Manage IoT Central from Azure CLI or PowerShell
If you prefer to run CLI reference commands locally, install the Azure CLI. If you're running on Windows or macOS, consider running Azure CLI in a Docker container. For more information, see How to run the Azure CLI in a Docker container.
If you're using a local installation, sign in to the Azure CLI by using the az login command. To finish the authentication process, follow the steps displayed in your terminal. For other sign-in options, see Sign in with the Azure CLI.
When you're prompted, install the Azure CLI extension on first use. For more information about extensions, see Use extensions with the Azure CLI.
You'll need Contributor access to your Azure Subscription to create an IoT Central app. While there may be alternative access levels to create an app, having Contributor level access to the Subscription is the recommended path.
Create an application
Use the az iot central app create command to create an IoT Central application in your Azure subscription. For example:
# Create a resource group for the IoT Central application az group create --location "East US" \ --name "MyIoTCentralResourceGroup"
# Create an IoT Central application az iot central app create \ --resource-group "MyIoTCentralResourceGroup" \ --name "myiotcentralapp" --subdomain "mysubdomain" \ --sku ST1 --template "iotc-pnp-preview" \ --display-name "My Custom Display Name"
These commands first create a resource group in the east US region for the application. The following table describes the parameters used with the az iot central app create command:
|resource-group||The resource group that contains the application. This resource group must already exist in your subscription.|
|location||By default, this command uses the location from the resource group. Currently, you can create an IoT Central application in the Australia East, Canada Central, Central US, East US, East US 2, Japan East, North Europe, South Central US, Southeast Asia, UK South, West Europe, and West US.|
|name||The name of the application in the Azure portal. Avoid special characters - instead, use lower case letters (a-z), numbers (0-9), and dashes (-).|
|subdomain||The subdomain in the URL of the application. In the example, the application URL is
|sku||Currently, you can use either ST1 or ST2. See Azure IoT Central pricing.|
|template||The application template to use. For more information, see the following table.|
|display-name||The name of the application as displayed in the UI.|
|iotc-pnp-preview||Custom application||N/A||Creates an empty application for you to populate with your own device templates and devices.|
|iotc-condition||In-store Analytics – Condition Monitoring||Retail||Creates an application to connect and monitor a store environment.|
|iotc-consumption||Water Consumption Monitoring||Government||Creates an application to monitor and control water flow.|
|iotc-distribution||Digital Distribution Center||Retail||Creates an application to improve warehouse output efficiency by digitizing key assets and actions.|
|iotc-inventory||Smart Inventory Management||Retail||Creates an application to automate receiving, product movement, cycle counting, and tracking.|
|iotc-logistics||Connected Logistics||Retail||Creates an application to track your shipments in real time across air, water, and land with location and condition monitoring.|
|iotc-meter||Smart Meter Analytics||Energy||Creates an application to monitor energy consumption, network status, and identify trends to improve customer support and smart meter management.|
|iotc-mfc||Micro-fulfillment Center||Retail||Creates an application to digitally connect and manage a fully automated fulfillment center.|
|iotc-patient||Continuous Patient Monitoring||Health||Creates an application to extend patient care, reduce readmissions, and manage diseases.|
|iotc-power||Solar Power Monitoring||Energy||Creates an application to monitor solar panel status and energy generation trends.|
|iotc-quality||Water Quality Monitoring||Government||Creates an application to digitally monitor water quality.|
|iotc-store||In-store Analytics – Checkout||Retail||Creates an application to monitor and manage the checkout flow inside your store.|
|iotc-waste||Connected Waste Management||Government||Creates an application to monitor waste bins and dispatch field operators.|
If you've created your own application template, you can use it to create a new application. When asked for an application template, enter the app ID shown in the exported app's URL shareable link under the Application template export section of your app.
Use the az iot central app list command to list your IoT Central applications and view metadata.
Modify an application
Use the az iot central app update command to update the metadata of an IoT Central application. For example, to change the display name of your application:
az iot central app update --name myiotcentralapp \ --resource-group MyIoTCentralResourceGroup \ --set displayName="My new display name"
Delete an application
Use the az iot central app delete command to delete an IoT Central application. For example:
az iot central app delete --name myiotcentralapp \ --resource-group MyIoTCentralResourceGroup
Configure a managed identity
To enable the managed identity, use either the Azure portal - Configure a managed identity or the CLI. You can enable the managed identity when you create an IoT Central application:
# Create an IoT Central application with a managed identity az iot central app create \ --resource-group "MyIoTCentralResourceGroup" \ --name "myiotcentralapp" --subdomain "mysubdomain" \ --sku ST1 --template "iotc-pnp-preview" \ --display-name "My Custom Display Name" \ --mi-system-assigned
Alternatively, you can enable a managed identity on an existing IoT Central application:
# Enable a system-assigned managed identity az iot central app identity assign --name "myiotcentralapp" \ --resource-group "MyIoTCentralResourceGroup" \ --system-assigned
After you enable the managed identity, you can use the CLI to configure the role assignments.
Use the az role assignment create command to create a role assignment. For example, the following commands first retrieve the principal ID of the managed identity. The second command assigns the
Azure Event Hubs Data Sender role to the principal ID in the scope of the
MyIoTCentralResourceGroup resource group:
scope=$(az group show -n "MyIoTCentralResourceGroup" --query "id" --output tsv) spID=$(az iot central app identity show \ --name "myiotcentralapp" \ --resource-group "MyIoTCentralResourceGroup" \ --query "principalId" --output tsv) az role assignment create --assignee $spID --role "Azure Event Hubs Data Sender" \ --scope $scope
To learn more about the role assignments, see:
- Built-in roles for Azure Event Hubs
- Built-in roles for Azure Service Bus
- Built-in roles for Azure Storage Services
Now that you've learned how to manage Azure IoT Central applications from Azure CLI or PowerShell, here's the suggested next step: