az iot dps enrollment

Note

This reference is part of the azure-iot extension for Azure CLI and requires version 2.17.1 or higher. The extension will automatically install the first time you run an az iot dps enrollment command. Learn more about extensions.

Manage individual device enrollments in an Azure IoT Hub Device Provisioning Service.

Commands

az iot dps enrollment create

Create an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment delete

Delete an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment list

List individual device enrollments in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment show

Get individual device enrollment details in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment update

Update an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment create

Create an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment create --at {symmetricKey, tpm, x509}
                             --enrollment-id
                             [--allocation-policy {custom, geoLatency, hashed, static}]
                             [--api-version]
                             [--certificate-path]
                             [--device-id]
                             [--dps-name]
                             [--edge-enabled {false, true}]
                             [--ek]
                             [--hn]
                             [--ih]
                             [--initial-twin-properties]
                             [--initial-twin-tags]
                             [--login]
                             [--pk]
                             [--provisioning-status {disabled, enabled}]
                             [--reprovision-policy {never, reprovisionandmigratedata, reprovisionandresetdata}]
                             [--resource-group]
                             [--scp]
                             [--secondary-key]
                             [--webhook-url]

Examples

Create an enrollment '{enrollment_id}' with attestation type 'x509' in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}' with provisioning status 'disabled', device id '{device_id}', initial twin properties '{"location":{"region":"US"}}' and initial twin tags '{"version":"1"}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type x509 --certificate-path /certificates/Certificate.pem --provisioning-status disabled --initial-twin-properties "{'location':{'region':'US'}}" --initial-twin-tags "{'version':'1'}" --device-id {device_id}

Create an enrollment 'MyEnrollment' with attestation type 'tpm' in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89

Create an enrollment 'MyEnrollment' with attestation type 'symmetrickey' in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type symmetrickey --primary-key {primary_key} --secondary-key {secondary_key}

Create an enrollment 'MyEnrollment' with reprovision in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --reprovision-policy {reprovision_type} --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89

Create an enrollment 'MyEnrollment' with static allocation policy in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --allocation-policy static --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --iot-hubs {iot_hub_host_name}

Create an enrollment 'MyEnrollment' with hashed allocation policy and multiple hubs in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --allocation-policy hashed --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --iot-hubs "{iot_hub_host_name1} {iot_hub_host_name2}"

Create an enrollment 'MyEnrollment' with custom allocation policy,

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type symmetrickey --allocation-policy custom --webhook-url {webhook_url} --api-version {api_version}

Required Parameters

--at --attestation-type

Attestation Mechanism used for authentication to the DPS.

accepted values: symmetricKey, tpm, x509
--enrollment-id

Individual device enrollment ID.

Optional Parameters

--allocation-policy --ap

Type of allocation policy to determine how a device is assigned to an IoT Hub. If not provided, the allocation policy will be the current allocation policy default set for the Device Provisioning Service instance.

accepted values: custom, geoLatency, hashed, static
--api-version --av

The API version of the provisioning service types sent in the custom allocation request. Minimum supported version: 2018-09-01-preview.

--certificate-path --cp

The path to the file containing the primary certificate. Required when choosing x509 as attestation type and the secondary certificate path is not provided.

--device-id -d

Device ID registered in the IoT Hub.

--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided.

--edge-enabled --ee

Flag indicating edge enablement.

accepted values: false, true
--ek --endorsement-key

TPM endorsement key for a TPM device. When choosing tpm as attestation type, endorsement key is required.

--hn --iot-hub-host-name

Host name of target IoT Hub. Allocation policy defaults to static if this parameter is provided.

--ih --iot-hubs

Host name of target IoT Hub associated with the allocation policy. Use space-separated list for multiple IoT Hubs.

--initial-twin-properties --props

Initial device twin properties.

--initial-twin-tags --tags

Initial device twin tags.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--provisioning-status --ps

Enable or disable enrollment entry.

accepted values: disabled, enabled
--reprovision-policy --rp

Policy to determine how device data should be handled on re-provision to a different IoT Hub.

accepted values: never, reprovisionandmigratedata, reprovisionandresetdata
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scp --secondary-certificate-path

The path to the file containing the secondary certificate. Required when choosing x509 as attestation type and the primary certificate path is not provided.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--webhook-url --wh

The Azure Function webhook URL used for custom allocation requests.

az iot dps enrollment delete

Delete an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment delete --enrollment-id
                             [--dps-name]
                             [--etag]
                             [--login]
                             [--resource-group]

Required Parameters

--enrollment-id

Individual device enrollment ID.

Optional Parameters

--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided.

--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot dps enrollment list

List individual device enrollments in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment list [--dps-name]
                           [--login]
                           [--resource-group]
                           [--top]

Optional Parameters

--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--top

Maximum number of elements to return. Use -1 for unlimited.

az iot dps enrollment show

Get individual device enrollment details in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment show --enrollment-id
                           [--dps-name]
                           [--keys {false, true}]
                           [--login]
                           [--resource-group]

Examples

Basic usage

az iot dps enrollment show --dps-name {dps_name} -g {resource_group} --enrollment-id {enrollment_id}

Include full attestation information in results for a symmetric key enrollment

az iot dps enrollment show --dps-name {dps_name} -g {resource_group} --enrollment-id {symmetric_key_enrollment_id} --show-keys

Required Parameters

--enrollment-id

Individual device enrollment ID.

Optional Parameters

--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided.

--keys --show-keys

Include attestation keys and information in enrollment results.

accepted values: false, true
--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot dps enrollment update

Update an individual device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment update --enrollment-id
                             [--allocation-policy {custom, geoLatency, hashed, static}]
                             [--api-version]
                             [--certificate-path]
                             [--device-id]
                             [--dps-name]
                             [--edge-enabled {false, true}]
                             [--ek]
                             [--etag]
                             [--hn]
                             [--ih]
                             [--initial-twin-properties]
                             [--initial-twin-tags]
                             [--login]
                             [--pk]
                             [--provisioning-status {disabled, enabled}]
                             [--rc {false, true}]
                             [--remove-secondary-certificate {false, true}]
                             [--reprovision-policy {never, reprovisionandmigratedata, reprovisionandresetdata}]
                             [--resource-group]
                             [--scp]
                             [--secondary-key]
                             [--webhook-url]

Examples

Update enrollment '{enrollment_id}' with a new x509 certificate in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --certificate-path /certificates/NewCertificate.pem --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new endorsement key in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new primary key in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --primary-key {new_primary_key} --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new reprovision type in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --reprovision-policy {reprovision_type} --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new allocation policy in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --allocation-policy geolatency --etag AAAAAAAAAAA= --iot-hubs "{iot_hub_host_name1} {iot_hub_host_name2} {iot_hub_host_name3}"

Update enrollment '{enrollment_id}' in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}' with initial twin properties '{"location":{"region":"USA"}}' and initial twin tags '{"version":"2"}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --initial-twin-properties "{'location':{'region':'USA'}}" --initial-twin-tags "{'version1':'2'}"

Required Parameters

--enrollment-id

Individual device enrollment ID.

Optional Parameters

--allocation-policy --ap

Type of allocation policy to determine how a device is assigned to an IoT Hub. If not provided, the allocation policy will be the current allocation policy default set for the Device Provisioning Service instance.

accepted values: custom, geoLatency, hashed, static
--api-version --av

The API version of the provisioning service types sent in the custom allocation request. Minimum supported version: 2018-09-01-preview.

--certificate-path --cp

The path to the file containing the primary certificate.

--device-id -d

Device ID registered in the IoT Hub.

--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided.

--edge-enabled --ee

Flag indicating edge enablement.

accepted values: false, true
--ek --endorsement-key

TPM endorsement key for a TPM device.

--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--hn --iot-hub-host-name

Host name of target IoT Hub. Allocation policy defaults to static if this parameter is provided.

--ih --iot-hubs

Host name of target IoT Hub associated with the allocation policy. Use space-separated list for multiple IoT Hubs.

--initial-twin-properties --props

Initial device twin properties.

--initial-twin-tags --tags

Initial device twin tags.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--provisioning-status --ps

Enable or disable enrollment entry.

accepted values: disabled, enabled
--rc --remove-certificate

Flag to remove current primary certificate.

accepted values: false, true
--remove-secondary-certificate --rsc

Flag to remove current secondary certificate.

accepted values: false, true
--reprovision-policy --rp

Policy to determine how device data should be handled on re-provision to a different IoT Hub.

accepted values: never, reprovisionandmigratedata, reprovisionandresetdata
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--scp --secondary-certificate-path

The path to the file containing the secondary certificate.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--webhook-url --wh

The Azure Function webhook URL used for custom allocation requests.