Microsoft.Azure.Devices.Provisioning.Security.Tpm

Provisioning Device Security TPM Client for Azure IoT Devices


Keywords
.NET, Azure, Client, Device, IoT, Microsoft, Provisioning, Security, TPM
License
Other
Install
Install-Package Microsoft.Azure.Devices.Provisioning.Security.Tpm -Version 1.14.4

Documentation

Microsoft Azure IoT SDK for .NET

Contents

This repository contains the following:

  • Microsoft Azure IoT Hub device SDK for C# to connect client devices to Azure IoT Hub with .NET.
  • Microsoft Azure IoT Hub service SDK for C# to manage your IoT Hub service instance from a back-end .NET application.
  • Microsoft Azure Provisioning device SDK for C# to provision devices to Azure IoT Hub with .NET.
  • Microsoft Azure Provisioning service SDK for C# to manage your Provisioning service instance from a back-end .NET application.

Critical Upcoming Change Notice

All Azure IoT SDK users are advised to be aware of upcoming TLS certificate changes for Azure IoT Hub and Device Provisioning Service that will impact the SDK's ability to connect to these services. In October 2022, both services will migrate from the current Baltimore CyberTrust CA Root to the DigiCert Global G2 CA root. There will be a transition period beforehand where your IoT devices must have both the Baltimore and Digicert public certificates installed in their certificate store in order to prevent connectivity issues.

Devices with only the Baltimore public certificate installed will lose the ability to connect to Azure IoT hub and Device Provisioning Service in October 2022.

To prepare for this change, make sure your device's certificate store has both of these public certificates installed.

For a more in depth explanation as to why the IoT services are doing this, please see this article.

Recommended NuGet packages

Package Name Release Version
Microsoft.Azure.Devices.Client NuGet
Microsoft.Azure.Devices NuGet
Microsoft.Azure.Devices.Shared NuGet
Microsoft.Azure.Devices.Provisioning.Client NuGet
Microsoft.Azure.Devices.Provisioning.Transport.Amqp NuGet
Microsoft.Azure.Devices.Provisioning.Transport.Http NuGet
Microsoft.Azure.Devices.Provisioning.Transport.Mqtt NuGet
Microsoft.Azure.Devices.Provisioning.Service NuGet
Microsoft.Azure.Devices.Provisioning.Security.Tpm NuGet

Note:

  1. In addition to stable builds we also release pre-release builds that contain preview features. You can find details about the preview features released by looking at the release notes. It is not recommended to take dependency on preview NuGets for production applications as breaking changes can be introduced in preview packages.

  2. Device streaming feature is not being included in our newer preview releases as there is no active development going on in the service. For more details on the feature, see here.

    This feature has not been included in any preview release after 2020-10-14. However, the feature is still available under previews/deviceStreaming branch.

    The latest preview NuGet versions that contain the device streaming feature are:
    Microsoft.Azure.Devices.Client - 1.32.0-preview-001
    Microsoft.Azure.Devices - 1.28.0-preview-001

  3. Stable and preview NuGet versions are not interdependent; eg. for NuGet packages versioned 1.25.0 (stable release) and 1.25.0-preview-001 (preview release), there is no guarantee that v1.25.0 contains the feature(s) previewed in v1.25.0-preview-001. For a list of updates shipped with each NuGet package, please refer to the release notes.

The API reference documentation for .NET SDK is here.

To find SDKs in other languages for Azure IoT, please refer to the azure-iot-sdks repository. For IoT Hub Management SDK in .NET, please visit azure-sdk-for-net repository.

Developing applications for Azure IoT

Visit Azure IoT Dev Center to learn more about developing applications for Azure IoT.

Samples

All of our samples are located in this repository. The samples live alongside the source for each client library.

Samples for each of these categories are further separated into three sub-categories (from simplest to complex):

  1. Getting Started
  2. How To Guides
  3. Solutions

If you are looking for a good device sample to get started with, please see the device reconnection sample. It shows how to connect a device, handle disconnect events, cases to handle when making calls, and when to re-initialize the DeviceClient.

Contribute to the Azure IoT C# SDK

If you would like to build or change the SDK source code, please follow the devguide.

OS platforms and hardware compatibility

For an official list of all the operating systems and .NET platforms that we support, please see this document.

Note that you can configure your TLS protocol version and ciphers by following this document.

Key features and roadmap

IoT Hub Device SDK

✔️ feature available ✖️ feature planned but not supported ➖ no support planned

Features mqtt mqtt-ws amqp amqp-ws https Description
Authentication ✔️ ✔️* ✔️ ✔️* ✔️* Connect your device to IoT Hub securely with supported authentication methods, including private key, shared access signature (SAS) token, X.509 self-signed, and X.509 certificate authority (CA) signed.
*IoT Hub only supports X.509 CA signed over AMQP and MQTT at the moment. X.509 CA authentication over web socket and HTTPS are not supported. When authenticating a device using shared access key (SAK) over MQTT, new connection will be setup as part of the SAS token refresh process; device communication will be briefly closed during refresh (for details, see device connection and messaging reliability documentation). X.509 certificate-based authentication process does not have the same refresh disruption. Also, X.509 certificate-based authentication is more secure than share access key authentication.
Send device-to-cloud message ✔️* ✔️* ✔️ ✔️ ✔️ Send device-to-cloud messages (max 256KB) to IoT Hub with the option to add application properties and system properties, and batch send.
*IoT Hub only supports batch send over AMQP and HTTPS at the moment. The MQTT implementation loops over the batch and sends each message individually.
Receive cloud-to-device messages ✔️* ✔️* ✔️ ✔️ ✔️ Receive cloud-to-device messages and read associated application and system properties from IoT Hub, with the option to complete/reject/abandon C2D messages.
*IoT Hub does not support the option to reject/abandon C2D messages over MQTT at the moment.
Device Twins ✔️* ✔️* ✔️* ✔️* IoT Hub persists a device twin for each device that you connect to IoT Hub. The device can perform operations like get twin tags, subscribe to desired properties.
*Send reported properties version and desired properties version are in progress.
Direct Methods ✔️ ✔️ ✔️ ✔️ IoT Hub gives you the ability to invoke direct methods on devices from the cloud. The SDK supports handler for method specific and generic operation.
Upload file to Blob ✔️ The user can use the device client to retrieve a SAS URI from IoT Hub (to use for file uploads), upload to Azure Storage blob using IoT Hub provided credentials (using a supported client library), and then use the device client to notify IoT Hub that a file upload has completed. File upload requires HTTPS connection, but can be initiated from client using any protocol for other operations.
Connection Status and Error reporting ✔️ ✔️ ✔️ ✔️ ✔️ Error reporting for IoT Hub supported error code.
Retry policies ✔️ ✔️ ✔️ ✔️ ✔️ Retry policy for unsuccessful device-to-cloud messages have three options: no try, exponential backoff with jitter (default) and custom.
Devices multiplexing over single connection ✔️ ✔️ ✔️
Connection Pooling - Specifying number of connections ✔️ ✔️ ✔️
IoT Plug and Play ✔️ ✔️ ✔️* ✔️* IoT Plug and Play lets you build smart devices that advertise their capabilities to Azure IoT applications. IoT Plug and Play devices don't require manual configuration when a customer connects them to IoT Plug and Play-enabled applications. You can read more here.
*Note: AMQP support is mainly targeted for Edge-based scenarios.

IoT Hub Service SDK

✔️ feature available ✖️ feature planned but not supported ➖ no support planned

Features Support Transport protocol used underneath Client to use Description
Identity registry (CRUD) ✔️ HTTP RegistryManager Use your backend app to perform CRUD operation for individual device or in bulk.
Query ✔️ HTTP RegistryManager Use your backend app to query for information on device twins, module twins, jobs and message routing.
Import/Export jobs ✔️ HTTP RegistryManager Use your backend app to import or export device identities in bulk.
Scheduled jobs ✔️ HTTP JobsClient Use your backend app to schedule jobs to update desired properties, update tags and invoke direct methods.
Cloud-to-device messaging ✔️ AMQP ServiceClient Use your backend app to send cloud-to-device messages in AMQP and AMQP-WS, and set up notifications for cloud-to-device message delivery.
Direct Methods operations ✔️ HTTP ServiceClient Use your backend app to invoke direct method on device.
File Upload Notifications ✔️ AMQP ServiceClient Use your backend app to receive file upload notifications.
IoT Hub Statistics ✔️ HTTP ServiceClient Use your backend app to get IoT hub identity registry statistics such as total device count for device statistics, and connected device count for service statistics.
Digital Twin Operations ✔️ HTTP DigitalTwinClient or RegistryManager Use your backend app to perform operations on plug and play devices. The operations include get twins, update twins and invoke commands. DigitalTwinClient is the preferred client to use.

Provisioning Device SDK

This repository contains provisioning device client SDK for the Device Provisioning Service.

✔️ feature available ✖️ feature planned but not supported ➖ no support planned

Features mqtt mqtt-ws amqp amqp-ws https Description
TPM Individual Enrollment ✔️ ✔️ ✔️ This SDK supports connecting your device to the Device Provisioning Service via individual enrollment using Trusted Platform Module. Please review the samples folder and this quickstart on how to create a device client. TPM over MQTT is currently not supported by the Device Provisioning Service.
X.509 Individual Enrollment ✔️ ✔️* ✔️ ✔️* ✔️ This SDK supports connecting your device to the Device Provisioning Service via individual enrollment using X.509 root certificate. Please review the samples and this quickstart folder on how to create a device client.
X.509 Enrollment Group ✔️ ✔️* ✔️ ✔️* ✔️ This SDK supports connecting your device to the Device Provisioning Service via individual enrollment using X.509 leaf certificate. Please review the samples folder on how to create a device client.

Note * WebSocket support for MQTT/AMQP is limited to .NET Framework 4.x.

Provisioniong Service SDK

This repository contains provisioning service client SDK for the Device Provisioning Service to programmatically enroll devices.

Feature Support Description
CRUD Operation with TPM Individual Enrollment ✔️ Programmatically manage device enrollment using TPM with the service SDK. Please visit the samples folder to learn more about this feature.
Bulk CRUD Operation with TPM Individual Enrollment ✔️ Programmatically bulk manage device enrollment using TPM with the service SDK. Please visit the samples folder to learn more about this feature.
CRUD Operation with X.509 Individual Enrollment ✔️ Programmatically manage device enrollment using X.509 individual enrollment with the service SDK. Please visit the samples folder to learn more about this feature.
CRUD Operation with X.509 Group Enrollment ✔️ Programmatically manage device enrollment using X.509 group enrollment with the service SDK. Please visit the samples folder to learn more about this feature.
Query enrollments ✔️ Programmatically query registration states with the service SDK. Please visit the samples folder to learn more about this feature.

Read more

Device Explorer is no longer supported. A replacement tool can be found here.

Certificates - Important to know

The Azure IoT Hub certificates presented during TLS negotiation shall be always validated using the appropriate root CA certificate(s).

Always prefer using the local system's Trusted Root Certificate Authority store instead of hardcoding the certificates.

A couple of examples:

Additional Information

For additional guidance and important information about certificates, please refer to this blog post from the security team.

Support

The Azure IoT Hub Device Client supported releases is outlined in the following table.

Refer to the Azure IoT Device SDK lifecycle and support for details on the different supported stages.

Release Category End-of-life
NuGet Active -

Need help?

  • Have a feature request for SDKs? Please post it on User Voice to help us prioritize.
  • Have a technical question? Ask on Stack Overflow with tag “azure-iot-hub”.
  • Need Support? Every customer with an active Azure subscription has access to support with guaranteed response time. Consider submitting a ticket and get assistance from Microsoft support team.
  • Found a bug? Please help us fix it by thoroughly documenting it and filing an issue on GitHub (C, Java, .NET, Node.js, Python).

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

Microsoft collects performance and usage information which may be used to provide and improve Microsoft products and services and enhance your experience. To learn more, review the privacy statement.