O'Reilly logo
live online training icon Live Online training

Architecting Secure IoT applications with Azure Sphere

Chris Seferlis

Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. It comprises an Azure Sphere microcontroller unit (MCU), tools and an SDK for developing applications, and the Azure Sphere Security Service, through which applications can securely connect to the cloud and web. As we continually see more and more consumer-grade internet devices, known as the Internet of Things (IoT) Devices we need a more robust way to manage these devices in a secure way.

This course will help you learn how to plan your application and various components of your application for designing your IoT applications based on the requirements like features, scale, etc. You’ll learn how to think from the aspects of fault tolerance, robust and secure communication and data integrity over cloud platforms. You will also cover how to secure your IoT applications with the help of Azure Sphere’s built-in communication and security features for internet-connected devices.

In this course, you will learn about a newer IoT offering called Microsoft Azure Sphere. As these consumer-grade devices grow exponentially, the problem is that some of these devices are not built in a secure way, making them easily susceptible to hacking. There have been plenty of news stories about devices that have been hacked and then used for malicious purposes.

Microsoft is not alone in recognizing this issue, but they jumped on this in 2015 and began to develop an approach to securing these devices and created Microsoft Azure Sphere. This is a solution for creating highly secure internet connected microcontroller devices with 3 main components:

1) Azure Sphere Certified MCUs – They’ve got manufacturers that architect a solution that combines real-time and application processors built onto this MCU, using built-in Microsoft security technology and connectivity capabilities. They used the experience, processes, and lessons learned from looking at the Xbox consoles that have been built over the past 15 years and put that into the design of these chips. So, third-party companies can build these chips by using these processes and be certified. 2) Azure Sphere Operating System – Once an MCU is certified, you can install this operating system which is intended to be super secure and agile to serve those MCU purposes, including layers of security from Windows, Linux, and specific security monitoring software all built into that operating system.

3) Azure Sphere Security Service – This allows you to protect each device, but also allows secure communication from device to device or device to the cloud.

Similar to what we talk about with IoT and IoT Hub, but there is a certified way of doing it to ensure you’re using the architecture that will remain secure and supported by Microsoft for years to come. And this will apply to hundreds and thousands of companies that are going to build devices for all the areas mentioned above and more, giving them that secure platform to build them.

In this course, we will explore the first development kit provided by Seeed Studio along with the starter kit also provided by Seeed. This kit includes some additional modules that help provide more capability for your base kits like sensors, LCD screen, buzzers, temp/humidity sensors, and button/led for output/input capabilities. As part of this, you will explore some common use cases in manufacturing and elsewhere with some touches of personal experience the instructor had using IoT devices in production.

What you'll learn-and how you can apply it

  • What makes Azure Sphere different from deploying non-certified IoT devices
  • An architectural overview of the Azure Sphere ecosystem components – Devices, OS and Sphere Service
  • Where to get supported devices for Azure Sphere
  • The 7 properties of a secure device
  • How Azure Sphere fits in with the Azure Data Platform for data aggregation
  • How to deploy configurations directly and over the air (OTA)
  • Setting up and configuring the Azure Sphere service
  • Building your first Sphere application with the Visual Studio SDK

This training course is for you because...

You are a security professional, engineer, hobbyist or IoT architect who wish to enhance their skill set in the field of IoT, and learn how to design and deliver an IoT platform you know will be secure and supported by a trusted source.


  • Microsoft Azure Account
  • Microsoft Visual Studio
  • Azure Sphere VS SDK

Materials, downloads, or Supplemental Content needed in advance

Azure Sphere Certified Device from Seeed Studio and Starter Kit

Recommended Preparation

Fundamentals of IoT Security

About your instructor

  • Chris Seferlis is a Practice Manager with Pragmatic Works, a leader in Microsoft data analytics and cloud solutions. He has 20+ years’ experience working in IT and solving technical challenges from a business perspective. Chris is a former CIO with an MBA from UMass, bringing a mix of business acumen with practical technology solutions, primarily focusing on Business Intelligence within the Microsoft SQL stack, including MCSA and P-CSA designations. Chris is a US Army Veteran having served as the Battalion Liaison for the Directorate of Information Management while deployed in support of Operation Enduring Freedom. Using early iterations of IoT devices like Raspberry PIs, Chris was able to implement solutions that captured data from the manufacturing floor using scales for capturing weights and card readers for capturing transactions. This data captured was then transformed and used for disseminating information about operational productivity and plant-floor operations. With this previous experience, Chris is able to translate business needs to technology implementations with IoT solutions; Azure Sphere is one of the newer and more secure platforms and other Azure Data Platform components required to build a complete solution.


The timeframes are only estimates and may vary according to how the class is progressing

Day 1

Section 1: What is Azure Sphere and why was it developed? (50 min)

  • Overview of Azure Sphere
  • What is an MCU
  • Where do MCUs Exist
  • What are the 7 properties of highly secured devices
  • Azure Sphere Class MCU
  • Azure Sphere OS
  • Azure Sphere Security Service Lab: Offline Lab, review provided documentation

Break (10 min)

Section 2: Setting up your sphere device and Azure environment (50 min)

  • Demonstrating setup process and connecting to Device
  • Obtaining and Installing Device Drivers
  • Ensuring connectivity with device
  • Connecting to Azure Environment and Preparing for Device Deployment Lab: Attendee follow-along or complete after

Break (10 min)

Section 3: Updating your device and Introducing the SDK (50 min)

  • Demonstrating the update process and giving an overview of SDK in the Visual Studio Environment

Lab: Attendee follow-along or complete after

Break (10 min)

Section 4: Architectural overview and Components of the MCU (50 min)

  • Reviewing Architectural aspects and examining a physical device
  • Understanding what the components are
  • Understanding the layers of security
  • Overview of the Operating System
  • Overview of the Azure connections Lab: Attendee follow-along while reviewing device components

Day 2

Section 5: Building your first Sphere Application (50 min)

  • Working with examples provided for applications
  • Running various tests with the application and device
  • Working with the buttons and add-on components Lab: Attendee Follow-Along, or complete steps after the session

Break (10 min)

Section 6: Introducing the Azure Data Platform(50 min)

  • Overview of Azure Data Platform Components (20 min)
  • Review stream capture components
  • Review data storage components
  • Review common architectures Lab: Deploying a stream capture component and Azure Storage account (30 min)

Break (10 min)

Section 7: Capturing your Sphere data in Azure Data Platform (50 min)

  • Demonstration of streaming data from Sphere device to Azure (20 min)
  • Publishing data to Azure
  • Capturing and streaming data Lab: Programming device to push data to Azure (30 min)

Break (10 min)

Section 8: Visualizing the data with Power BI and Wrap (50 min)

  • Building your first Power BI Report to display information about captured data
  • Creating a Power BI Account
  • Connecting to your Azure Storage account
  • Building your first report
  • Differentiating between live streaming reports and refreshing reports Lab: Attendee Follow-Along or complete after