Quickstart: Set up the IoT Hub Device Provisioning Service with the Azure portal
The IoT Hub Device Provisioning Service can be used with IoT Hub to enable zero-touch, just-in-time provisioning to the desired IoT hub without requiring human intervention, enabling customers to provision millions of IoT devices in a secure and scalable manner. Azure IoT Hub Device Provisioning Service supports IoT devices with TPM, symmetric key and X.509 certificate authentications. For more information, please refer to IoT Hub Device Provisioning Service overview
In this quickstart, you will learn how to set up the IoT Hub Device Provisioning Service in the Azure Portal for provisioning your devices with the following steps:
- Use the Azure portal to create an IoT Hub
- Use the Azure portal to create an IoT Hub Device Provisioning Service and get the ID scope
- Link the IoT hub to the Device Provisioning Service
If you don't have an Azure subscription, create a free account before you begin.
Create an IoT hub
This section describes how to create an IoT hub using the Azure portal.
Sign in to the Azure portal.
From the Azure homepage, select the + Create a resource button, and then enter IoT Hub in the Search the Marketplace field.
Select IoT Hub from the search results, and then select Create.
On the Basics tab, complete the fields as follows:
Subscription: Select the subscription to use for your hub.
Resource Group: Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use. To use an existing resource group, select that resource group. For more information, see Manage Azure Resource Manager resource groups.
Region: Select the region in which you want your hub to be located. Select the location closest to you. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.
IoT Hub Name: Enter a name for your hub. This name must be globally unique.
Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.
Select Next: Networking to continue creating your hub.
Choose the endpoints that can connect to your IoT Hub. You can select the default setting Public endpoint (all networks), or choose Public endpoint (selected IP ranges), or Private endpoint. Accept the default setting for this example.
Select Next: Management to continue creating your hub.
You can accept the default settings here. If desired, you can modify any of the following fields:
Pricing and scale tier: Your selected tier. You can choose from several tiers, depending on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. It allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier.
If you are working through a Quickstart for IoT Hub device streams, select the free tier.
IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, you choose two S1 tier units. For details about the other tier options, see Choosing the right IoT Hub tier.
Defender for IoT: Turn this on to add an extra layer of threat protection to IoT and your devices. This option is not available for hubs in the free tier. For more information about this feature, see Azure Security Center for IoT.
Advanced Settings > Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.
Select Next: Tags to continue to the next screen.
Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. For more information, see Use tags to organize your Azure resources.
Select Next: Review + create to review your choices. You see something similar to this screen, but with the values you selected when creating the hub.
Select Create to create your new hub. Creating the hub takes a few minutes.
Create a new IoT Hub Device Provisioning Service
Select the + Create a resource button again.
Search the Marketplace for the Device Provisioning Service. Select IoT Hub Device Provisioning Service and hit the Create button.
Provide the following information for your new Device Provisioning Service instance and hit Create.
Name: Provide a unique name for your new Device Provisioning Service instance. If the name you enter is available, a green check mark appears.
Subscription: Choose the subscription that you want to use to create this Device Provisioning Service instance.
Resource group: This field allows you to create a new resource group, or choose an existing one to contain the new instance. Choose the same resource group that contains the Iot hub you created above, for example, TestResources. By putting all related resources in a group together, you can manage them together. For example, deleting the resource group deletes all resources contained in that group. For more information, see Manage Azure Resource Manager resource groups.
Location: Select the closest location to your devices.
Select the notification button to monitor the creation of the resource instance. Once the service is successfully deployed, select Pin to dashboard, and then Go to resource.
Link the IoT hub and your Device Provisioning Service
In this section, you will add a configuration to the Device Provisioning Service instance. This configuration sets the IoT hub for which devices will be provisioned.
Select the All resources button from the left-hand menu of the Azure portal. Select the Device Provisioning Service instance that you created in the preceding section.
If your menu is configured using Flyout instead of the Docked mode in the portal settings, you will need to click the 3 lines at the top left to open the portal menu on the left.
From the Device Provisioning Service's menu, select Linked IoT hubs. Hit the + Add button seen at the top.
On the Add link to IoT hub page, provide the following information to link your new Device Provisioning Service instance to an IoT hub. Then hit Save.
Subscription: Select the subscription containing the IoT hub that you want to link with your new Device Provisioning Service instance.
Iot hub: Select the IoT hub to link with your new Device Provisioning Service instance.
Access Policy: Select iothubowner as the credentials for establishing the link with the IoT hub.
Now you should see the selected hub under the Linked IoT hubs blade. You might need to hit Refresh for it to show up.
Clean up resources
Other quickstarts in this collection build upon this quickstart. If you plan to continue on to work with subsequent quickstarts or with the tutorials, do not clean up the resources created in this quickstart. If you do not plan to continue, use the following steps to delete all resources created by this quickstart in the Azure portal.
- From the left-hand menu in the Azure portal, select All resources and then select your Device Provisioning Service. At the top of the device detail pane, select Delete.
- From the left-hand menu in the Azure portal, select All resources and then select your IoT hub. At the top of the hub detail pane, select Delete.
In this quickstart, you’ve deployed an IoT hub and a Device Provisioning Service instance, and linked the two resources. To learn how to use this setup to provision a simulated device, continue to the quickstart for creating a simulated device.