Quickstart: Set up the IoT Hub Device Provisioning Service with the Azure portal
In this quickstart, you will learn how to set up the IoT Hub Device Provisioning Service in the Azure portal. The IoT Hub Device Provisioning Service enables zero-touch, just-in-time device provisioning to any IoT hub. The Device Provisioning Service enables customers to provision millions of IoT devices in a secure and scalable manner, without requiring human intervention. Azure IoT Hub Device Provisioning Service supports IoT devices with TPM, symmetric key, and X.509 certificate authentications. For more information, please refer to IoT Hub Device Provisioning Service overview.
To provision your devices, you will:
- Use the Azure portal to create an IoT Hub
- Use the Azure portal to create an IoT Hub Device Provisioning Service
- Link the IoT hub to the Device Provisioning Service
You'll need an Azure subscription to begin with this article. You can create a free account, if you haven't already.
Create an IoT hub
This section describes how to create an IoT hub using the Azure portal.
Sign in to the Azure portal.
On the Azure homepage, select the + Create a resource button.
From the Categories menu, select Internet of Things then IoT Hub.
On the Basics tab, complete the fields as follows:
Subscription: Select the subscription to use for your hub.
Resource group: Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use. To use an existing resource group, select that resource group. For more information, see Manage Azure Resource Manager resource groups.
IoT hub name: Enter a name for your hub. This name must be globally unique, with a length between 3 and 50 alphanumeric characters. The name can also include the dash (
Region: Select the region, closest to you, where you want your hub to be located. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.
Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.
Select Next: Networking to continue creating your hub.
Choose the endpoints that devices can use to connect to your IoT hub. Accept the default setting, Public access, for this example.
Select Next: Management to continue creating your hub.
Accept the default settings here. If desired, you can modify any of the following fields:
Pricing and scale tier: Tier selection depends on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier. For details about other tier options, see Choosing the right IoT Hub tier.
If you're working through a quickstart, select the free tier.
IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, choose two S1 tier units.
Microsoft Defender for IoT: Turn Defender on to add an extra layer of protection to IoT and your devices. This option isn't available for hubs in the free tier. Learn more about security recommendations for IoT Hub in Defender for IoT.
Role-based access control: This property decides how you manage access to your IoT hub. Allow shared access policies or choose only role-based access control. For more information, see Control access to IoT Hub by using Azure Active Directory.
Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.
Select Next: Tags to continue to the next screen.
Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. In this document, you won't be adding any tags. For more information, see Use tags to organize your Azure resources.
Select Next: Review + create to review your choices. You see something similar to this screen, but with the values you selected when creating the hub.
Select Create to start the deployment of your new hub. Your deployment will be in progress a few minutes while the hub is being created. Once the deployment is complete, select Go to resource to open the new hub.
Create a new IoT Hub Device Provisioning Service
In the Azure portal, select + Create a resource .
From the Categories menu, select Internet of Things then IoT Hub Device Provisioning Service.
Enter the following information:
Name: Provide a unique name for your new Device Provisioning Service instance. If the name you enter is available, a green check mark appears.
Subscription: Choose the subscription that you want to use to create this Device Provisioning Service instance.
Resource group: This field allows you to create a new resource group, or choose an existing one to contain the new instance. Choose the same resource group that contains the Iot hub you created in the previous steps. By putting all related resources in a group together, you can manage them together. For example, deleting the resource group deletes all resources contained in that group. For more information, see Manage Azure Resource Manager resource groups.
Location: Select a location that's close to your devices. For resiliency and reliability, we recommend deploying to one of the regions that support Availability Zones.
Select Review + Create to validate your provisioning service.
After the deployment successfully completes, select Go to resource to view your Device Provisioning Service instance.
Link the IoT hub and your Device Provisioning Service
In this section, you'll add a configuration to the Device Provisioning Service instance. This configuration sets the IoT hub for which devices will be provisioned.
In the Settings menu, select Linked IoT hubs.
Select + Add.
On the Add link to IoT hub panel, provide the following information:
Subscription: Select the subscription containing the IoT hub that you want to link with your new Device Provisioning Service instance.
Iot hub: Select the IoT hub to link with your new Device Provisioning Service instance.
Access Policy: Select iothubowner as the credentials for establishing the link with the IoT hub.
Select Refresh. Now you should see the selected hub under the Linked IoT hubs blade.
Clean up resources
The rest of the Device Provisioning Service quickstarts and tutorials use the resources that you created in this quickstart. However, if you don't plan on doing any more quickstarts or tutorials, you'll want to delete those resources.
To clean up resources in the Azure portal:
From the left-hand menu in the Azure portal, select All resources.
Select your Device Provisioning Service.
At the top of the device detail pane, select Delete.
From the left-hand menu in the Azure portal, select All resources.
Select your IoT hub.
At the top of the hub detail pane, select Delete.
Provision a simulated device with IoT hub and the Device Provisioning Service:
Submit and view feedback for