Create an IoT hub using the Azure portal

This article describes how to create and manage an IoT hub, using the Azure portal.

Create an IoT hub

This section describes how to create an IoT hub using the Azure portal.

  1. Sign in to the Azure portal.

  2. On the Azure homepage, select the + Create a resource button.

  3. From the Categories menu, select Internet of Things then IoT Hub.

  4. On the Basics tab, complete the fields as follows:

    • Subscription: Select the subscription to use for your hub.

    • Resource group: Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use. To use an existing resource group, select that resource group. For more information, see Manage Azure Resource Manager resource groups.

    • IoT hub name: Enter a name for your hub. This name must be globally unique, with a length between 3 and 50 alphanumeric characters. The name can also include the dash ('-') character.

    • Region: Select the region, closest to you, where you want your hub to be located. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.

    Important

    Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

    Screenshot that shows how to create an IoT hub in the Azure portal.

  5. Select Next: Networking to continue creating your hub.

    Choose the endpoints that devices can use to connect to your IoT hub. Accept the default setting, Public access, for this example.

    Choose the endpoints that can connect.

  6. Select Next: Management to continue creating your hub.

    Set the size and scale for a new hub using the Azure portal.

    Accept the default settings here. If desired, you can modify any of the following fields:

    • Pricing and scale tier: Tier selection depends on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier. For details about other tier options, see Choosing the right IoT Hub tier.

      If you're working through a quickstart, select the free tier.

    • IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, choose two S1 tier units.

    • Microsoft Defender for IoT: Turn Defender on to add an extra layer of protection to IoT and your devices. This option isn't available for hubs in the free tier. Learn more about security recommendations for IoT Hub in Defender for IoT.

    • Role-based access control: This property decides how you manage access to your IoT hub. Allow shared access policies or choose only role-based access control. For more information, see Control access to IoT Hub by using Azure Active Directory.

    • Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.

  7. Select Next: Tags to continue to the next screen.

    Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. In this document, you won't be adding any tags. For more information, see Use tags to organize your Azure resources.

    Assign tags for the hub using the Azure portal.

  8. Select Next: Review + create to review your choices. You see something similar to this screen, but with the values you selected when creating the hub.

    Review information for creating the new hub.

  9. Select Create to start the deployment of your new hub. Your deployment will be in progress a few minutes while the hub is being created. Once the deployment is complete, select Go to resource to open the new hub.

Update the IoT hub

You can change the settings of an existing IoT hub after it's created from the IoT Hub pane. Here are some properties you can set for an IoT hub:

Pricing and scale: Migrate to a different tier or set the number of IoT Hub units.

IP Filter: Specify a range of IP addresses that will be accepted or rejected by the IoT hub.

Properties: A list of properties that you can copy and use elsewhere, such as the resource ID, resource group, location, and so on.

For a complete list of options to update an IoT hub, see the az iot hub update commands reference page.

Shared access policies

You can also view or modify the list of shared access policies by choosing Shared access policies in the Security settings section. These policies define the permissions for devices and services to connect to IoT Hub.

Select Add shared access policy to open the Add shared access policy blade. You can enter the new policy name and the permissions that you want to associate with this policy, as shown in the following screenshot:

Screenshot showing how to add a shared access policy.

  • The Registry Read and Registry Write policies grant read and write access rights to the identity registry. These permissions are used by back-end cloud services to manage device identities. Choosing the write option automatically includes the read option.

  • The Service Connect policy grants permission to access service endpoints. This permission is used by back-end cloud services to send and receive messages from devices. It's also used to update and read device twin and module twin data.

  • The Device Connect policy grants permissions for sending and receiving messages using the IoT Hub device-side endpoints. This permission is used by devices to send and receive messages from an IoT hub or update and read device twin and module twin data. It's also used for file uploads.

Select Add to add your newly created policy to the existing list.

For more detailed information about the access granted by specific permissions, see IoT Hub permissions.

Register a new device in the IoT hub

In this section, you create a device identity in the identity registry in your IoT hub. A device can't connect to a hub unless it has an entry in the identity registry. For more information, see the IoT Hub developer guide.

  1. In your IoT hub navigation menu, open Devices, then select Add Device to add a device in your IoT hub.

    Screen capture that shows how to create a device identity in the portal.

  2. In Create a device, provide a name for your new device, such as myDeviceId, and select Save. This action creates a device identity for your IoT hub. Leave Auto-generate keys checked so that the primary and secondary keys will be generated automatically.

    Screen capture that shows how to add a new device.

    Important

    The device ID may be visible in the logs collected for customer support and troubleshooting, so make sure to avoid any sensitive information while naming it.

  3. After the device is created, open the device from the list in the Devices pane. Copy the Primary Connection String. This connection string is used by device code to communicate with the hub.

    By default, the keys and connection strings are masked as they're sensitive information. If you click the eye icon, they're revealed. It's not necessary to reveal them to copy them with the copy button.

    Screen capture that shows the device connection string.

Note

The IoT Hub identity registry only stores device identities to enable secure access to the IoT hub. It stores device IDs and keys to use as security credentials, and an enabled/disabled flag that you can use to disable access for an individual device. If your application needs to store other device-specific metadata, it should use an application-specific store. For more information, see IoT Hub developer guide.

Message routing for an IoT hub

Select Message Routing under Messaging to see the Message Routing pane, where you define routes and custom endpoints for the hub. Message routing enables you to manage how data is sent from your devices to your endpoints. The first step is to add a new route. Then you can add an existing endpoint to the route, or create a new one of the types supported, such as blob storage.

Routes

Routes is the first tab on the Message Routing pane. To add a new route, select + Add.

Screenshot showing the 'Message Routing' pane with the '+ Add' button.

You see the following screen.

Screenshot showing how to add an endpoint to a route.

Name your route. The route name must be unique within the list of routes for that hub.

For Endpoint, select one from the dropdown list or add a new one. In this example, a storage account and container are already available. To add them as an endpoint, choose + Add next to the Endpoint dropdown and select Blob Storage.

The following screen shows where the storage account and container are specified.

Screenshot showing how to add a storage endpoint for the routing rule.

Add an endpoint name in Endpoint name if needed. Select Pick a container to select the storage account and container. When you've chosen a container then Select, the page returns to the Add a storage endpoint pane. Use the defaults for the rest of the fields and Create to create the endpoint for the storage account and add it to the routing rules.

You return to the Add a route page. For Data source, select Device Telemetry Messages.

Next, add a routing query. In this example, the messages that have an application property called level with a value equal to critical are routed to the storage account.

Screenshot showing how to save a new routing rule.

Select Save to save the routing rule. You return to the Message routing pane, and your new routing rule is displayed.

Custom endpoints

If you have a custom endpoint to add, select the Custom endpoints tab. You see custom endpoints if they were previously created. From here, you can add new endpoints or delete existing endpoints.

Note

If you delete a route, it does not delete the endpoints assigned to that route. To delete an endpoint, select the Custom endpoints tab, select the endpoint you want to delete, then choose Delete.

You can read more about custom endpoints in Reference - IoT hub endpoints.

You can define up to 10 custom endpoints for an IoT hub.

To see a full example of how to use custom endpoints with routing, see Message routing with IoT Hub.

Find a specific IoT hub

Here a few ways to find a specific IoT hub in your subscription:

  1. From the Azure homepage, select the IoT Hub icon. Find and select your IoT hub from the list.

Screenshot showing how to find your IoT hub.

  1. If you know the resource group to which the IoT hub belongs, choose Resource groups, then select the resource group from the list. The resource group screen shows all of the resources in that group, including IoT hubs. Select your hub.

  2. Choose All resources. On the All resources pane, there's a dropdown list that defaults to All types. Select the dropdown list, uncheck Select all. Find IoT Hub and check it. Select the dropdown list box to close it, and the entries will be filtered, showing only your IoT hubs.

Delete the IoT hub

To delete an IoT hub, open your IoT hub in the Azure portal, then choose Delete.

Screenshot showing where to find the delete button for an IoT hub in the Azure portal.

Next steps

Learn more about managing Azure IoT Hub: