Microsoft.Devices provisioningServices 2020-09-01-preview

The provisioningServices resource type can be deployed to: Resource groups.

To learn about resource group deployments, see Bicep or ARM template.

Template format

To create a Microsoft.Devices/provisioningServices resource, add the following Bicep or JSON to your template.

resource symbolicname 'Microsoft.Devices/provisioningServices@2020-09-01-preview' = {
  name: 'string'
  location: 'string'
  tags: {
    tagName1: 'tagValue1'
    tagName2: 'tagValue2'
  sku: {
    capacity: int
    name: 'S1'
  etag: 'string'
  identity: {
    identityType: 'string'
    userAssignedIdentities: {}
  properties: {
    allocationPolicy: 'string'
    authorizationPolicies: [
        keyName: 'string'
        primaryKey: 'string'
        rights: 'string'
        secondaryKey: 'string'
    encryption: {
      identity: {
        userAssignedIdentity: 'string'
      keySource: 'string'
      keyVaultProperties: [
          keyIdentifier: 'string'
    iotHubs: [
        allocationWeight: int
        applyAllocationPolicy: bool
        connectionString: 'string'
        location: 'string'
    ipFilterRules: [
        action: 'string'
        filterName: 'string'
        ipMask: 'string'
        target: 'string'
    privateEndpointConnections: [
        properties: {
          privateEndpoint: {}
          privateLinkServiceConnectionState: {
            actionsRequired: 'string'
            description: 'string'
            status: 'string'
    provisioningState: 'string'
    publicNetworkAccess: 'string'
    state: 'string'

Property values


Name Description Value
type The resource type

For Bicep, set this value in the resource declaration.
apiVersion The resource api version

For Bicep, set this value in the resource declaration.
name The resource name string (required)
location The resource location. string (required)
tags The resource tags. Dictionary of tag names and values. See Tags in templates
sku List of possible provisioning service SKUs. IotDpsSkuInfo (required)
etag The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. string
identity The set of ARM identities associated with the IoT DPS resource. ArmIdentity
properties the service specific properties of a provisioning service, including keys, linked iot hubs, current state, and system generated properties such as hostname and idScope IotDpsPropertiesDescription (required)


Name Description Value
identityType Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned. string
userAssignedIdentities The set of UserAssigned identities associated with the IoT DPS resource. object


Name Description Value
allocationPolicy Allocation policy to be used by this provisioning service. 'GeoLatency'
authorizationPolicies List of authorization keys for a provisioning service. SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption The customer-managed encryption key (CMK) properties for the IoT DPS instance. EncryptionPropertiesDescription
iotHubs List of IoT hubs associated with this provisioning service. IotHubDefinitionDescription[]
ipFilterRules The IP filter rules. IpFilterRule[]
privateEndpointConnections Private endpoint connections created on this IotHub PrivateEndpointConnection[]
provisioningState The ARM provisioning state of the provisioning service. string
publicNetworkAccess Whether requests from Public Network are allowed 'Disabled'
state Current state of the provisioning service. 'Activating'


Name Description Value
keyName Name of the key. string (required)
primaryKey Primary SAS key value. string
rights Rights that this key has. 'DeviceConnect'
secondaryKey Secondary SAS key value. string


Name Description Value
identity The properties of the identity used to access the key encryption key in KeyVault. EncryptionKeyIdentity
keySource The source of the encryption key. Typically, Microsoft.KeyVault string
keyVaultProperties The properties of the encryption key configured in KeyVault. KeyVaultKeyProperties[]


Name Description Value
userAssignedIdentity The user assigned identity. string


Name Description Value
keyIdentifier The identifier of the key. string


Name Description Value
allocationWeight weight to apply for a given iot h. int
applyAllocationPolicy flag for applying allocationPolicy or not for a given iot hub. bool
connectionString Connection string of the IoT hub. string (required)
location ARM region of the IoT hub. string (required)


Name Description Value
action The desired action for requests captured by this rule. 'Accept'
filterName The name of the IP filter rule. string (required)
ipMask A string that contains the IP address range in CIDR notation for the rule. string (required)
target Target for requests captured by this rule. 'all'


Name Description Value
properties The properties of a private endpoint connection PrivateEndpointConnectionProperties (required)


Name Description Value
privateEndpoint The private endpoint property of a private endpoint connection PrivateEndpoint
privateLinkServiceConnectionState The current state of a private endpoint connection PrivateLinkServiceConnectionState (required)


This object doesn't contain any properties to set during deployment. All properties are ReadOnly.


Name Description Value
actionsRequired Actions required for a private endpoint connection string
description The description for the current state of a private endpoint connection string (required)
status The status of a private endpoint connection 'Approved'


Name Description Value
capacity The number of units to provision int
name Sku name. 'S1'

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create an IOT Hub and Ubuntu edge simulator.

Deploy to Azure
This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator.
Create an IoT Hub Device Provisioning Service

Deploy to Azure
This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together.