It can be hard to pin down a . Some companies look at it in terms of networks, others in terms of datacenters. For Microsoft, it’s a distributed cloud that encompasses every computer, no matter how small and how limited.

Microsoft CEO Satya Nadella uses the term “intelligent edge,” in which container-based machine learning models are deployed where needed along with your own code and Azure features like stream analytics and .

That vision is the foundation of Azure IoT Edge, which has now been released as a public beta, and expands .

Although there are some ready-to-use machine learning models in Azure IoT Edge, Microsoft is avoiding an overly prescriptive approach. No two IoT deployments are the same, even in similar industries, and predefined solutions would quickly become lowest common denominators, reducing their effectiveness.

, especially the tools needed to take and deploy them onto devices.

Sending Azure functionality to the device

By taking elements of Azure functionality down to the device, you can add pockets of intelligence to devices that sit well beyond what we traditionally think of as the edge of a network. For example, instead of using expensive, and often constrained, bandwidth to send every data point to the cloud, a pump in the Arctic can use a local predictive monitoring model to only report when maintenance is required.

Data offload is an important feature of Azure IoT Edge, whether on the device itself or in an IoT hub. “There’s a very common pattern, which is that expensive asset out on the edge where they want to make sure that’s being monitored in real time and able to take actions even on a low, intermediate or severed network connection,” says Sam George, Microsoft’s director of Azure IoT.

Containers and code run outside the public cloud

By supporting hub devices outside of the public cloud, information from a network of sensors can be aggregated, analyzed, and used to determine actions without having to connect to the public cloud. Because hubs are likely to be high-end ARM-based or x86-based devices, they’re an important part of the overall intelligent edge concept, able to host machine learning model containers and local Azure functions.

lets you use this approach to test IoT interactions with your services, but it also extends the testing to what George calls a “module twin,” which is a subset of a digital twin. Instead of simulating a device, a module twin wraps around a set of containers, providing a way to control state and test how a module will operate on an edge device. You can use module twins to try out new versions of code before deploying them to devices.

A typical example of an edge deployment is updating a machine learning model, where you can remotely adjust input parameters from the Azure portal. By sending a small amount of data to the edge devices to make that change, you can update hundreds of thousands of devices directly. Azure’s built-in IoT deployment tools handle the updates and report back on the state of the updated devices. There’s even the option to deliver updates to a limited number of devices, to test changes in production hardware before running a complete deployment.

Securing IoT devices via TrustZone

While code is important, it’s as important to secure the edge. As part of its Azure IoT tool update, Microsoft is adding support for ARM’s TrustZone secure environment on both NXP and Microchip hardware.

If you’re running your business on IoT hardware, especially SCADA devices, then ensuring your code is trusted is essential. Support for TrustZone will simplify securing the certificates needed to trust both code and connections.