Device Update for IoT Hub Resource Management

To get started with Device Update you'll need to create a Device Update account, instance and set access control roles.

Prerequisites

  • Access to an IoT Hub. It is recommended that you use a S1 (Standard) tier or above.
  • Supported browsers:

Create a device update account

  1. Go to Azure portal

  2. Click Create a Resource and search for "Device Update for IoT Hub"

    Screenshot of Device Update for IoT Hub resource.

  3. Click Create -> Device Update for IoT Hub

  4. Specify the Azure Subscription to be associated with your Device Update Account and Resource Group

  5. Specify a Name and Location for your Device Update Account

    Screenshot of account details.

Note

You can go to Azure Products-by-region page to discover the regions where Device Update for IoT Hub is available. If Device Update for IoT Hub is not available in your region you can choose to create an account in an available region closest to you.

  1. Optionally, you can check the box to assign the Device Update administrator role to yourself. You can also use the steps listed in the "Configure access control roles" section to provide a combination of roles to users and applications for the right level of access.

  2. Click Next: Review + create>

    Screenshot of account details review.

  3. Review the details and then select Create. You will see your deployment is in progress.

    Screenshot of account deployment in progress.

  4. You will see the deployment status change to "complete" in a few minutes. Click Go to resource

    Screenshot of account deployment complete.

Create a device update instance

An instance of Device Update is associated with a single IoT hub. Select the IoT hub that will be used with Device Update. We will create a new Shared Access policy during this step to ensure Device Update uses only the required permissions to work with IoT Hub (registry write and service connect). This policy ensures that access is only limited to Device Update.

To create a Device Update instance after an account has been created.

  1. Once you are in your newly created account resource, go to the Instance Management Instances blade

    Screenshot of instance management within account.

  2. Click Create and specify an instance name and select your IoT Hub

    Screenshot of instance details.

    Note

    The IoT Hub you link to your Device Update resource, doesn't need to be in the same region as your Device Update Account. However, for better performance it is recommended that your IoT Hub be in a region same as or close to the region of your Device Update account.

  3. Click Create. You will see the instance in a "Creating" state.

    Screenshot of instance creating.

  4. Allow 5-10 mins for the instance deployment to complete. Refresh the status till you see the "Provisioning State" turn to "Succeeded".

    Screenshot of instance creation succeeded.

Configure IoT Hub

In order for Device Update to receive change notifications from IoT Hub, Device Update integrates with the "Built-In" Event Hub. Clicking the "Configure IoT Hub" button configures the required message routes and access policy required to communicate with IoT devices.

To configure IoT Hub

  1. Once the Instance "Provisioning State" turns to "Succeeded", select the instance in the Instance Management blade. Click Configure IoT Hub

    Screenshot of configuring IoT Hub for an instance.

  2. Select I agree to make these changes

    Screenshot of agreeing to configure IoT Hub for an instance.

  3. Click Update

    Note

    If you are using a Free tier of Azure IoT Hub, the allowed number of message routes are limited to 5. Device Update for IoT Hub needs to configure 4 message routes to work as expected.

Learn about the message routes that are configured.

Configure access control roles

In order for other users to have access to Device Update, users must be granted access to this resource. You can skip this step if you assigned the Device Update administrator role to yourself during account creation and don't need to provide access to additional users or applications.

  1. Go to Access control (IAM) within the Device Update account

    Screenshot of access Control within Device Update account.

  2. Click Add role assignments

  3. Under Role tab, select a Device Update role from the given options

    • Device Update Administrator
    • Device Update Reader
    • Device Update Content Administrator
    • Device Update Content Reader
    • Device Update Deployments Administrator
    • Device Update Deployments Reader

    Screenshot of access Control role assignments within Device Update account.

    Learn about Role-based access control in Device Update for IoT Hub

  4. Click Next

  5. Assign access to a user or Azure AD group

  6. Select members

    Screenshot of access Control member selection within Device Update account.

  7. Click Review + assign

  8. Review the new role assignments and click Review + assign again

  9. You are now ready to use the Device Update experience from within your IoT Hub

Next steps

Try updating a device using one of the following quick tutorials:

Learn about Device update account and instance.

Learn about Device update access control roles.