Edge Secured-core: Azure Certified IoT devices with built-in security
Published Mar 02 2021 06:00 AM 8,739 Views

IMPORTANT NOTE: We created a new post to replace this one and share the latest on the Edge Secured-core: Edge Secured-core: Azure Certified IoT devices with built-in security - Microsoft Tech Community




Edge computing gives customers the ability to move cloud-like workloads out of the data center to the very places where data is collected—delivering real-time intelligence, and solving intermittent connectivity issues. Yet as the number of devices making up IoT increases, so do the IoT security risks that companies must address.


A recent study conducted by Microsoft in partnership with Ponemon Institute included a survey of companies that have adopted IoT solutions and 65% of them mentioned that security is a top priority when implementing IoT. Attacks targeting IoT devices put businesses at risk. Impacted devices can be bricked, held for ransom, employed as launch points for further network attacks, or used for malicious purposes. Among many consequences we often see stolen IP and data theft, and compromised regulatory status, all of which can have brand and financial implications on the business.


In keeping with the Microsoft end-to-end security promise and our belief that every IoT device should be secured by design, we are excited to announce General Availability of our Edge Secured-core program for Windows IoT devices. Below, we’ll share how Edge Secured-core addresses vulnerabilities and helps enterprise customers, device manufacturers, and solution builders accelerate the development and deployment of secure, scalable IoT solutions.


ESC circle.png


Edge Secured-core devices meet additional security requirements


Edge Secured-core is a new certification in the Azure Certified Device program for IoT devices running a full operating system such as Linux (in preview) or Windows 10 IoT (available now). Edge Secured-core certified devices meet additional security requirements around device identity, secure boot, operating system hardening, device updates, data protection, and vulnerability disclosures. All of this is designed to help prevent attacks, protect your data, and defend against those attempting to infiltrate your infrastructure.


Building on the expertise Microsoft developed around Secured-core for commercial Windows 10 PCs, Edge Secured-core takes a similar approach for IoT devices. This certification can be used to validate that certified devices include specific security hardware technology, have an operating system with built-in security, and use IoT services such as Microsoft Defender for IoT that continually monitor for threats on the device.


For companies building devices, Edge Secured-core provides a low-cost differentiator that enables customers to easily identify your device that has been configured to meet a higher security standard.


Edge Secured-core drives scalable security


Through the use of Edge Secured-core, companies can trust that IoT devices are built with a foundation of security and can be deployed seamlessly and securely. It also provides enterprises and solution builders with the confidence that the devices they’re purchasing deliver the following security promises:


  • Hardware-based device identity
  • Capable of enforcing system integrity
  • Stays up to date and is remotely manageable
  • Provides data-at-rest protection
  • Provides data-in-transit protection
  • Built-in security agent and hardening

Here are a few specific scenarios where you can see the added value for Edge Secured-core devices compared to devices without it.



Device without Edge Secured-core

Edge Secured-core device

Six months after purchasing the device, there’s a vulnerability. The device receives an update and the vulnerability is fixed.

At the discretion of the OEM to supply device updates.

OEMs required to supply device updates for a period of at least 60 months from the date of submission.

A malicious actor attempts to identify vulnerable devices to install malware on.

At the discretion of the OEM to supply device updates and OT to keep device secure.

Microsoft Defender for IoT monitors traffic and devices for malicious actors and vulnerabilities.

A malicious actor attempts to decrypt user data in transit. 


At the discretion of the OEM or OT to utilize modern protocols to protect data.

The device must support modern protocols & algorithms to protect data at rest and in transit.

A malicious actor attempts to hijack a gateway device stored in a secure location.

At the discretion of the device builder to correctly implement device identities and enforcing system integrity.

The device is validated to have correctly implemented a modern device identity and an approved form of enforcing system integrity.


Learn more about Edge Secured-core certification


To get started with Edge Secure-core certification, check out the following resources:

ASUS GREEN.png LenovoLogo-POS-Red (jpg).jpg AAEON_ASUS_logo_cmyk-01.png intel-nuc-logo.png


LenovoSE30.png AaeonSRG-TG01.png IntelNUC.jpg
PE200U ThinkEdge SE30 SRG-TG01 Intel NUC
Version history
Last update:
‎Jun 21 2022 10:30 AM
Updated by: