Manage and monitor IoT Central from the Azure portal

You can use the Azure portal to create, manage, and monitor IoT Central applications.

Create IoT Central applications

Warning

You'll need Contributor access to your Azure Subscription to create an IoT Central app. While there may be alternative access levels to create an app, having Contributor level access to the Subscription is the recommended path.

To create an application, navigate to the IoT Central Application page in the Azure portal:

Screenshot that shows the Azure portal form for creating an I o T Central application.

  • Resource name is a unique name you can choose for your IoT Central application in your Azure resource group.

  • Application URL is the URL you can use to access your application.

  • Template is the type of IoT Central application you want to create. You can create a new application either from the list of industry-relevant templates to help you get started quickly, or start from scratch using the Custom application template.

  • Location is the Azure region where you'd like to create your application. Typically, you should choose the location that's physically closest to your devices to get optimal performance. For a list of the regions where Azure IoT Central is currently available, see Availability by region.

    Once you choose a location, you can't later move your application to a different location.

After filling out all fields, select Create. To learn more, see Create an IoT Central application.

Manage existing IoT Central applications

If you already have an Azure IoT Central application, you can delete it, or move it to a different subscription or resource group in the Azure portal.

To get started, search for your application in the search bar at the top of the Azure portal. You can also view all your applications by searching for IoT Central Applications and selecting the service:

Screenshot that shows the search results for I o T Central Applications with the first service selected.

When you select an application in the search results, the Azure portal shows you its overview. You can navigate to the application by selecting the IoT Central Application URL:

Screenshot that shows the Overview page with the I o T Central Application URL highlighted.

Note

Use the IoT Central Application URL to access the application for the first time.

To move the application to a different resource group, select move beside Resource group. On the Move resources page, choose the resource group you'd like to move this application to.

To move the application to a different subscription, select move beside Subscription. On the Move resources page, choose the subscription you'd like to move this application to:

Screenshot that shows the Overview page with the Resource group (move) highlighted.

Manage networking

You can use private IP addresses from a virtual network address space to manage your devices in IoT Central application to eliminate exposure on the public internet. To learn more, see Create and configure a private endpoint for IoT Central

Configure a managed identity

When you configure a data export in your IoT Central application, you can choose to configure the connection to the destination with a connection string or a managed identity. Managed identities are more secure because:

  • You don't store the credentials for your resource in a connection string in your IoT Central application.
  • The credentials are automatically tied to the lifetime of your IoT Central application.
  • Managed identities automatically rotate their security keys regularly.

IoT Central currently uses system-assigned managed identities. To create the managed identity for your application, you use either the Azure portal or the REST API.

Note

You can only add a managed identity to an IoT Central application that was created in a region. All new applications are created in a region. To learn more, see Updates.

When you configure a managed identity, the configuration includes a scope and a role:

  • The scope defines where you can use the managed identity. For example, you can use an Azure resource group as the scope. In this case, both the IoT Central application and the destination must be in the same resource group.
  • The role defines what permissions the IoT Central application is granted in the destination service. For example, for an IoT Central application to send data to an event hub, the managed identity needs the Azure Event Hubs Data Sender role assignment.

To configure the managed identity that enables your IoT Central application to securely export data to your Azure resource:

  1. In the Azure portal, navigate to your IoT Central application.

    Tip

    By default, IoT Central applications are created in the IOTC resource group in your subscription.

  2. Select Identity. Then on the System assigned page, change the status to On, and then select Save.

  3. After a few seconds, the system assigned managed identity for your IoT Central application is enabled and you can select Azure role assignments:

    Screenshot of identity page for IoT Central application in the Azure portal.

  4. On the Azure role assignments page, select + Add role assignment.

You can configure role assignments in the Azure portal or use the Azure CLI:

Monitor application health

You can use the set of metrics provided by IoT Central to assess the health of devices connected to your IoT Central application and the health of your running data exports.

Note

IoT Central applications have an internal audit log to track activity within the application.

Metrics are enabled by default for your IoT Central application and you access them from the Azure portal. The Azure Monitor data platform exposes these metrics and provides several ways for you to interact with them. For example, you can use charts in the Azure portal, a REST API, or queries in PowerShell or the Azure CLI.

Access to metrics in the Azure portal is managed by Azure role based access control. Use the Azure portal to add users to the IoT Central application/resource group/subscription to grant them access. You must add a user in the portal even they're already added to the IoT Central application. Use Azure built-in roles for finer grained access control.

View metrics in the Azure portal

The following example Metrics page shows a plot of the number of devices connected to your IoT Central application. For a list of the metrics that are currently available for IoT Central, see Supported metrics with Azure Monitor.

To view IoT Central metrics in the portal:

  1. Navigate to your IoT Central application resource in the portal. By default, IoT Central resources are located in a resource group called IOTC.
  2. To create a chart from your application's metrics, select Metrics in the Monitoring section.

Screenshot that shows example metrics in the Azure portal.

Export logs and metrics

Use the Diagnostics settings page to configure exporting metrics and logs to different destinations. To learn more, see Diagnostic settings in Azure Monitor.

Analyze logs and metrics

Use the Workbooks page to analyze logs and create visual reports. To learn more, see Azure Workbooks.

Metrics and invoices

Metrics may differ from the numbers shown on your Azure IoT Central invoice. This situation occurs for a number of reasons such as:

  • IoT Central standard pricing plans include two devices and varying message quotas for free. While the free items are excluded from billing, they're still counted in the metrics.

  • IoT Central autogenerates one test device ID for each device template in the application. This device ID is visible on the Manage test device page for a device template. You may choose to validate your device templates before publishing them by generating code that uses these test device IDs. While these devices are excluded from billing, they're still counted in the metrics.

  • While metrics may show a subset of device-to-cloud communication, all communication between the device and the cloud counts as a message for billing.

Monitor connected IoT Edge devices

To learn how to remotely monitor your IoT Edge fleet using Azure Monitor and built-in metrics integration, see Collect and transport metrics.

Next steps

Now that you've learned how to manage and monitor Azure IoT Central applications from the Azure portal, here is the suggested next step: