Get started with device twins (Python)
Device twins are JSON documents that store device state information, including metadata, configurations, and conditions. IoT Hub persists a device twin for each device that connects to it.
Note
The features described in this article are available only in the standard tier of IoT Hub. For more information about the basic and standard/free IoT Hub tiers, see Choose the right IoT Hub tier.
Use device twins to:
Store device metadata from your solution back end.
Report current state information such as available capabilities and conditions, for example, the connectivity method used, from your device app.
Synchronize the state of long-running workflows, such as firmware and configuration updates, between a device app and a back-end app.
Query your device metadata, configuration, or state.
Device twins are designed for synchronization and for querying device configurations and conditions. More information on when to use device twins can be found in Understand device twins.
Device twins are stored in an IoT hub and contain the following elements:
Tags. Device metadata accessible only by the solution back end.
Desired properties. JSON objects modifiable by the solution back end and observable by the device app.
Reported properties. JSON objects modifiable by the device app and readable by the solution back end.
Tags and properties cannot contain arrays, but objects can be nested.
The following illustration shows device twin organization:

Additionally, the solution back end can query device twins based on all the above data. For more information about device twins, see Understand device twins. For more information about querying, see IoT Hub query language.
This tutorial shows you how to:
Create a back-end app that adds tags to a device twin, and a simulated device app that reports its connectivity channel as a reported property on the device twin.
Query devices from your back-end app using filters on the tags and properties previously created.
At the end of this tutorial, you will have two Python console apps:
AddTagsAndQuery.py, a Python back-end app, which adds tags and queries device twins.
ReportConnectivity.py, a Python app, which simulates a device that connects to your IoT hub with the device identity created earlier, and reports its connectivity condition.
Note
IoT Hub has SDK support for many device platforms and languages (including C, Java, Javascript, and Python) through Azure IoT device SDKs. For instructions on how to use Python to connect your device to this tutorial's code, and generally to Azure IoT Hub, see the Azure IoT Python SDK.
Prerequisites
An active Azure account. (If you don't have an account, you can create a free account in just a couple of minutes.)
Python version 3.7 or later is recommended. Make sure to use the 32-bit or 64-bit installation as required by your setup. When prompted during the installation, make sure to add Python to your platform-specific environment variable. For other versions of Python supported, see Azure IoT Device Features in the SDK documentation. If you choose to use Python 2.7, you may need to install or upgrade pip, the Python package management system.
- Make sure that port 8883 is open in your firewall. The device sample in this article uses MQTT protocol, which communicates over port 8883. This port may be blocked in some corporate and educational network environments. For more information and ways to work around this issue, see Connecting to IoT Hub (MQTT).
Create an IoT hub
This section describes how to create an IoT hub using the Azure portal.
Sign in to the Azure portal.
From the Azure homepage, select the + Create a resource button, and then enter IoT Hub in the Search the Marketplace field.
Select IoT Hub from the search results, and then select Create.
On the Basics tab, complete the fields as follows:
Subscription: Select the subscription to use for your hub.
Resource Group: Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use. To use an existing resource group, select that resource group. For more information, see Manage Azure Resource Manager resource groups.
Region: Select the region in which you want your hub to be located. Select the location closest to you. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.
IoT Hub Name: Enter a name for your hub. This name must be globally unique, with a length between 3 and 50 alphanumeric characters. The name can also include the dash (
'-') character.
Important
Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.
Select Next: Networking to continue creating your hub.
Choose the endpoints that devices can use to connect to your IoT Hub. You can select the default setting Public endpoint (all networks), or choose Public endpoint (selected IP ranges), or Private endpoint. Accept the default setting for this example.
Select Next: Management to continue creating your hub.
You can accept the default settings here. If desired, you can modify any of the following fields:
Pricing and scale tier: Your selected tier. You can choose from several tiers, depending on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. It allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier.
If you are working through a Quickstart for IoT Hub device streams, select the free tier.
IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, you choose two S1 tier units. For details about the other tier options, see Choosing the right IoT Hub tier.
Microsoft Defender for IoT: Turn this on to add an extra layer of threat protection to IoT and your devices. This option is not available for hubs in the free tier. Learn more about security recommendations for IoT Hub in Defender for IoT.
Advanced Settings > Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.
Select Next: Tags to continue to the next screen.
Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. In this document, you won't be adding any tags. For more information, see Use tags to organize your Azure resources.
Select Next: Review + create to review your choices. You see something similar to this screen, but with the values you selected when creating the hub.
Select Create to start the deployment of your new hub. Your deployment will be in progress a few minutes while the hub is being created. Once the deployment is complete, select Go to resource to open the new hub.
Register a new device in the IoT hub
In this section, you create a device identity in the identity registry in your IoT hub. A device cannot connect to a hub unless it has an entry in the identity registry. For more information, see the IoT Hub developer guide.
In your IoT hub navigation menu, open Devices, then select Add Device to add a device in your IoT hub.
In Create a device, provide a name for your new device, such as myDeviceId, and select Save. This action creates a device identity for your IoT hub. Leave Auto-generate keys checked so that the primary and secondary keys will be generated automatically.
Important
The device ID may be visible in the logs collected for customer support and troubleshooting, so make sure to avoid any sensitive information while naming it.
After the device is created, open the device from the list in the Devices pane. Copy the Primary Connection String. This connection string is used by device code to communicate with the hub.
By default, the keys and connection strings are masked as they are sensitive information. If you click the eye icon, they are revealed. It is not necessary to reveal them to copy them with the copy button.
Note
The IoT Hub identity registry only stores device identities to enable secure access to the IoT hub. It stores device IDs and keys to use as security credentials, and an enabled/disabled flag that you can use to disable access for an individual device. If your application needs to store other device-specific metadata, it should use an application-specific store. For more information, see IoT Hub developer guide.
Get the IoT hub connection string
In this article, you create a back-end service that adds desired properties to a device twin and then queries the identity registry to find all devices with reported properties that have been updated accordingly. Your service needs the service connect permission to modify desired properties of a device twin, and it needs the registry read permission to query the identity registry. There is no default shared access policy that contains only these two permissions, so you need to create one.
To create a shared access policy that grants service connect and registry read permissions and get a connection string for this policy, follow these steps:
In the Azure portal, select Resource groups. Select the resource group where your hub is located, and then select your hub from the list of resources.
On the left-side pane of your hub, select Shared access policies.
From the top menu above the list of policies, select Add.
Under Add shared access policy, enter a descriptive name for your policy, such as serviceAndRegistryRead. Under Permissions, select Registry read and Service connect, and then select Add.
Select your new policy from the list of policies.
Select the copy icon for the Primary connection string and save the value.
For more information about IoT Hub shared access policies and permissions, see Access control and permissions.
Create the service app
In this section, you create a Python console app that adds location metadata to the device twin associated with your {Device ID}. It then queries the device twins stored in the IoT hub selecting the devices located in Redmond, and then the ones that are reporting a cellular connection.
In your working directory, open a command prompt and install the Azure IoT Hub Service SDK for Python.
pip install azure-iot-hubUsing a text editor, create a new AddTagsAndQuery.py file.
Add the following code to import the required modules from the service SDK:
import sys from time import sleep from azure.iot.hub import IoTHubRegistryManager from azure.iot.hub.models import Twin, TwinProperties, QuerySpecification, QueryResultAdd the following code. Replace
[IoTHub Connection String]with the IoT hub connection string you copied in Get the IoT hub connection string. Replace[Device Id]with the device ID you registered in Register a new device in the IoT hub.IOTHUB_CONNECTION_STRING = "[IoTHub Connection String]" DEVICE_ID = "[Device Id]"Add the following code to the AddTagsAndQuery.py file:
def iothub_service_sample_run(): try: iothub_registry_manager = IoTHubRegistryManager(IOTHUB_CONNECTION_STRING) new_tags = { 'location' : { 'region' : 'US', 'plant' : 'Redmond43' } } twin = iothub_registry_manager.get_twin(DEVICE_ID) twin_patch = Twin(tags=new_tags, properties= TwinProperties(desired={'power_level' : 1})) twin = iothub_registry_manager.update_twin(DEVICE_ID, twin_patch, twin.etag) # Add a delay to account for any latency before executing the query sleep(1) query_spec = QuerySpecification(query="SELECT * FROM devices WHERE tags.location.plant = 'Redmond43'") query_result = iothub_registry_manager.query_iot_hub(query_spec, None, 100) print("Devices in Redmond43 plant: {}".format(', '.join([twin.device_id for twin in query_result.items]))) print() query_spec = QuerySpecification(query="SELECT * FROM devices WHERE tags.location.plant = 'Redmond43' AND properties.reported.connectivity = 'cellular'") query_result = iothub_registry_manager.query_iot_hub(query_spec, None, 100) print("Devices in Redmond43 plant using cellular network: {}".format(', '.join([twin.device_id for twin in query_result.items]))) except Exception as ex: print("Unexpected error {0}".format(ex)) return except KeyboardInterrupt: print("IoT Hub Device Twin service sample stopped")The IoTHubRegistryManager object exposes all the methods required to interact with device twins from the service. The code first initializes the IoTHubRegistryManager object, then updates the device twin for DEVICE_ID, and finally runs two queries. The first selects only the device twins of devices located in the Redmond43 plant, and the second refines the query to select only the devices that are also connected through a cellular network.
Add the following code at the end of AddTagsAndQuery.py to implement the iothub_service_sample_run function:
if __name__ == '__main__': print("Starting the Python IoT Hub Device Twin service sample...") print() iothub_service_sample_run()Run the application with:
python AddTagsAndQuery.pyYou should see one device in the results for the query asking for all devices located in Redmond43 and none for the query that restricts the results to devices that use a cellular network.

In the next section, you create a device app that reports the connectivity information and changes the result of the query in the previous section.
Create the device app
In this section, you create a Python console app that connects to your hub as your {Device ID}, and then updates its device twin's reported properties to contain the information that it is connected using a cellular network.
From a command prompt in your working directory, install the Azure IoT Hub Device SDK for Python:
pip install azure-iot-deviceUsing a text editor, create a new ReportConnectivity.py file.
Add the following code to import the required modules from the device SDK:
import time from azure.iot.device import IoTHubModuleClientAdd the following code. Replace the
[IoTHub Device Connection String]placeholder value with the device connection string you copied in Register a new device in the IoT hub.CONNECTION_STRING = "[IoTHub Device Connection String]"Add the following code to the ReportConnectivity.py file to instantiate a client and implement the device twins functionality:
def create_client(): # Instantiate client client = IoTHubModuleClient.create_from_connection_string(CONNECTION_STRING) # Define behavior for receiving twin desired property patches def twin_patch_handler(twin_patch): print("Twin patch received:") print(twin_patch) try: # Set handlers on the client client.on_twin_desired_properties_patch_received = twin_patch_handler except: # Clean up in the event of failure client.shutdown() return clientAdd the following code at the end of ReportConnectivity.py to run the application:
def main(): print ( "Starting the Python IoT Hub Device Twin device sample..." ) client = create_client() print ( "IoTHubModuleClient waiting for commands, press Ctrl-C to exit" ) try: # Update reported properties with cellular information print ( "Sending data as reported property..." ) reported_patch = {"connectivity": "cellular"} client.patch_twin_reported_properties(reported_patch) print ( "Reported properties updated" ) # Wait for program exit while True: time.sleep(1000000) except KeyboardInterrupt: print ("IoT Hub Device Twin device sample stopped") finally: # Graceful exit print("Shutting down IoT Hub Client") client.shutdown() if __name__ == '__main__': main()Run the device app:
python ReportConnectivity.pyYou should see confirmation the device twin reported properties were updated.

Now that the device reported its connectivity information, it should appear in both queries. Go back and run the queries again:
python AddTagsAndQuery.pyThis time your {Device ID} should appear in both query results.

In your device app, you'll see confirmation that the desired properties twin patch sent by the service app was received.

Next steps
In this tutorial, you configured a new IoT hub in the Azure portal, and then created a device identity in the IoT hub's identity registry. You added device metadata as tags from a back-end app, and wrote a simulated device app to report device connectivity information in the device twin. You also learned how to query this information using the registry.
Use the following resources to learn how to:
Send telemetry from devices with the Get started with IoT Hub tutorial.
Configure devices using device twin's desired properties with the Use desired properties to configure devices tutorial.
Control devices interactively (such as turning on a fan from a user-controlled app), with the Use direct methods quickstart.