Global, North America Mesh Systems GSI & ISV Azure IoT & Azure IoT Operations implementation services and solutions (including Azure IoT Operations-aligned connector patterns) Device connectivity and management, data platforms, visualization, AI agents, and security North America, EMEA Nortal GSI Data-driven Industry Solutions IT/OT Connectivity, Unified Namespace, Digital Twins, Optimization, Edge, Industrial Data, Real‑Time Analytics & AI EMEA, North America & LATAM NVIDIA Technology Partner Accelerated AI Infrastructure; Open libraries, models, frameworks, and blueprints for AI development and deployment. Cross industry digitalization and AI development and deployment: Generative AI, Agentic AI, Physical AI, Robotics Global Oracle ISV Oracle Fusion Cloud SCM + Azure IoT Operations Real-time manufacturing Intelligence, AI powered insights, and automated production workflows Global Rockwell Automation Industrial Automation FactoryTalk Optix + Azure IoT Operations Factory modernization, visualization, edge orchestration, DataOps with connectivity context at scale, AI ops and services, physical equipment, MES Global Schneider Electric Industrial Automation Industrial Edge Physical equipment, Device modernization, energy, grid Global Siemens Industrial Automation & Software Industrial Edge + Azure IoT Operations reference architecture Industrial edge infrastructure at scale, OT/IT convergence, DataOps, Industrial AI suite, virtualized automation. Global Sight Machine ISV Integrated Industrial AI Stack Industrial AI, bottling, process optimization Global Softing Industrial Industrial Connectivity edgeConnector + Azure IoT Operations OT connectivity, multi-vendor PLC- and machine data integration, OPC UA information model deployment EMEA, Global TCS GSI Sensor to cloud intelligence Operations optimization, healthcare digital twin experiences, supply chain monitoring Global This Ecosystem Model enables Industrial AI solutions to scale through clear roles, respected boundaries and composable systems: Control systems continue to be driven by automation leaders Safety‑critical, deterministic control stays with industrial automation partners who manage real‑time operations and plant safety. Customers modernize analytics and AI while preserving uptime, reliability, and operational integrity. Data, AI, and analytics scale independently A consistent edge to cloud data plane supports cloud scale analytics and AI, accelerating insight delivery without entangling control systems or slowing operational change. This separation allows customers and software providers to build AI solutions on top of a stable, industrial‑grade data foundation without redefining control system responsibilities. Specialized partners align solutions across the estate Partners contribute focused expertise across connectivity, analytics, security, and operations, assembling solutions that reduce integration risk, shorten deployment cycles, and speed time to value across the operational estate. From vision to production Industrial AI at scale depends on turning operational data into trusted, contextualized intelligence safely, repeatably, and across the enterprise. This guide shows how industrial partners, aligned on a shared Azure foundation, create the data plane that enables AI solutions to succeed in production. When data is ready, intelligence scales. Call to action: Use this guide to identify the partners and capabilities that best align to your current Industrial AI needs and take the next step toward production‑ready outcomes on Azure.Firmware Analysis now Generally Available
Back in June, we announced the public preview of firmware analysis, a new capability available through Azure Arc to help organizations gain visibility into the security of their Internet of Things (IoT), Operational Technology (OT), and network devices. Today, we are excited to announce that firmware analysis is generally available (GA) for all Azure customers. In modern industrial environments, firmware security is a foundational requirement. IoT sensors and smart devices collect the data fueling AI-driven insights; if those devices aren’t secure, your data and operational continuity are at risk. During the preview, we heard from many customers who used firmware analysis to shine a light into their device software and address hidden vulnerabilities before attackers or downtime could strike. With general availability, firmware analysis is ready to help organizations fortify the “blind spots” in their infrastructure – from factory-floor sensors to branch office routers – by analyzing the software that runs on those devices. What Firmware Analysis Does for You Firmware analysis examines the low-level software (firmware) that powers IoT, OT and network devices, with no agent required on the device. You can upload a firmware image (for example, an extracted embedded Linux image), and the cloud service performs an automated security inspection. Key features include: Software inventory & vulnerability scanning: The service builds a Software Bill of Materials (SBOM) of components within the firmware and checks each component against known CVEs (Common Vulnerabilities and Exposures). This quickly surfaces any known vulnerabilities in your device’s software stack so you can prioritize patching those issues. Security configuration and hardening check: Firmware analysis evaluates how the firmware binaries are built, looking for security hardening measures (e.g. stack protections, ASLR) or dangerous configurations. If certain best practices are missing, the firmware might be easier to exploit – the tool flags this to inform the device manufacturer or your security team. Credential and secrets discovery: The analysis finds any hard-coded credentials (user accounts/password hashes) present in the firmware, as well as embedded cryptographic material like SSL/TLS certificates or keys. These could pose serious risks – for instance, default passwords that attackers could exploit (recall the Mirai botnet using factory-default creds) are identified so you can mitigate them. Any discovered certificates or keys can indicate potentially insecure design if left in production firmware. Comprehensive report: All security findings – from the Software Bill of Materials (SBOM), list of vulnerabilities to hardening recommendations and exposed secrets – are provided in a detailed report for each firmware image analyzed. This gives device makers and operators actionable intelligence to improve their device security posture. In short, firmware analysis provides deep insights into the contents and security quality of device firmware. It turns opaque firmware into transparent data, helping you answer, “What’s really inside my device software?” so you can address weaknesses proactively. What’s New and Licensing We’ve been hard at work making firmware analysis even better as we move to GA. Based on preview feedback, we’ve addressed bugs, implemented usability suggestions and improved the firmware analysis SDKs, CLI and PowerShell extensions. A new Azure resource called “firmware workspace” now stores analyzed firmware images. Firmware analysis workspaces are currently available as a Free Firmware Analysis Workspace SKU with capacity limits. Getting Started If you have IoT, OT and network devices in your environment, use firmware analysis to test just how secure your devices are. Getting started is easy: access firmware analysis by searching “firmware analysis” in the Azure portal, or access using this link. Onboard your subscription and then upload firmware images for analysis. For a step-by-step tutorial, visit our official documentation. The service currently supports embedded Linux-based images up to 1GB in size. We want to thank all the preview participants who tested firmware analysis and provided feedback. You helped us refine the service for GA and we’re thrilled to make this powerful tool broadly available to help secure IoT, OT and network devices around the world. We can’t wait to see how you put it to work. As always, we value your feedback, so please let us know what you think.Partners accelerating industrial transformation with Azure IoT Operations
In the digital age, the essence of innovation lies not only in groundbreaking technology but also in the power of collaboration. At Microsoft, we have always recognized that our success is intertwined with the success of our partners. Our platform products, including the newly released Azure IoT Operations, are designed to be the foundation upon which our partners can build transformative solutions. These collaborations are more than just business arrangements; they are the bedrock of a thriving ecosystem that drives innovation, addresses customer needs, and propels industry standards forward. Partnerships enable us to extend our reach and impact far beyond what we could achieve alone. By combining our technological prowess with the domain expertise and creativity of our partners, we create a dynamic synergy that fosters groundbreaking advancements. This collaborative spirit is vital as we navigate the complexities of the Internet of Things (IoT) landscape, where diverse applications and specialized knowledge are paramount. Our partners bring unique perspectives and capabilities to the table, ensuring that Azure IoT Operations can cater to a broad spectrum of industries and use cases.Transforming Manufacturing with the Help of Ontologies
For over three years, Microsoft has been contributing to the Digital Twin Consortium’s open-source initiative. The most successful open-source project the DTC runs is the Manufacturing Ontologies project available at: https://github.com/digitaltwinconsortium/ManufacturingOntologies We examine our most recent contributions.Azure IoT Operations 2603 is now available: Powering the next era of Physical AI
Industrial AI is entering a new phase. For years, AI innovation has largely lived in dashboards, analytics, and digital decision support. Today, that intelligence is moving into the real world, onto factory floors, oil fields, and production lines, where AI systems don’t just analyze data, but sense, reason, and act in physical environments. This shift is increasingly described as Physical AI: intelligence that operates reliably where safety, latency, and real‑world constraints matter most. With the Azure IoT Operations 2603 (v1.3.38) release, Microsoft is delivering one of its most significant updates to date, strengthening the platform foundation required to build, deploy, and operate Physical AI systems at industrial scale. Why Physical AI needs a new kind of platform Physical AI systems are fundamentally different from digital‑only AI. They require: Real‑time, low‑latency decision‑making at the edge Tight integration across devices, assets, and OT systems End‑to‑end observability, health, and lifecycle management Secure cloud‑to‑edge control planes with governance built in Industry leaders and researchers increasingly agree that success in Physical AI depends less on isolated models, and more on software platforms that orchestrate data, assets, actions, and AI workloads across the physical world. Azure IoT Operations was built for exactly this challenge. What’s new in Azure IoT Operations 2603 The 2603 release delivers major advancements across data pipelines, connectivity, reliability, and operational control, enabling customers to move faster from experimentation to production‑grade Physical AI. Cloud‑to‑edge management actions Cloud‑to‑edge management actions enable teams to securely execute control and configuration operations on on‑premises assets, such as invoking methods, writing values, or adjusting settings, using Azure Resource Manager and Event Grid–based MQTT messaging. This capability extends the Azure control plane beyond the cloud, allowing intent, policy, and actions to be delivered reliably to physical systems while remaining decoupled from protocol and device specifics. For Physical AI, this closes the loop between perception and action: insights and decisions derived from models can be translated into governed, auditable changes in the physical world, even when assets operate in distributed or intermittently connected environments. Built‑in RBAC, managed identity, and activity logs ensure every action is authorized, traceable, and compliant, preserving safety, accountability, and human oversight as intelligence increasingly moves from observation to autonomous execution at the edge. No‑code dataflow graphs Azure IoT Operations makes it easier to build real‑time data pipelines at the edge without writing custom code. No‑code data flow graphs let teams design visual processing pipelines using built‑in transforms, with improved reliability, validation, and observability. Visual Editor – Build multi-stage data processing systems in the Operations Experience canvas. Drag and connect sources, transforms, and destinations visually. Configure map rules, filter conditions, and window durations inline. Deploy directly from the browser or define in Bicep/YAML for GitOps. Composable Transforms, Any Order – Chain map, filter, branch, concatenate, and window transforms in any sequence. Branch splits messages down parallel paths based on conditions. Concatenate merges them back. Route messages to different MQTT topics based on content. No fixed pipeline shape. Expressions, Enrichment, and Aggregation – Unit conversions, math, string operations, regex, conditionals, and last-known-value lookups, all built into the expression language. Enrich messages with external data from a state store. Aggregate high-frequency sensor data over tumbling time windows to compute averages, min/max, and counts. Open and Extensible – Connect to MQTT, Kafka, and OpenTelemetry (OTel) endpoints with built-in security through Azure Key Vault and managed identities. Need logic beyond what no-code covers? Drop a custom Wasm module (even embed and run ONNX AI ML models) into the middle of any graph alongside built-in transforms. You're never locked into declarative configuration. Together, these capabilities allow teams to move from raw telemetry to actionable signals directly at the edge without custom code or fragile glue logic. Expanded, production‑ready connectivity The MQTT connector enables customers to onboard MQTT devices as assets and route data to downstream workloads using familiar MQTT topics, with the flexibility to support unified namespace (UNS) patterns when desired. By leveraging MQTT’s lightweight publish/subscribe model, teams can simplify connectivity and share data across consumers without tight coupling between producers and applications. This is especially important for Physical AI, where intelligent systems must continuously sense state changes in the physical world and react quickly based on a consistent, authoritative operational context rather than fragmented data pipelines. Alongside MQTT, Azure IoT Operations continues to deliver broad, industrial‑grade connectivity across OPC UA, ONVIF, Media, REST/HTTP, and other connectors, with improved asset discovery, payload transformation, and lifecycle stability, providing the dependable connectivity layer Physical AI systems rely on to understand and respond to real‑world conditions. Unified health and observability Physical AI systems must be trustworthy. Azure IoT Operations 2603 introduces unified health status reporting across brokers, dataflows, assets, connectors, and endpoints, using consistent states and surfaced through both Kubernetes and Azure Resource Manager. This enables operators to see—not guess—when systems are ready to act in the physical world. Optional OPC UA connector deployment Azure IoT Operations 2603 introduces optional OPC UA connector deployment, reinforcing a design goal to keep deployments as streamlined as possible for scenarios that don’t require OPC UA from day one. The OPC UA connector is a discrete, native component of Azure IoT Operations that can be included during initial instance creation or added later as needs evolve, allowing teams to avoid unnecessary footprint and complexity in MQTT‑only or non‑OPC deployments. This reflects the broader architectural principle behind Azure IoT Operations: a platform built for composability and decomposability, where capabilities are assembled based on scenario requirements rather than assumed defaults, supporting faster onboarding, lower resource consumption, and cleaner production rollouts without limiting future expansion. Broker reliability and platform hardening The 2603 release significantly improves broker reliability through graceful upgrades, idempotent replication, persistence correctness, and backpressure isolation—capabilities essential for always‑on Physical AI systems operating in production environments. Physical AI in action: What customers are achieving today Azure IoT Operations is already powering real‑world Physical AI across industries, helping customers move beyond pilots to repeatable, scalable execution. Procter & Gamble Consumer goods leader P&G continually looks for ways to drive manufacturing efficiency and improve overall equipment effectiveness—a KPI encompassing availability, performance, and quality that’s tracked in P&G facilities around the world. P&G deployed Azure IoT Operations, enabled by Azure Arc, to capture real-time data from equipment at the edge, analyze it in the cloud, and deploy predictive models that enhance manufacturing efficiency and reduce unplanned downtime. Using Azure IoT Operations and Azure Arc, P&G is extrapolating insights and correlating them across plants to improve efficiency, reduce loss, and continue to drive global manufacturing technology forward. More info. Husqvarna Husqvarna Group faced increasing pressure to modernize its fragmented global infrastructure, gain real-time operational insights, and improve efficiency across its supply chain to stay competitive in a rapidly evolving digital and manufacturing landscape. Husqvarna Group implemented a suite of Microsoft Azure solutions—including Azure Arc, Azure IoT Operations, and Azure OpenAI—to unify cloud and on-premises systems, enable real-time data insights, and drive innovation across global manufacturing operations. With Azure, Husqvarna Group achieved 98% faster data deployment and 50% lower infrastructure imaging costs, while improving productivity, reducing downtime, and enabling real-time insights across a growing network of smart, connected factories. More info. Chevron With its Facilities and Operations of the Future initiative, Chevron is reimagining the monitoring of its physical operations to support remote and autonomous operations through enhanced capabilities and real-time access to data. Chevron adopted Microsoft Azure IoT Operations, enabled by Azure Arc, to manage and analyze data locally at remote facilities at the edge, while still maintaining a centralized, cloud-based management plane. Real-time insights enhance worker safety while lowering operational costs, empowering staff to focus on complex, higher-value tasks rather than routine inspections. More info. A platform purpose‑built for Physical AI Across manufacturing, energy, and infrastructure, the message is clear: the next wave of AI value will be created where digital intelligence meets the physical world. Azure IoT Operations 2603 strengthens Microsoft’s commitment to that future—providing the secure, observable, cloud‑connected edge platform required to build Physical AI systems that are not only intelligent, but dependable. Get started To explore the full Azure IoT Operations 2603 release, review the public documentation and release notes, and start building Physical AI solutions that operate and scale confidently in the real world.Microsoft and Rockwell Automation: Transforming Industrial AI Together
Unlocking the Future of Connected Operations In today’s rapidly evolving industrial landscape, manufacturers face mounting pressure to increase agility, optimize operations, and harness data-driven insights across every level of production. The collaboration between Microsoft and Rockwell Automation represents a pivotal step toward achieving these goals. By combining Rockwell’s deep expertise in operational technology (OT) with Microsoft’s adaptive cloud approach, this partnership bridges the gap between OT and IT, creating a unified, intelligent ecosystem that empowers manufacturers to innovate at scale. Together, we enable seamless connectivity, advanced analytics, and AI-driven optimization across the factory floor from edge and cloud environments. Connected Operations powered by Microsoft and Rockwell Rockwell Automation’s FactoryTalk Optix and Microsoft’s Azure IoT Operations together deliver a powerful foundation for industrial transformation. FactoryTalk Optix provides a modern, flexible visualization platform for real-time monitoring and control of OT systems. FactoryTalk Optix supports numerous industrial protocols for secure interoperability and “smart-object” data modeling to provide analytics-ready data. Paired with Azure IoT Operations, a unified, adaptive cloud solution built on open standards and powered by Azure Arc, manufacturers gain seamless connectivity across the factory floor enabling edge to cloud orchestration. With support for protocols like OPC UA and MQTT, camera and third-party integration through Akri and WASM connectors, and Copilot-driven automation for observability and deployment, this partnership bridges OT and IT to unlock advanced analytics, AI-driven optimization, and predictive maintenance at scale. A Partnership That Delivers Scalable Innovation Customers can start utilizing FactoryTalk Optix with Azure IoT Operations as a scalable physical to digital foundation for transforming how they manufacture, design, and operate going forward. In partnership with Rockwell, there is a published GitHub sample that demonstrates how FactoryTalk Optix native IIoT connectivity protocols unlock contextualized data from industrial assets into Azure IoT Operations. With the 2510 Azure IoT Operations release , OPC Write capability is now available as well, creating a true read/write path for richer interoperability. The synergy between these technologies is a game-changer for manufacturers, unlocking advanced analytics, and AI-driven use cases. This collaboration delivers: Improved efficiency and reduced downtime through real-time connectivity and predictive maintenance Scalable edge-to-cloud architecture leveraging OPC UA and MQTT standards for unified OT/IT data Highly replicable, scalable deployments across hybrid and multicloud environments Proactive optimization with AI-driven design and analytics Democratized automation via Copilot capabilities for observability and deployment Unified IT management and centralized monitoring for streamlined operations Robust security and reduced integration complexity for faster time-to-value From the Shop Floor to the Boardroom By combining Rockwell’s industrial expertise with Microsoft’s cloud innovation, manufacturers can break down data silos, unify operations, and drive continuous optimization. AI-powered insights become accessible at every level, helping organizations anticipate change, improve safety and efficiency, and maintain a competitive edge in the digital era. Join Us at Rockwell Automation Fair Visit the Microsoft booth at Automation Fair to experience end-to-end demonstrations, explore customer stories, and see firsthand how the Rockwell–Microsoft ecosystem accelerates your digital transformation journey. Join live sessions at the Discovery Theatre – o Tuesday Nov 18th, 11:15am – 11:45am → The new industrial frontier - Using AI to scale faster, work smarter and unlock new value o Tuesday Nov 18 th 2pm – 3pm, and Thursday Nov 20 th at 10:00am – 11:00am → Bringing AI to the Factory Floor o Wednesday Nov 19 th , 1:45pm – 2:15pm → Start with Secure Solutions From Edge to Cloud Visit us at the Expo at Booth #1931 – For demos and conversations to see what we have to offer. Explore the products Learn more about Azure IoT Operations → https://azure.microsoft.com/en-us/products/iot-operations Explore FactoryTalk Optix → https://www.rockwellautomation.com/en-us/products/software/factorytalk/optix.html Hear more about our integration story at Microsoft Ignite → The new industrial frontierAzure IoT Hub + Azure Device Registry (Preview Refresh): Device Trust and Management at Fleet Scale
What’s New in this Preview In November 2025, we announced the preview integration of Azure IoT Hub with Azure Device Registry, marking a huge step towards integrating IoT devices into the broader Azure ecosystem. We’re grateful to the customers and partners who participated in the preview and shared valuable feedback along the way. Today, we’re expanding the preview with new capabilities to strengthen security, improve fleet management, and simplify development for connected devices. With this refresh, preview customers can: Automate device certificate renewals with zero-touch, at-runtime operations to minimize downtime and maintain a strong security posture. Integrate existing security infrastructure like private certificate authorities with your Azure Device Registry namespace. Leverage certificate revocation controls to isolate device or fleet-level risks and maintain operational continuity Utilize an improved Azure Portal experience for streamlined configuration and lifecycle management of your devices. Accelerate solution development with expanded IoT Hub and DPS Device SDK compatibility for smoother integration and faster time to value. Together, these enhancements help organizations to secure, govern, and manage their IoT deployments using familiar Azure-native tools and workflows. Why this matters: From Connected Devices to Connected Operations Operational excellence begins by bridging the gap between physical assets and digital intelligence. Consider a global logistics fleet where every vehicle is more than just a machine; it is a trusted, connected, and manageable digital entity in the cloud. As these assets move, they emit a continuous stream of telemetry - from engine vibrations to fuel consumption – directly to a unified data ecosystem, where AI agents can reason over it with greater context. Instead of waiting for a breakdown, these agents detect wear patterns, cross-reference with digital twins, and provide recommendations to reroute a vehicle for service before a failure occurs. This completes a shift from reactive troubleshooting to proactive physical operations. Yet, for many organizations, this transformation is often stalled by fragmented systems where security policies, device registries, and data streams exist in silos. Overcoming this requires a sophisticated stack designed to establish trust, manage device lifecycles, and orchestrate data flows at a global scale: The Digital Operations stack for cloud-connected devices This journey starts with having a secure foundation for fleet management. In an era where perimeter security is no longer enough, organizations need an identity foundation that is both hardware-rooted and deeply integrated with device provisioning. Utilizing robust X.509 certificate management, where keys and credentials are anchored in tamper-resistant hardware, provides high-assurance system integrity across millions of endpoints. Once trust is established, Azure Device Registry creates a unified management plane, where devices are represented as first-class Azure resources, enabling ARM-based fleet management, role-based access control for lifecycle operations, and Azure Policy for enforcement. Simultaneously, IoT Hub provides secure, bidirectional messaging for at-scale fleets. This high-fidelity data provides the essential fuel for Physical AI. By streaming trusted telemetry into Microsoft Fabric, organizations can break down data silos and allow AI agents to reason over real-world events in a centralized analytics environment. The Azure IoT stack provides the essential bridge for cloud-connected devices, enabling customers to transform their industrial environments into highly secure and intelligent ecosystems. For more information on Azure's approach to industrial AI, check out: Making Physical AI Practical for Real-World Industrial Operations. Azure IoT Hub + ADR (Preview): Expanding Fleet and Certificate Lifecycle Management The April 2026 Preview for Azure IoT Hub and Azure Device Registry (ADR) deliver key features to further standardize device identity and enable policy‑driven management for certificates at scale. You can think of device identity in Azure Device Registry like the birth record of a person. When someone is born, certain information becomes permanently associated with them - such as their date and place of birth. In the same way, a device’s identity represents its immutable existence within your solution - things like its serial number, model, or ownership context. However, as that person moves through life, they obtain different credentials that allow them to prove who they are in different situations - such as a driver’s license or passport. These credentials may expire, be renewed, or even replaced entirely over time without changing the person’s underlying identity. In IoT, devices use X.509 certificates as their credential to prove identity to services like IoT Hub. In your Azure Device Registry namespace, you can define the public key infrastructure (PKI) that manage your X.509 certificates and certificate authorities (CAs). In this preview, we are making it easier to integrate with existing security infrastructure and manage certificates at fleet scale. Certificate Management for Cloud-connected Devices in Azure Bring Your Own Certificate Authority (BYO CA) in Azure Device Registry Organizations that already operate sophisticated certificate authorities, with well‑established compliance controls, audit processes, and key custody requirements, want to integrate their trusted CA with the Azure Device Registry operating model. With BYO CA, customers can use their own private certificate authority while still benefiting from Azure’s fully managed device provisioning, and lifecycle management. Azure handles the heavy lifting of issuing, rotating, and revoking issuing certificate authorities (ICAs) and device certificates - while you stay in control of the top-most CA. Full Ownership of Trust and Keys: By bringing their own CA, organizations maintain absolute control over their private keys and security boundaries. Azure never takes custody of the external CA, ensuring existing governance, auditability, and compliance controls remain fully intact. Automated Lifecycle Management: While the CA remains customer-owned, Azure Device Registry automates the issuance, rotation, and revocation of device certificates. This eliminates the need for custom tooling or manual, per-device workflows that typically slow down deployments. Bring your own Certificate Authority in Azure Device Registry Fleet‑Wide Protection with Certificate Revocations Revocation is a mechanism for selective isolation, used to contain a single or group of devices by decommissioning a single device's certificates or the entire anchor of trust. When a single device is compromised, lost, or retired, device certificate revocation enables a precise, targeted response. This allows organizations to isolate individual devices instantly, reduce blast radius, and maintain uninterrupted operations for healthy devices - without rebuilding device identities. ADR propagates the revocation state to IoT Hub, blocking revoked devices until they’re re-provisioned. When a subset of devices requires isolation, policy revocation allows operators to decommission an entire trust anchor rather than managing individual devices. By mapping a specific Issuing CA to a single ADR policy, organizations gain a high-precision containment mechanism. In a single action, an operator can invalidate a compromised CA and then plan for a staged credential rollover across the entire segment. ADR automatically enforces this updated trust chain within IoT Hub, ensuring that only devices with newly issued certificates can connect. This makes large‑scale certificate rotation predictable, controlled, and operationally simple. Revoking the certificate for a single ADR Device on Azure Portal Flexible Options to renew Device Certificates Managing X.509 certificates at scale doesn’t stop once a device is onboarded. Operational certificates are short-lived by design, ensuring devices do not rely on long-lived credentials for authentication. In real-world IoT fleets, devices are often intermittently connected, deployed in hard-to-reach locations, and expected to run continuously - making certificate renewal one of the most operationally challenging parts of device security. Azure IoT Hub now enables device certificate renewal directly through IoT Hub, complementing the role of Device Provisioning Service (DPS). While DPS remains the solution for first-time device onboarding and certificate issuance, IoT Hub renewal is designed for the steady state - keeping already-connected devices securely authenticated over time without introducing downtime. IoT Hub certificate renewal follows similar patterns as other device-initiated operations such as twin updates and direct methods. With this capability, devices can request a new certificate as part of normal operation, using the same secure MQTT connection they already rely on. Support for IoT Hub and Device Provisioning Service (DPS) Device SDKs Managing credential issuance and renewals at scale is only possible if devices can handle their own credential lifecycles. We’ve added Certificate Signing Request (CSR) support to our C, C# (.NET), Java, Python, and Embedded device SDKs for IoT Hub and Device Provisioning Service (DPS). Beyond developer convenience, this provides multiple device-initiated paths for certificate renewal and trust-chain agility. Devices can generate CSRs and request newly signed X.509 certificates through IoT Hub or DPS as part of normal operation. This allows security teams to rotate and update certificates in the field without touching the hardware, keeping fleets secure as certificate authorities and policies evolve over time. Customer Feedback from Preview We’re grateful to the customers and partners who participated in the preview and shared valuable feedback along the way. Hear some of what our customers had to say: "The availability of a built-in certificate manager is a great upgrade in keeping the IoT space more secure."— Martijn Handels, CTO, Helin Data “Secure data is the starting line for industrial AI. With Azure certificate management, at CogitX we can ingest manufacturing signals safely and confidently - then use domain‑aware models to deliver real‑time insights and agentic workflows that improve throughput, quality, and responsiveness.” – Pradeep Parappil, CEO, CogitX Get Started Explore the new capabilities in preview today and start building the next generation of connected operations with Azure IoT Hub and Azure Device Registry: Get Started with Certificate Management in Preview.Siemens and Microsoft: Beyond Connectivity to Autonomous, Sustainable Manufacturing
Explore how Siemens Industrial Edge and Microsoft Azure IoT Operations enable secure edge-to-cloud integration, contextualized data, and AI-driven insights—transforming factories into adaptive, future-ready operations.
