Azure Percept security recommendations
Important
Retirement of Azure Percept DK:
Update 22 February 2023: A firmware update for the Percept DK Vision and Audio accessory components (also known as Vision and Audio SOM) is now available here, and will enable the accessory components to continue functioning beyond the retirement date.
The Azure Percept public preview will be evolving to support new edge device platforms and developer experiences. As part of this evolution the Azure Percept DK and Audio Accessory and associated supporting Azure services for the Percept DK will be retired March 30th, 2023.
Effective March 30th, 2023, the Azure Percept DK and Audio Accessory will no longer be supported by any Azure services including Azure Percept Studio, OS updates, containers updates, view web stream, and Custom Vision integration. Microsoft will no longer provide customer success support and any associated supporting services. For more information, please visit the Retirement Notice Blog Post.
Review the guidelines below for information on configuring firewalls and general security best practices with Azure Percept.
Configuring firewalls for Azure Percept DK
If your networking setup requires that you explicitly permit connections made from Azure Percept DK devices, review the following list of components.
This checklist is a starting point for firewall rules:
| URL (* = wildcard) | Outbound TCP Ports | Usage |
|---|---|---|
| *.auth.azureperceptdk.azure.net | 443 | Azure DK SOM Authentication and Authorization |
| *.auth.projectsantacruz.azure.net | 443 | Azure DK SOM Authentication and Authorization |
Additionally, review the list of connections used by Azure IoT Edge.
Additional recommendations for deployment to production
Azure Percept DK offers a great variety of security capabilities out of the box. In addition to those powerful security features included in the current release, Microsoft also suggests the following guidelines when considering production deployments:
- Strong physical protection of the device itself
- Ensure data-at-rest encryption is enabled
- Continuously monitor the device posture and quickly respond to alerts
- Limit the number of administrators who have access to the device