Claim your device

Every device must be "claimed" by an Azure Sphere tenant. Claiming the device associates its unique, immutable device ID with your Azure Sphere tenant. The Azure Sphere Security Service uses the device ID to identify and authenticate the device.

We recommend that each company or organization create only one Azure Sphere tenant.


Claiming is a one-time operation that you cannot undo even if the device is sold or transferred to another person or organization. A device can be claimed only once. Once claimed, the device is permanently associated with the Azure Sphere tenant.

Before you claim your device, complete these steps to ensure that you use the right work/school account to create and access your Azure Sphere tenant. Your device must be connected to your PC before you create the tenant, and you can only use the device to create a single tenant.

To claim your device:

  1. Connect your device to your PC.

  2. Open an Azure Sphere Developer Command Prompt, which is available in the Start menu under Azure Sphere.

  3. Sign in to Azure Sphere, using your work or school account:

    azsphere login

    If you have not yet logged in as this user, you will need to use the password that was auto-generated during sign-up and you will be prompted to change your password.

    Upon successful login, you should see a message informing you whether an Azure Sphere tenant exists for this directory.

  4. If no Azure Sphere tenant exists, create one. Replace <my-tenant> with a name that others in your organization will recognize, such as "Contoso Ltd" or "Contoso Dishwasher Division." If the name includes spaces, enclose it in quotation marks. You can create only one tenant per device.

    azsphere tenant create --name <my-tenant>

    You will be prompted to log in again. Be sure to log in with the account that you will use to manage your Azure Sphere devices.

    If a tenant already exists, do not create another one unless your company or organization requires more than one tenant. If you are absolutely certain that you want to create another one, use the following command:

    azsphere tenant create --force --name <my-tenant>

  5. Claim your device. After you claim your device into a tenant, you cannot move it to a different tenant.

    azsphere device claim

    You should see output like this:

    Claiming device.
    Claiming attached device ID 'ABCDE082513B529C45098884F882B2CA6D832587CAAE1A90B1CEC4A376EA2F22A96C4E7E1FC4D2AFF5633B68DB68FF4420A5588B420851EE4F3F1A7DC51399ED' into tenant ID 'd343c263-4aa3-4558-adbb-d3fc34631800'.
    Successfully claimed device ID 'ABCDE082513B529C45098884F882B2CA6D832587CAAE1A90B1CEC4A376EA2F22A96C4E7E1FC4D2AFF5633B68DB68FF4420A5588B420851EE4F3F1A7DC51399ED' into tenant ID 'd343c263-4aa3-4558-adbb-d3fc34631800'.
    Command completed successfully in 00:00:05.5459143.

If azsphere returns an error, see Troubleshooting for help.


By default, everyone who can log in with a work or school account to your Azure Active Directory can access your Azure Sphere tenant and push new or modified applications to your Azure Sphere devices. To ensure greater security, you or your IT administrator can limit access to your tenant by setting enterprise application permissions for the Azure Sphere Utility.

Next steps