What's new in Azure Sphere

Azure Sphere is updated on an ongoing basis. Feature releases support new functionality and may include updates to the Azure Sphere OS, SDK and/or Services. Quality releases include bug fixes and security updates only, and may often only include the Azure Sphere OS. Release numbers are typically in year.month format, so 22.04 identifies the release in April, 2022.

Being notified of updates

When new releases occur, we will post notifications on Azure Updates and the IoT Tech Community blog. We recommend subscribing to the Azure Updates RSS feed so that you receive timely and essential information about Azure Sphere.

Tip

Breaking changes or improvements to the azure-sphere extension for the Azure CLI or the Azure Sphere Security Service (AS3) REST APIs may occur out-of-band from an Azure Sphere release. For more information on these updates, see Release updates.

Receiving updates

When the OS is updated, it is automatically downloaded from the cloud to Azure Sphere devices that are connected to the internet.

To verify the installed OS version on an attached device, use the following command:

az sphere device show-os-version

SDK updates and Visual Studio / Visual Studio Code extensions need to be manually installed - see these instructions for Windows or Linux. To check which version of the SDK is installed on your computer, use the following command (N.B. this command is currently only available in the "azsphere" tool):

azsphere show-version

The Azure Sphere extension for Azure CLI needs to be manually updated via command-line commands. See this page for details on how to check the extension is up to date.

Retail Evaluation OS releases

The Retail Evaluation program enables backward compatibility testing for applications two weeks before the OS is updated for all devices. We strongly recommend that all production users make use of this test facility. See Set up devices for OS evaluation to find out how to participate.

Reporting vulnerabilities

Azure Sphere encourages security researchers to search for any vulnerabilities and report them responsibly based on Microsoft's Coordinated Vulnerability Disclosure principle to the MSRC Portal. Reports of vulnerabilities may include rewards through the Microsoft Azure Bounty Program. See Azure Sphere CVEs for general information about Azure Sphere CVEs. You can find information about CVEs already published in the MSRC Security Update Guide and in the release-specific details in this article.

September 2024

27 September 2024

Announcement of retirement of Azure Sphere (Legacy) service interfaces in September 2027

The Azure Sphere (Legacy) interfaces, including the Azure Sphere (Legacy) API (also known as PAPI) and the Azure Sphere (Legacy) CLI (also known as azsphere), will be retired on 27 September 2027. From now through 27 September 2027, Azure Sphere (Legacy) will be fully supported, and you can continue to use the Azure Sphere (Legacy) API and CLI interfaces. However, by 27 September 2027, you must migrate to Azure Sphere (Integrated) and start managing your Azure Sphere devices in Azure portal and the Azure CLI, and you must update any custom automation and applications to use the Azure Sphere (Integrated) API.

Azure Sphere (Integrated) supports all Azure Sphere (Legacy) features, and enables you to use other powerful Azure services when managing your Azure Sphere devices, including Microsoft Entra ID, Azure role-based access control, and Azure Monitor.

For more information about the retirement and how to migrate to Azure Sphere (Integrated), see this blog post.

August 2024

19 August 2024

Services (Legacy): invite-user API deprecated

For security reasons, we have removed the "invite-user" API from the Azure Sphere (Legacy) Public API. This API was utilized by the CLI command azsphere register-user, which will now result in an error message. Alternative methods should be used to register Azure Sphere (Legacy) users.

Services (Integrated): New feature for locating a device

You can now search for a device ID across all catalogs to which you have access. If you have Reader or greater Azure RBAC permissions for the device, the search result displays a link to the device, as well as to the device's parent device group, product, and catalog. If you do not have Reader or greater access privileges, the search will return a device not found error.

A new Azure Sphere Gallery Project is available, demonstrating how to connect an Azure Sphere device to an Azure Event Grid namespace over MQTT with the MQTT-C client library. This project makes use of Azure Sphere's wolfSSL TLS library and Device Authentication and Attestation (DAA) certificate mechanism to form connections in a secure, authenticated and attested manner.

July 2024

July 31, 2024

Azure Sphere Security Service starts using new image signing certificate for signing all images production-signed applications and capabilities. Because production devices received that new certificate in the trusted keystore on July 10 (see below), there is no impact on production devices. In certain manufacturing or development scenarios, there is a minor impact.

10 July 2024

This release includes an update to the trusted keystore of Azure Sphere devices which will result in all devices (regardless of whether they are on the Retail or Retail Eval feed) installing this update and rebooting. For more information, see the blog post, Azure Sphere – Image signing certificate update.

What's new in the 24.06 release

25 June 2024

The Azure Sphere 24.06 release includes a bug fix in the Azure Sphere OS only; it does not include an updated SDK. If your devices are connected to the internet, they will receive the updated OS from the cloud.

Fixed bugs and common vulnerabilities in the 24.06 release

The 24.06 release includes updates to mitigate against the Common Vulnerabilities and Exposures (CVEs):

  • CVE-2023-52160

What's new in 24.03 release

26 March 2024

Azure Sphere 24.03 release is now available and includes the following components:

  • General availability of Azure Sphere (Integrated)
  • Updated Azure Sphere OS
  • Updated Azure Sphere SDK for Windows and for Linux
  • Updated Azure Sphere extensions for Visual Studio and for Visual Studio Code
  • Updated samples

Highlights in this release include general availability of Azure Sphere (Integrated), support for custom certificates to connect to Azure IoT, an updated version of cURL for the Azure Sphere OS, security fixes, SDK support for Ubuntu 24.04 pre-release, and simplifications to the CMake toolchain.

General availability of Azure Sphere (Integrated)

We are excited to announce that Azure Sphere (Integrated), a new management interface for Azure Sphere devices, is generally available for production use starting today. Azure Sphere (Integrated) is now the recommended interface for Azure Sphere services, and is no longer labeled Preview in Azure portal.

With Azure Sphere (Integrated), you can manage your Azure Sphere devices directly in the Azure portal and the Azure Sphere extension for Azure CLI. Azure Sphere (Integrated) is based on the new Azure Sphere (Integrated) REST API, built on the Azure Resource Manager platform, and it includes built in support for other powerful Azure services, including Azure RBAC and Azure Monitor.

Updates to Azure Sphere (Integrated) since Public Preview:

  • A new Azure RBAC pre-built role is available: Azure Sphere Owner. The Azure Sphere Owner role provides full privileges for Azure Sphere resources, but unlike the Azure Sphere Contributor role which also provides full privileges, the Azure Sphere Owner role also includes the ability to configure Azure RBAC access for Azure Sphere resources.

  • For easier navigation when viewing an individual product, device group, or device, you now access resource-specific overview information, access control, tasks, and property settings in the updated left menu.

  • You can use Azure Monitor to get alerted when you need to take action due to the two-yearly certificate roll of your catalog CA certificate. For details, see Monitoring Azure Sphere fleet and device health..

If you have not already started using Azure Sphere (Integrated), we recommend you do so now.

A one-time integration step enables you to manage your existing Azure Sphere (Legacy) tenants in Azure Sphere (Integrated). After a tenant is integrated, you can perform management tasks using either Azure Sphere (Integrated) or Azure Sphere (Legacy). You can stage adoption of Azure Sphere (Integrated) by starting with test and development activities in Azure Sphere (Integrated) while continuing to use Azure Sphere (Legacy) for production management workflows until you are ready to fully migrate. While Azure Sphere (Legacy) interface continues to be fully supported, we recommend migration to take full advantage of Azure Sphere (Integrated) features and future enhancements.

For more information, see the blog post Azure Sphere (Integrated) is generally available

New and changed features in the 24.03 OS

The 24.03 release of the Azure Sphere OS includes the following changes:

Fixed bugs and common vulnerabilities in the 24.03 OS release

The cURL version included in the Azure Sphere OS was updated from version 7.69.1 to 7.87.0. The 24.03 OS release includes updates to mitigate against these Common Vulnerabilities and Exposures (CVEs):

Common Vulnerabilities and Exposures (CVEs)
CVE-2022-27774 CVE-2022-27776
CVE-2022-32205 CVE-2022-32207
CVE-2022-32208 CVE-2022-32221
CVE-2022-35252 CVE-2022-35260
CVE-2022-43551 CVE-2022-43552
CVE-2023-23914 CVE-2023-23916
CVE-2023-27533 CVE-2023-27534
CVE-2023-27535 CVE-2023-27536
CVE-2023-27538 CVE-2023-27538
CVE-2023-28319CVE-2023-28320
CVE-2023-28321 CVE-2023-28322

Support for using custom certificates to connect to Azure IoT Services

Azure Sphere devices can now utilize custom certificate chains to connect to Azure IoT Services. Utilizing non-Azure Sphere certificate chains is helpful with applications that have additional organizational requirements around certificate usage. Guidance on connecting with Azure IoT has been updated to describe this use case further. Any customers using the Beta API version of this capability released with the 23.05 OS should migrate to the new APIs by downloading the latest SDK and recompiling their application, noting that function signatures have changed to promote production application of this capability.

New and changed features in the 24.03 SDK and Visual Studio/Visual Studio Code extensions

The 24.03 release of the Azure Sphere SDK and Visual Studio/Visual Studio Code extensions includes the following changes:

End-of-support for Ubuntu 18.04 LTS

Ubuntu 18.04 is now outside Canonical's long-term standard support arrangement. As such the 23.05 SDK was the last Azure Sphere SDK to support this OS version. 24.03 and future SDKs will not support Ubuntu 18.04.

Added SDK support for Ubuntu 24.04 pre-release

The 24.03 SDK adds support for pre-release version of Ubuntu 24.04, adding to the existing Ubuntu 20.04 and 22.04 support. This is for development and test purposes of Ubuntu 24.04 before it is released to the public.

CMake Toolchain changes

In SDK version 23.05 and earlier, the target API set (sysroot) used by Azure Sphere applications had to be specified in both the CMakePresets.json and CMakeLists.txt files, which was duplicative and sometimes required manual update after each SDK release.

To simplify this process, and to streamline future updates, the azsphere_configure_tools and azsphere_configure_api CMakeLists.txt entries have been made unnecessary and deprecated. The build process now only uses the AZURE_SPHERE_TARGET_API_SET value in CMakePresets.json as the source of truth for the targeted API version.

By default, the value of the AZURE_SPHERE_TARGET_API_SET parameter is set to "latest-lts" in CMakePresets.json which means that when the SDK is updated, the project automatically targets the latest API version. If you want to pin the API version to a specific version (e.g., when building apps for manufacturing products with a specific OS version), you should set the AZURE_SPHERE_TARGET_API_SET parameter to that version.

Existing projects will continue to compile with the new SDK, although a warning message will inform the user that they can remove the deprecated CMakeLists.json entries. New projects created based on the GitHub samples will require the 24.03 or later SDK and VS/VS Code extensions.

Updated samples for 24.03

The 24.03 release includes the following changes to the samples:

Updates to Azure Sphere HTTPS cURL Multi sample

The previous Azure Sphere HTTPS cURL Multi sample no longer follows currently recommended cURL best practices, which can be seen in more detail here. While we have preserved compatibility with the old approach, we have updated our sample and would recommend incorporating the latest approach in any software updates or new development work that you may be undertaking.

Updates to samples to use the azure-sphere extension for Azure CLI

We recommend using the now generally available Azure Sphere (Integrated) interface for future development work. The instructions in the sample README files have been updated to use commands in the azure-sphere extension for the Azure CLI.

Azure Sphere (Integrated) Public Preview release

August 8, 2023

We are excited to announce the Public Preview of Azure Sphere (Integrated), a new management interface for Azure Sphere services that is natively integrated with Azure via the Azure Resource Manager.

This Azure Sphere (Integrated) Public Preview comprises:

  • A new REST API for the Azure Sphere Security Services, integrated with Azure Resource Manager
  • Azure Portal and Azure CLI integration
  • Azure Monitor integration
  • Azure RBAC integration

Read this article to find out more about the security, observability, usability, streamlined access to support, and other benefits of these integrations.

During Public Preview, it is recommended to use Azure Sphere (Integrated) for development and test purposes. As best practise, production use cases (e.g. during manufacturing or operations workflows) should not use a Preview product. Therefore for production use cases we recommend you continue to use the existing Azure Sphere Security Service interface, now known as Azure Sphere (Legacy), which continues to be fully supported and generally available.

To find out more about Azure Sphere (Integrated) and Azure Sphere (Legacy), including how to get started, refer to this document.

There is no OS or SDK update as part of this release. Azure Sphere (Integrated) command-line tooling is provided by a new Azure CLI extension that requires the 23.05 Azure Sphere SDK to be installed when using commands that interact with a connected device.

What's new in the 23.05 release

October 26, 2023

The Azure Sphere 23.05 Update 1 release includes the following updates to the Azure Sphere extensions for Visual Studio and for Visual Studio Code:

  • A new shortcut to Azure Sphere (Integrated) catalog management
  • Bug fixes

It does not include an updated OS or SDK.

June 20, 2023

The Azure Sphere 23.05 feature release includes the following components:

  • Updated Azure Sphere OS
  • Updated Azure Sphere SDK for Windows and for Linux
  • Updated Azure Sphere extensions for Visual Studio and for Visual Studio Code

If your devices are connected to the internet, they will receive the updated OS from the cloud. You'll be prompted to install the updated SDK on next use, or you can install it now. To install the latest SDK, see the installation Quickstart for Windows or Linux.

Highlights in this release include new cryptographic libraries, default NTP fallback, new beta APIs on Windows for Azure IoT connections using your own certificate, faster and enhanced factory testing, multi-device support for Linux, a new tools repository, and graduation of the Parse Device Logs self-help Gallery project to fully supported status.

New and changed features in the 23.05 OS

The 23.05 release of the Azure Sphere OS includes the following changes:

Microsoft-managed onboard cryptographic libraries

As part of the 23.05 release, Azure Sphere has cryptographic libraries built-in to the OS. Through our partnership with wolfSSL, you can now call select wolfCrypt APIs in your application that allow you to perform ECC or xChaCha encryption and decryption, certificate generation and management, and more without incurring a RAM or flash impact for building these into your application. Instead, you will be serviced by the Azure Sphere OS's built-in libraries, which can be patched and kept up to date by Microsoft. This new functionality is part of our ABI compatibility promise for the life of the product, and you can view wolfSSL’s long term ABI promises on their website, where they also provide examples for how to use these wolfCrypt APIs, such as ECC.

Expanded NTP robustness

In the event that Microsoft NTP timeservers are experiencing an outage, Azure Sphere devices will now attempt to fallback to a NIST NTP server after trying multiple regional Microsoft endpoints, unless a custom NTP is being used with custom fallback configurations. This expands the connectivity robustness of Azure Sphere devices by giving them more options to synchronize for communication to the cloud and other servers. Administrators of Azure Sphere devices behind firewalls can refer to the updated endpoint details here.

3rd Party Certificate Support for Azure IoT (Beta) on Windows

Azure Sphere’s OS includes the Azure IoT C SDK. New for this OS, on Windows, we are previewing APIs as part of our Beta program to utilize certificates provided by the application to connect to Azure IoT, these certificates do not need to be rooted in the Azure Sphere device. This allows easy connection to Azure IoT resources with certificates that root to existing systems. These Beta APIs are optimized for testing currently, but will be updated to support production operations at scale. If you have feedback on these APIs, including production environment requirements, please contact us at AZSPPGSUP@microsoft.com. The new APIs are AzureIoT_OverrideAzureSphereAuthCert and AzureIoT_OverrideAzureSphereAuthPrivateKey.

Update RF Tools OS support and improve tools performance

RF Tools have been updated to include:

  • Support for both Windows and Linux x86 platforms, including multi-device.
  • Performance improvements for reading and writing bufferbin and eFuse data, through new batching OS calls.
  • A Python library, assisting Python users with development of their own scripts and applications.

New and changed features in the 23.05 SDK

The 23.05 release of the Azure Sphere SDK includes the following changes:

Linux multi-device support

The 23.05 SDK adds support for multiple concurrently connected Azure Sphere devices in Linux, bringing this feature in line with existing support on Windows. This has particular relevance to Linux-based manufacturing scenarios.

Additionally, there is no longer a need call the azsphere_connect.sh script when connecting a new device - connection now takes place automatically in parity with existing Windows support. See the updated documentation on Linux SDK installation.

Add SDK support for Ubuntu 22.04 LTS

The 23.05 SDK adds support for Ubuntu 22.04, adding to the existing Ubuntu 18.04 and 20.04 support. The Linux SDK installer can determine the LTS version of Ubuntu you are running and download or install the appropriate SDK.

End-of-support notice for Ubuntu 18.04 LTS

Ubuntu 18.04 is now outside Canonical's long-term standard support arrangement. As such the 23.05 SDK will be the last Azure Sphere SDK to support this OS version. Future SDKs will not support Ubuntu 18.04.

New and changed features in 23.05 for Visual Studio or Visual Studio Code extensions for Azure Sphere

The 23.05 release of the Azure Sphere Visual Studio and Visual Studio Code extensions includes the following changes:

  • Improved debugging experience when debugging real-time capable applications and when debugging multiple applications.
  • Updated New Project templates.

New Tools GitHub repository

A new GitHub repository, Azure Sphere Tools, has been introduced. This repository will contain additional officially supported tools relating to manufacturing, support, and diagnostics. The manufacturing folder has been relocated from the Samples repository, placing manufacturing tools in a single, easy-to-find location, while also reducing the footprint of the samples repository.

The 23.05 release of the Azure Sphere samples, code snippets, and Gallery projects includes the following changes:

The 23.05 release of the Azure Sphere include the Parse Device Logs project that has graduated from the Gallery and is now an officially supported project located in the new Azure Sphere Tools repository.

Releases Prior to 23.05

See What's New in Azure Sphere (Legacy).