Azure Sphere (Integrated) vs Azure Sphere (Legacy)

When Azure Sphere became Generally Available in 2020, a REST interface to remotely manage devices and software deployments known as the Azure Sphere Public API (PAPI) was provided. PAPI is not integrated natively into Azure services, but is a standalone REST API. The "azsphere" command line tool uses PAPI for cloud-facing commands. To integrate natively into Azure means integration with Azure Resource Manager, which is the management layer for Azure that enables you to create, update, and delete Azure resources such as VMs, IoT Hubs and devices, or Azure Active Directory (AAD) user profiles. For details about Azure Resource Manager, see the Azure Resource Manager documentation.

Azure Sphere now has an integrated Azure Resource Manager interface, known as Azure Sphere (Integrated), and we now refer to the PAPI based interface as Azure Sphere (Legacy).

  • Azure Sphere (Integrated)
    • Refers to the Azure Resource Manager interface for Azure Sphere, accessed through the Azure Portal, Azure CLI extension (az sphere) and Azure Sphere Security Service REST API.
    • Is available in Public Preview and is recommended for development and evaluation uses. For production use cases such as production-scale manufacturing or management of field-deployed customer devices we recommend that you depend on our Generally Available interface, Azure Sphere (Legacy), until Azure Sphere (Integrated) becomes Generally Available.
    • During the Public Preview phase, we may make API, command-line or Portal UX changes that may, for example, break compatibility with scripted uses, in order to react to user feedback and fix bugs before General Availability.
  • Azure Sphere (Legacy)
    • Refers to the original Public API (PAPI) interface, accessed through the azsphere CLI tool, and directly via the Public PAPI.
    • Remains Generally Available and fully supported. This will continue to be true even after Azure Sphere (Integrated) becomes Generally Available, though we recommend that customers plan to move to Azure Sphere (Integrated) over time due to its additional features below.

We have made this change because Azure Sphere (Integrated) enables many new features for customers which are not available with the Azure Sphere (Legacy) interface:

  • It includes an Azure Portal interactive user interface.
  • Azure Active Directory can be used for fine-grained role-based access control (RBAC), for example enabling "test" and "production" device groups to have different access restrictions for deploying new software to them.
  • Azure Monitor integration enables visualization of device status and history, easier diagnosis of issues, and alerting.
  • ARM templates enable automation of Azure Sphere deployments.

Azure Sphere (Legacy) tenants and Azure Sphere (Integrated) catalogs

An "Azure Sphere tenant" is a logical grouping of Azure Sphere resources within the legacy PAPI interface - including products, devices, device groups, and software images. Since the name 'tenant' is already in use within Azure, to avoid ambiguity we are using a different word - 'catalog' - for the same logical grouping in Azure Sphere (Integrated).

No "migration" required

Existing Azure Sphere (Legacy) tenants can be integrated into an Azure Sphere (Integrated) catalog while still being accessible via the Legacy PAPI-based interfaces. This causes a new catalog to be created that relates to the same devices that are present in the PAPI tenant. It’s important to understand that the underlying Azure Sphere resources themselves (products, devices, device groups, and images) are not changed, duplicated, or deleted in this process. Because both interfaces can be used at the same time, existing customers can continue to use the Azure Sphere (Legacy) interface as normal, while developing and testing new tooling/scripts/processes based on the Azure Sphere (Integrated) interface. No point-in-time "migration" is required.

The following diagram illustrates this relationship and highlights which tools/APIs you can use to access each interface.

Note

Note that Azure Sphere (Legacy) will not support new Azure Sphere (Integrated) features such as the Azure Active Directory (AAD) integration that enables fine grain RBAC control.

Diagram showing that you can manage the same Azure Sphere resources via either Legacy or Integrated tools/APIs.

Getting Started

To get started developing using an Azure Sphere developer kit, follow this quickstart guidance for Azure Sphere (Legacy) or Azure Sphere (Integrated).

You can use both Azure Sphere (Legacy) and Azure Sphere (Integrated) simultaneously; the tooling installs side-by-side.

With Azure Sphere (Integrated), you can also try out the Azure Portal experience directly by going to Azure Portal and in the top search bar search for Azure Sphere. However, unless you have an Azure Sphere developer kit, you will not be able to test the main functionality of Azure Sphere such as over-the-air updates or device monitoring.

Pricing Model

There is no pricing difference between Azure Sphere (Legacy) and Azure Sphere (Integrated) as the security service element (built into the chip price) covers both interfaces. When you use other Azure services enabled by this integration, such as Azure IoT Hub or Azure Active Directory, you may incur charges for those individual services.