What's new in Azure Sphere
Azure Sphere is updated on an ongoing basis. Feature releases support new functionality and may include updates to the Azure Sphere OS, SDK and/or Services. Quality releases include bug fixes and security updates only, and may often only include the Azure Sphere OS. Release numbers are typically in year.month format, so 22.04 identifies the release in April, 2022.
Being notified of updates
When new releases occur, we will post notifications on Azure Updates and the IoT Tech Community blog. We recommend subscribing to the Azure Updates RSS feed so that you receive timely and essential information about Azure Sphere.
Tip
Breaking changes or improvements to the azure-sphere
extension for the Azure CLI or the Azure Sphere Security Service (AS3) REST APIs may occur out-of-band from an Azure Sphere release. For more information on these updates, see Release updates.
Receiving updates
When the OS is updated, it is automatically downloaded from the cloud to Azure Sphere devices that are connected to the internet.
To verify the installed OS version on an attached device, use the following command:
az sphere device show-os-version
SDK updates and Visual Studio / Visual Studio Code extensions need to be manually installed - see these instructions for Windows or Linux. To check which version of the SDK is installed on your computer, use the following command (N.B. this command is currently only available in the "azsphere" tool):
azsphere show-version
The Azure Sphere extension for Azure CLI needs to be manually updated via command-line commands. See this page for details on how to check the extension is up to date.
Retail Evaluation OS releases
The Retail Evaluation program enables backward compatibility testing for applications two weeks before the OS is updated for all devices. We strongly recommend that all production users make use of this test facility. See Set up devices for OS evaluation to find out how to participate.
Reporting vulnerabilities
Azure Sphere encourages security researchers to search for any vulnerabilities and report them responsibly based on Microsoft's Coordinated Vulnerability Disclosure principle to the MSRC Portal. Reports of vulnerabilities may include rewards through the Microsoft Azure Bounty Program. See Azure Sphere CVEs for general information about Azure Sphere CVEs. You can find information about CVEs already published in the MSRC Security Update Guide and in the release-specific details in this article.
September 2024
27 September 2024
Announcement of retirement of Azure Sphere (Legacy) service interfaces in September 2027
The Azure Sphere (Legacy) interfaces, including the Azure Sphere (Legacy) API (also known as PAPI) and the Azure Sphere (Legacy) CLI (also known as azsphere
), will be retired on 27 September 2027. From now through 27 September 2027, Azure Sphere (Legacy) will be fully supported, and you can continue to use the Azure Sphere (Legacy) API and CLI interfaces. However, by 27 September 2027, you must migrate to Azure Sphere (Integrated) and start managing your Azure Sphere devices in Azure portal and the Azure CLI, and you must update any custom automation and applications to use the Azure Sphere (Integrated) API.
Azure Sphere (Integrated) supports all Azure Sphere (Legacy) features, and enables you to use other powerful Azure services when managing your Azure Sphere devices, including Microsoft Entra ID, Azure role-based access control, and Azure Monitor.
For more information about the retirement and how to migrate to Azure Sphere (Integrated), see this blog post.
August 2024
19 August 2024
Services (Legacy): invite-user API deprecated
For security reasons, we have removed the "invite-user" API from the Azure Sphere (Legacy) Public API. This API was utilized by the CLI command azsphere register-user
, which will now result in an error message. Alternative methods should be used to register Azure Sphere (Legacy) users.
Services (Integrated): New feature for locating a device
You can now search for a device ID across all catalogs to which you have access. If you have Reader or greater Azure RBAC permissions for the device, the search result displays a link to the device, as well as to the device's parent device group, product, and catalog. If you do not have Reader or greater access privileges, the search will return a device not found error.
New gallery project: Azure Event Grid MQTT-C
A new Azure Sphere Gallery Project is available, demonstrating how to connect an Azure Sphere device to an Azure Event Grid namespace over MQTT with the MQTT-C client library. This project makes use of Azure Sphere's wolfSSL TLS library and Device Authentication and Attestation (DAA) certificate mechanism to form connections in a secure, authenticated and attested manner.
July 2024
July 31, 2024
Azure Sphere Security Service starts using new image signing certificate for signing all images production-signed applications and capabilities. Because production devices received that new certificate in the trusted keystore on July 10 (see below), there is no impact on production devices. In certain manufacturing or development scenarios, there is a minor impact.
10 July 2024
This release includes an update to the trusted keystore of Azure Sphere devices which will result in all devices (regardless of whether they are on the Retail or Retail Eval feed) installing this update and rebooting. For more information, see the blog post, Azure Sphere – Image signing certificate update.
What's new in the 24.06 release
25 June 2024
The Azure Sphere 24.06 release includes a bug fix in the Azure Sphere OS only; it does not include an updated SDK. If your devices are connected to the internet, they will receive the updated OS from the cloud.
Fixed bugs and common vulnerabilities in the 24.06 release
The 24.06 release includes updates to mitigate against the Common Vulnerabilities and Exposures (CVEs):
- CVE-2023-52160
What's new in 24.03 release
26 March 2024
Azure Sphere 24.03 release is now available and includes the following components:
- General availability of Azure Sphere (Integrated)
- Updated Azure Sphere OS
- Updated Azure Sphere SDK for Windows and for Linux
- Updated Azure Sphere extensions for Visual Studio and for Visual Studio Code
- Updated samples
Highlights in this release include general availability of Azure Sphere (Integrated), support for custom certificates to connect to Azure IoT, an updated version of cURL for the Azure Sphere OS, security fixes, SDK support for Ubuntu 24.04 pre-release, and simplifications to the CMake toolchain.
General availability of Azure Sphere (Integrated)
We are excited to announce that Azure Sphere (Integrated), a new management interface for Azure Sphere devices, is generally available for production use starting today. Azure Sphere (Integrated) is now the recommended interface for Azure Sphere services, and is no longer labeled Preview in Azure portal.
With Azure Sphere (Integrated), you can manage your Azure Sphere devices directly in the Azure portal and the Azure Sphere extension for Azure CLI. Azure Sphere (Integrated) is based on the new Azure Sphere (Integrated) REST API, built on the Azure Resource Manager platform, and it includes built in support for other powerful Azure services, including Azure RBAC and Azure Monitor.
Updates to Azure Sphere (Integrated) since Public Preview:
A new Azure RBAC pre-built role is available: Azure Sphere Owner. The Azure Sphere Owner role provides full privileges for Azure Sphere resources, but unlike the Azure Sphere Contributor role which also provides full privileges, the Azure Sphere Owner role also includes the ability to configure Azure RBAC access for Azure Sphere resources.
For easier navigation when viewing an individual product, device group, or device, you now access resource-specific overview information, access control, tasks, and property settings in the updated left menu.
You can use Azure Monitor to get alerted when you need to take action due to the two-yearly certificate roll of your catalog CA certificate. For details, see Monitoring Azure Sphere fleet and device health..
If you have not already started using Azure Sphere (Integrated), we recommend you do so now.
A one-time integration step enables you to manage your existing Azure Sphere (Legacy) tenants in Azure Sphere (Integrated). After a tenant is integrated, you can perform management tasks using either Azure Sphere (Integrated) or Azure Sphere (Legacy). You can stage adoption of Azure Sphere (Integrated) by starting with test and development activities in Azure Sphere (Integrated) while continuing to use Azure Sphere (Legacy) for production management workflows until you are ready to fully migrate. While Azure Sphere (Legacy) interface continues to be fully supported, we recommend migration to take full advantage of Azure Sphere (Integrated) features and future enhancements.
For more information, see the blog post Azure Sphere (Integrated) is generally available
New and changed features in the 24.03 OS
The 24.03 release of the Azure Sphere OS includes the following changes:
Fixed bugs and common vulnerabilities in the 24.03 OS release
The cURL version included in the Azure Sphere OS was updated from version 7.69.1 to 7.87.0. The 24.03 OS release includes updates to mitigate against these Common Vulnerabilities and Exposures (CVEs):
Common Vulnerabilities and Exposures (CVEs) | |
---|---|
CVE-2022-27774 | CVE-2022-27776 |
CVE-2022-32205 | CVE-2022-32207 |
CVE-2022-32208 | CVE-2022-32221 |
CVE-2022-35252 | CVE-2022-35260 |
CVE-2022-43551 | CVE-2022-43552 |
CVE-2023-23914 | CVE-2023-23916 |
CVE-2023-27533 | CVE-2023-27534 |
CVE-2023-27535 | CVE-2023-27536 |
CVE-2023-27538 | CVE-2023-27538 |
CVE-2023-28319 | CVE-2023-28320 |
CVE-2023-28321 | CVE-2023-28322 |
Support for using custom certificates to connect to Azure IoT Services
Azure Sphere devices can now utilize custom certificate chains to connect to Azure IoT Services. Utilizing non-Azure Sphere certificate chains is helpful with applications that have additional organizational requirements around certificate usage. Guidance on connecting with Azure IoT has been updated to describe this use case further. Any customers using the Beta API version of this capability released with the 23.05 OS should migrate to the new APIs by downloading the latest SDK and recompiling their application, noting that function signatures have changed to promote production application of this capability.
New and changed features in the 24.03 SDK and Visual Studio/Visual Studio Code extensions
The 24.03 release of the Azure Sphere SDK and Visual Studio/Visual Studio Code extensions includes the following changes:
End-of-support for Ubuntu 18.04 LTS
Ubuntu 18.04 is now outside Canonical's long-term standard support arrangement. As such the 23.05 SDK was the last Azure Sphere SDK to support this OS version. 24.03 and future SDKs will not support Ubuntu 18.04.
Added SDK support for Ubuntu 24.04 pre-release
The 24.03 SDK adds support for pre-release version of Ubuntu 24.04, adding to the existing Ubuntu 20.04 and 22.04 support. This is for development and test purposes of Ubuntu 24.04 before it is released to the public.
CMake Toolchain changes
In SDK version 23.05 and earlier, the target API set (sysroot) used by Azure Sphere applications had to be specified in both the CMakePresets.json and CMakeLists.txt files, which was duplicative and sometimes required manual update after each SDK release.
To simplify this process, and to streamline future updates, the azsphere_configure_tools
and azsphere_configure_api
CMakeLists.txt entries have been made unnecessary and deprecated. The build process now only uses the AZURE_SPHERE_TARGET_API_SET value in CMakePresets.json as the source of truth for the targeted API version.
By default, the value of the AZURE_SPHERE_TARGET_API_SET
parameter is set to "latest-lts" in CMakePresets.json which means that when the SDK is updated, the project automatically targets the latest API version. If you want to pin the API version to a specific version (e.g., when building apps for manufacturing products with a specific OS version), you should set the AZURE_SPHERE_TARGET_API_SET
parameter to that version.
Existing projects will continue to compile with the new SDK, although a warning message will inform the user that they can remove the deprecated CMakeLists.json entries. New projects created based on the GitHub samples will require the 24.03 or later SDK and VS/VS Code extensions.
Updated samples for 24.03
The 24.03 release includes the following changes to the samples:
Updates to Azure Sphere HTTPS cURL Multi sample
The previous Azure Sphere HTTPS cURL Multi sample no longer follows currently recommended cURL best practices, which can be seen in more detail here. While we have preserved compatibility with the old approach, we have updated our sample and would recommend incorporating the latest approach in any software updates or new development work that you may be undertaking.
Updates to samples to use the azure-sphere extension for Azure CLI
We recommend using the now generally available Azure Sphere (Integrated) interface for future development work. The instructions in the sample README files have been updated to use commands in the azure-sphere extension for the Azure CLI.
Azure Sphere (Integrated) Public Preview release
August 8, 2023
We are excited to announce the Public Preview of Azure Sphere (Integrated), a new management interface for Azure Sphere services that is natively integrated with Azure via the Azure Resource Manager.
This Azure Sphere (Integrated) Public Preview comprises:
- A new REST API for the Azure Sphere Security Services, integrated with Azure Resource Manager
- Azure Portal and Azure CLI integration
- Azure Monitor integration
- Azure RBAC integration
Read this article to find out more about the security, observability, usability, streamlined access to support, and other benefits of these integrations.
During Public Preview, it is recommended to use Azure Sphere (Integrated) for development and test purposes. As best practise, production use cases (e.g. during manufacturing or operations workflows) should not use a Preview product. Therefore for production use cases we recommend you continue to use the existing Azure Sphere Security Service interface, now known as Azure Sphere (Legacy), which continues to be fully supported and generally available.
To find out more about Azure Sphere (Integrated) and Azure Sphere (Legacy), including how to get started, refer to this document.
There is no OS or SDK update as part of this release. Azure Sphere (Integrated) command-line tooling is provided by a new Azure CLI extension that requires the 23.05 Azure Sphere SDK to be installed when using commands that interact with a connected device.
What's new in the 23.05 release
October 26, 2023
The Azure Sphere 23.05 Update 1 release includes the following updates to the Azure Sphere extensions for Visual Studio and for Visual Studio Code:
- A new shortcut to Azure Sphere (Integrated) catalog management
- Bug fixes
It does not include an updated OS or SDK.
June 20, 2023
The Azure Sphere 23.05 feature release includes the following components:
- Updated Azure Sphere OS
- Updated Azure Sphere SDK for Windows and for Linux
- Updated Azure Sphere extensions for Visual Studio and for Visual Studio Code
If your devices are connected to the internet, they will receive the updated OS from the cloud. You'll be prompted to install the updated SDK on next use, or you can install it now. To install the latest SDK, see the installation Quickstart for Windows or Linux.
Highlights in this release include new cryptographic libraries, default NTP fallback, new beta APIs on Windows for Azure IoT connections using your own certificate, faster and enhanced factory testing, multi-device support for Linux, a new tools repository, and graduation of the Parse Device Logs self-help Gallery project to fully supported status.
New and changed features in the 23.05 OS
The 23.05 release of the Azure Sphere OS includes the following changes:
Microsoft-managed onboard cryptographic libraries
As part of the 23.05 release, Azure Sphere has cryptographic libraries built-in to the OS. Through our partnership with wolfSSL, you can now call select wolfCrypt APIs in your application that allow you to perform ECC or xChaCha encryption and decryption, certificate generation and management, and more without incurring a RAM or flash impact for building these into your application. Instead, you will be serviced by the Azure Sphere OS's built-in libraries, which can be patched and kept up to date by Microsoft. This new functionality is part of our ABI compatibility promise for the life of the product, and you can view wolfSSL’s long term ABI promises on their website, where they also provide examples for how to use these wolfCrypt APIs, such as ECC.
Expanded NTP robustness
In the event that Microsoft NTP timeservers are experiencing an outage, Azure Sphere devices will now attempt to fallback to a NIST NTP server after trying multiple regional Microsoft endpoints, unless a custom NTP is being used with custom fallback configurations. This expands the connectivity robustness of Azure Sphere devices by giving them more options to synchronize for communication to the cloud and other servers. Administrators of Azure Sphere devices behind firewalls can refer to the updated endpoint details here.
3rd Party Certificate Support for Azure IoT (Beta) on Windows
Azure Sphere’s OS includes the Azure IoT C SDK. New for this OS, on Windows, we are previewing APIs as part of our Beta program to utilize certificates provided by the application to connect to Azure IoT, these certificates do not need to be rooted in the Azure Sphere device. This allows easy connection to Azure IoT resources with certificates that root to existing systems. These Beta APIs are optimized for testing currently, but will be updated to support production operations at scale. If you have feedback on these APIs, including production environment requirements, please contact us at AZSPPGSUP@microsoft.com. The new APIs are AzureIoT_OverrideAzureSphereAuthCert and AzureIoT_OverrideAzureSphereAuthPrivateKey.
Update RF Tools OS support and improve tools performance
RF Tools have been updated to include:
- Support for both Windows and Linux x86 platforms, including multi-device.
- Performance improvements for reading and writing bufferbin and eFuse data, through new batching OS calls.
- A Python library, assisting Python users with development of their own scripts and applications.
New and changed features in the 23.05 SDK
The 23.05 release of the Azure Sphere SDK includes the following changes:
Linux multi-device support
The 23.05 SDK adds support for multiple concurrently connected Azure Sphere devices in Linux, bringing this feature in line with existing support on Windows. This has particular relevance to Linux-based manufacturing scenarios.
Additionally, there is no longer a need call the azsphere_connect.sh
script when connecting a new device - connection now takes place automatically in parity with existing Windows support. See the updated documentation on Linux SDK installation.
Add SDK support for Ubuntu 22.04 LTS
The 23.05 SDK adds support for Ubuntu 22.04, adding to the existing Ubuntu 18.04 and 20.04 support. The Linux SDK installer can determine the LTS version of Ubuntu you are running and download or install the appropriate SDK.
End-of-support notice for Ubuntu 18.04 LTS
Ubuntu 18.04 is now outside Canonical's long-term standard support arrangement. As such the 23.05 SDK will be the last Azure Sphere SDK to support this OS version. Future SDKs will not support Ubuntu 18.04.
New and changed features in 23.05 for Visual Studio or Visual Studio Code extensions for Azure Sphere
The 23.05 release of the Azure Sphere Visual Studio and Visual Studio Code extensions includes the following changes:
- Improved debugging experience when debugging real-time capable applications and when debugging multiple applications.
- Updated New Project templates.
New Tools GitHub repository
A new GitHub repository, Azure Sphere Tools, has been introduced. This repository will contain additional officially supported tools relating to manufacturing, support, and diagnostics. The manufacturing folder has been relocated from the Samples repository, placing manufacturing tools in a single, easy-to-find location, while also reducing the footprint of the samples repository.
New and updated Gallery projects for 23.05
The 23.05 release of the Azure Sphere samples, code snippets, and Gallery projects includes the following changes:
The 23.05 release of the Azure Sphere include the Parse Device Logs project that has graduated from the Gallery and is now an officially supported project located in the new Azure Sphere Tools repository.
Releases Prior to 23.05
See What's New in Azure Sphere (Legacy).