 Hi, I'm Mark Goodner on the C++ team with Visual Studio, and I'm here today to talk to you about Azure Sphere. Microcontrollers or MCUs are the most populous category of computing today. Nine billion microcontroller powered devices will ship this year. Microcontrollers are in everything. Fewer than 1 percent of microcontrollers are connected today. The most important thing we've learned is that security is foundation. It needs to be built in from the beginning. You cannot bolt it on after the fact. We've learned that in order to be highly secured, a connected device must possess seven properties. It must have a hardware root of trust, defense in depth, a small trusted computing base, dynamic compartments, certificate-based authentication, and online failure reporting and renewable security. We use the word properties purposefully. A property is something that can be measured and evaluated. These seven properties can be measured and evaluated. In fact, we provide here a set of questions that you can ask to begin to evaluate the security of your IoT devices. We published a research white paper at aka MS seven properties that explains in detail each property and its requirements. Azure Sphere is an end-to-end solution for creating highly secured connected devices. We brought together decades of Microsoft's expertise in Cloud software and hardware to create an entirely new approach to security that starts in the Silicon and extends to the Cloud. Azure Sphere includes three elements. Azure Sphere certified MCUs, the Azure Sphere operating system, and the Azure Sphere security service. With Azure Sphere, we are bringing the power of the Visual Studio Development Ecosystem to your MCU development. Visual Studio provides the most advanced tools for authoring code, integrated debugging, and developer collaboration. You can step through code on the device and see what is happening in your Cloud environment within a single integrated development environment. Let's look at how easy it is to get started developing an Azure Sphere application that connects to Azure IoT. I've cloned this sample from the Azure Sphere Samples repo on GitHub. So let's open this in Visual Studio. This sample provides device code that will send telemetry to Azure IoT. I'll configure this to send the data to a hub in my subscription, set a breakpoint and a button press, and then deploy and debug the app. Now this is the overview page for an Azure Sphere application. Here you can see that we have links to further documentation, to samples, and to launch your command prompt. So you can see here we can take a look at the device that we have connected to the system. Now this tab is going to let me configure my IoT connectivity. So here this is going to pull from my subscription in Azure, it's going to pull in the connection types that I have. I have a device provisioning service here that I can use to connect my Azure Sphere device with that I have configured. I can also choose to use a direct connection to an IoT hub within Azure IoT, or just using a connection string just to extract the connection information out of this. All I have to do here is click Add, and now this is going to automatically populate my connection information. So now let's take a look at the application manifest for this application. The app manifest has the allowed connections that the device is able to talk to. Here you'll see that the global device provisioning endpoints is here, as well as the endpoint for my Azure IoT hub that I just configured. This is the scope ID for my device provisioning service, and here is my Azure Sphere tenant. Now this is an example of defense in depth with Azure Sphere, because even if my application were able to get compromised, the Azure Sphere OS would enforce that only these connections are the allowed connections for the application. It would not be able to be reused to talk to anything else. If you wanted to talk to something other than Azure IoT, you can of course use something like Curl and add your own endpoints into this allowed connections list. But it goes even further than that because you can see here that I've enumerated the GPIO ports that I want to connect to with the device. These are the only GPIO ports that this application is going to be able to talk to. If the application again were compromised, because UART for example hasn't been enumerated here, the application would not be able to speak over UART. Now let's set a break point on a button press. So I'll open up my main file here, and navigate down to the function for the button press, and go ahead and set a break point there. Now what I'm going to do is just go ahead and deploy this to my device. This is going to compile the application, package it into a signed image package that will be side-loaded over USB onto the Azure Sphere device. Now you can see the output from the device showing up in Visual Studio's output window. Now you can see the certificate being used to connect to Azure IoT through this output message. So now the app is up and running and sending messages, and if I press a button, we'll trigger our break point, and that's just how easy it is to get going with this. But let's take a look at one more thing here, and take a look at our messages going to Azure IoT. So if I start the Cloud Explorer, and I can expand my IoT Hubs node and select sensors, and now I can start monitoring device to Cloud messages. So this starts a service in Azure IoT that's actually going to now display the messages as they're received in the IoT Hub back to me. So let's let the application run again, and you can see right there the message just popped by, and so we can see that telemetry is actually coming from our device and being received in Azure IoT Hub. Azure IoT Central is a SaaS offering that makes it easy to connect, monitor, and manage your IoT assets. You can get started in just a few minutes to get a dashboard to monitor device data. We have a sample Azure Sphere application on the GitHub that's ready to use with IoT Central. So we're going to take a look at that. This sample has the device code and the instructions for setting up IoT Central, along with all the telemetry points the device code sends. So from the IoT Central homepage, just click Get Started, and from here you can create a free trial application that will give you up to seven days to check things out. Let's go ahead and click Create new application, and so here I just select trial and custom application, and then I can just go ahead and click Create, and that's going to provision all of the resources I need to set up a complete IoT application in IoT Central. So now that the application is created, I just need to create a device template for my telemetry points, and I can just name it something like Azure Sphere, and now I just need to create some telemetry points. So I'll create a telemetry point for temperature, and click Save on that one, and now we'll add a another new measurement point for a state, and here we can say in this application we use orientation that we change from up and down with a button press, and so we'll give it the values of up and save that one, and then finally I'll create an event for a button press to record the other button when that is pressed and just go ahead and click Save, and that's it for my device template. The next step here is to create a real device. The configuration steps for this are to associate your Azure Sphere tenant with your IoT Central application, which requires a certificate proof of possession flow. Our guide covers those steps in detail, so we're not going to cover them here. Let's flip back to Visual Studio and take a look at our manifest. Basically, I just changed my manifest to the scope ID for the IoT Central application, and to use the IoT Hub for the IoT Central application. I got that information partly from the IoT Central configuration pages, and partly from a little tool that we include with our sample. So it all looks good, so we'll go ahead and deploy the app. It's now no longer pointing to my Azure IoT Hub, it's now pointing to that Azure IoT Central instance, and so now that's spinning up. Again, we can see the cert based off being used to connect, and now my messages are flowing up there. Now I have another pre-configured IoT Central application that's here and in just a few moments, the data should start flowing in. There we go. We can see a data point that's come in, so the first temperature measurement has come in, and more data will start flowing in now. The device code for this sample continuously sends simulated temperature output that's coming up into the application, and you can see here a button press event from one of the buttons on the device. That was a quick overview of Azure Sphere, a secure IoT solution, and how to use it with Visual Studio 2019 and our Azure IoT offerings. If you'd like to learn more, go to Microsoft.com slash Azure Sphere for deeper dives and links to where you can order dev kits and get the SDK.