Microsoft.Devices provisioningServices 2020-09-01-preview

• Latest
• 2025-02-01-preview
• 2023-03-01-preview
• 2022-12-12
• 2022-02-05
• 2021-10-15
• 2020-09-01-preview
• 2020-03-01
• 2020-01-01
• 2018-01-22
• 2017-11-15
• 2017-08-21-preview

Bicep resource definition

The provisioningServices resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Devices/provisioningServices@2020-09-01-preview' = {
  etag: 'string'
  identity: {
    identityType: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    allocationPolicy: 'string'
    authorizationPolicies: [
      {
        keyName: 'string'
        primaryKey: 'string'
        rights: 'string'
        secondaryKey: 'string'
      }
    ]
    encryption: {
      identity: {
        userAssignedIdentity: 'string'
      }
      keySource: 'string'
      keyVaultProperties: [
        {
          keyIdentifier: 'string'
        }
      ]
    }
    iotHubs: [
      {
        allocationWeight: int
        applyAllocationPolicy: bool
        connectionString: 'string'
        location: 'string'
      }
    ]
    ipFilterRules: [
      {
        action: 'string'
        filterName: 'string'
        ipMask: 'string'
        target: 'string'
      }
    ]
    privateEndpointConnections: [
      {
        properties: {
          privateEndpoint: {}
          privateLinkServiceConnectionState: {
            actionsRequired: 'string'
            description: 'string'
            status: 'string'
          }
        }
      }
    ]
    provisioningState: 'string'
    publicNetworkAccess: 'string'
    state: 'string'
  }
  sku: {
    capacity: int
    name: 'string'
  }
  tags: {
    {customized property}: 'string'
  }
}

Property values

ArmIdentity

Name	Description	Value
identityType	Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned.	string
userAssignedIdentities	The set of UserAssigned identities associated with the IoT DPS resource.	ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name	Description	Value

ArmUserIdentity

Name	Description	Value

EncryptionKeyIdentity

Name	Description	Value
userAssignedIdentity	The user assigned identity.	string

EncryptionPropertiesDescription

Name	Description	Value
identity	The identity used to access the encryption key in KeyVault.	EncryptionKeyIdentity
keySource	The source of the encryption key. Typically, Microsoft.KeyVault	string
keyVaultProperties	The properties of the encryption key configured in KeyVault.	KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name	Description	Value
allocationPolicy	Allocation policy to be used by this provisioning service.	'GeoLatency' 'Hashed' 'Static'
authorizationPolicies	List of authorization keys for a provisioning service.	SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption	The encryption properties for the IoT DPS instance.	EncryptionPropertiesDescription
iotHubs	List of IoT hubs associated with this provisioning service.	IotHubDefinitionDescription[]
ipFilterRules	The IP filter rules.	IpFilterRule[]
privateEndpointConnections	Private endpoint connections created on this IotHub	PrivateEndpointConnection[]
provisioningState	The ARM provisioning state of the provisioning service.	string
publicNetworkAccess	Whether requests from Public Network are allowed	'Disabled' 'Enabled'
state	Current state of the provisioning service.	'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning'

IotDpsSkuInfo

Name	Description	Value
capacity	The number of units to provision	int
name	Sku name.	'S1'

IotHubDefinitionDescription

Name	Description	Value
allocationWeight	weight to apply for a given iot h.	int
applyAllocationPolicy	flag for applying allocationPolicy or not for a given iot hub.	bool
connectionString	Connection string of the IoT hub.	string (required)
location	ARM region of the IoT hub.	string (required)

IpFilterRule

Name	Description	Value
action	The desired action for requests captured by this rule.	'Accept' 'Reject' (required)
filterName	The name of the IP filter rule.	string (required)
ipMask	A string that contains the IP address range in CIDR notation for the rule.	string (required)
target	Target for requests captured by this rule.	'all' 'deviceApi' 'serviceApi'

KeyVaultKeyProperties

Name	Description	Value
keyIdentifier	The identifier of the key.	string

Microsoft.Devices/provisioningServices

Name	Description	Value
etag	The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention.	string
identity	The managed identities for the IotDps instance.	ArmIdentity
location	The resource location.	string (required)
name	The resource name	string (required)
properties	Service specific properties for a provisioning service	IotDpsPropertiesDescription (required)
sku	Sku info for a provisioning Service.	IotDpsSkuInfo (required)
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

PrivateEndpoint

Name	Description	Value

PrivateEndpointConnection

Name	Description	Value
properties	The properties of a private endpoint connection	PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name	Description	Value
privateEndpoint	The private endpoint property of a private endpoint connection	PrivateEndpoint
privateLinkServiceConnectionState	The current state of a private endpoint connection	PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name	Description	Value
actionsRequired	Actions required for a private endpoint connection	string
description	The description for the current state of a private endpoint connection	string (required)
status	The status of a private endpoint connection	'Approved' 'Disconnected' 'Pending' 'Rejected' (required)

ResourceTags

Name	Description	Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name	Description	Value
keyName	Name of the key.	string (required)
primaryKey	Primary SAS key value.	string
rights	Rights that this key has.	'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required)
secondaryKey	Secondary SAS key value.	string

Quickstart samples

The following quickstart samples deploy this resource type.

Bicep File	Description
Create an IoT Hub Device Provisioning Service	This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together.

ARM template resource definition

The provisioningServices resource type can be deployed with operations that target:

• Resource groups - See resource group deployment commands

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following JSON to your template.

{
  "type": "Microsoft.Devices/provisioningServices",
  "apiVersion": "2020-09-01-preview",
  "name": "string",
  "etag": "string",
  "identity": {
    "identityType": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "allocationPolicy": "string",
    "authorizationPolicies": [
      {
        "keyName": "string",
        "primaryKey": "string",
        "rights": "string",
        "secondaryKey": "string"
      }
    ],
    "encryption": {
      "identity": {
        "userAssignedIdentity": "string"
      },
      "keySource": "string",
      "keyVaultProperties": [
        {
          "keyIdentifier": "string"
        }
      ]
    },
    "iotHubs": [
      {
        "allocationWeight": "int",
        "applyAllocationPolicy": "bool",
        "connectionString": "string",
        "location": "string"
      }
    ],
    "ipFilterRules": [
      {
        "action": "string",
        "filterName": "string",
        "ipMask": "string",
        "target": "string"
      }
    ],
    "privateEndpointConnections": [
      {
        "properties": {
          "privateEndpoint": {
          },
          "privateLinkServiceConnectionState": {
            "actionsRequired": "string",
            "description": "string",
            "status": "string"
          }
        }
      }
    ],
    "provisioningState": "string",
    "publicNetworkAccess": "string",
    "state": "string"
  },
  "sku": {
    "capacity": "int",
    "name": "string"
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property values

ArmIdentity

Name	Description	Value
identityType	Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned.	string
userAssignedIdentities	The set of UserAssigned identities associated with the IoT DPS resource.	ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name	Description	Value

ArmUserIdentity

Name	Description	Value

EncryptionKeyIdentity

Name	Description	Value
userAssignedIdentity	The user assigned identity.	string

EncryptionPropertiesDescription

Name	Description	Value
identity	The identity used to access the encryption key in KeyVault.	EncryptionKeyIdentity
keySource	The source of the encryption key. Typically, Microsoft.KeyVault	string
keyVaultProperties	The properties of the encryption key configured in KeyVault.	KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name	Description	Value
allocationPolicy	Allocation policy to be used by this provisioning service.	'GeoLatency' 'Hashed' 'Static'
authorizationPolicies	List of authorization keys for a provisioning service.	SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption	The encryption properties for the IoT DPS instance.	EncryptionPropertiesDescription
iotHubs	List of IoT hubs associated with this provisioning service.	IotHubDefinitionDescription[]
ipFilterRules	The IP filter rules.	IpFilterRule[]
privateEndpointConnections	Private endpoint connections created on this IotHub	PrivateEndpointConnection[]
provisioningState	The ARM provisioning state of the provisioning service.	string
publicNetworkAccess	Whether requests from Public Network are allowed	'Disabled' 'Enabled'
state	Current state of the provisioning service.	'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning'

IotDpsSkuInfo

Name	Description	Value
capacity	The number of units to provision	int
name	Sku name.	'S1'

IotHubDefinitionDescription

Name	Description	Value
allocationWeight	weight to apply for a given iot h.	int
applyAllocationPolicy	flag for applying allocationPolicy or not for a given iot hub.	bool
connectionString	Connection string of the IoT hub.	string (required)
location	ARM region of the IoT hub.	string (required)

IpFilterRule

Name	Description	Value
action	The desired action for requests captured by this rule.	'Accept' 'Reject' (required)
filterName	The name of the IP filter rule.	string (required)
ipMask	A string that contains the IP address range in CIDR notation for the rule.	string (required)
target	Target for requests captured by this rule.	'all' 'deviceApi' 'serviceApi'

KeyVaultKeyProperties

Name	Description	Value
keyIdentifier	The identifier of the key.	string

Microsoft.Devices/provisioningServices

Name	Description	Value
apiVersion	The api version	'2020-09-01-preview'
etag	The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention.	string
identity	The managed identities for the IotDps instance.	ArmIdentity
location	The resource location.	string (required)
name	The resource name	string (required)
properties	Service specific properties for a provisioning service	IotDpsPropertiesDescription (required)
sku	Sku info for a provisioning Service.	IotDpsSkuInfo (required)
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.Devices/provisioningServices'

PrivateEndpoint

Name	Description	Value

PrivateEndpointConnection

Name	Description	Value
properties	The properties of a private endpoint connection	PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name	Description	Value
privateEndpoint	The private endpoint property of a private endpoint connection	PrivateEndpoint
privateLinkServiceConnectionState	The current state of a private endpoint connection	PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name	Description	Value
actionsRequired	Actions required for a private endpoint connection	string
description	The description for the current state of a private endpoint connection	string (required)
status	The status of a private endpoint connection	'Approved' 'Disconnected' 'Pending' 'Rejected' (required)

ResourceTags

Name	Description	Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name	Description	Value
keyName	Name of the key.	string (required)
primaryKey	Primary SAS key value.	string
rights	Rights that this key has.	'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required)
secondaryKey	Secondary SAS key value.	string

Quickstart templates

The following quickstart templates deploy this resource type.

Template	Description
Create an IOT Hub and Ubuntu edge simulator	This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator.
Create an IoT Hub Device Provisioning Service	This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together.

Terraform (AzAPI provider) resource definition

The provisioningServices resource type can be deployed with operations that target:

• Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Devices/provisioningServices resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Devices/provisioningServices@2020-09-01-preview"
  name = "string"
  etag = "string"
  identity = {
    identityType = "string"
    userAssignedIdentities = {
      {customized property} = {
      }
    }
  }
  location = "string"
  body = jsonencode({
    properties = {
      allocationPolicy = "string"
      authorizationPolicies = [
        {
          keyName = "string"
          primaryKey = "string"
          rights = "string"
          secondaryKey = "string"
        }
      ]
      encryption = {
        identity = {
          userAssignedIdentity = "string"
        }
        keySource = "string"
        keyVaultProperties = [
          {
            keyIdentifier = "string"
          }
        ]
      }
      iotHubs = [
        {
          allocationWeight = int
          applyAllocationPolicy = bool
          connectionString = "string"
          location = "string"
        }
      ]
      ipFilterRules = [
        {
          action = "string"
          filterName = "string"
          ipMask = "string"
          target = "string"
        }
      ]
      privateEndpointConnections = [
        {
          properties = {
            privateEndpoint = {
            }
            privateLinkServiceConnectionState = {
              actionsRequired = "string"
              description = "string"
              status = "string"
            }
          }
        }
      ]
      provisioningState = "string"
      publicNetworkAccess = "string"
      state = "string"
    }
  })
  sku = {
    capacity = int
    name = "string"
  }
  tags = {
    {customized property} = "string"
  }
}

Property values

ArmIdentity

Name	Description	Value
identityType	Identity type. Only allowed values are SystemAssigned and UserAssigned. Comma separated if both for ex: SystemAssigned,UserAssigned.	string
userAssignedIdentities	The set of UserAssigned identities associated with the IoT DPS resource.	ArmIdentityUserAssignedIdentities

ArmIdentityUserAssignedIdentities

Name	Description	Value

ArmUserIdentity

Name	Description	Value

EncryptionKeyIdentity

Name	Description	Value
userAssignedIdentity	The user assigned identity.	string

EncryptionPropertiesDescription

Name	Description	Value
identity	The identity used to access the encryption key in KeyVault.	EncryptionKeyIdentity
keySource	The source of the encryption key. Typically, Microsoft.KeyVault	string
keyVaultProperties	The properties of the encryption key configured in KeyVault.	KeyVaultKeyProperties[]

IotDpsPropertiesDescription

Name	Description	Value
allocationPolicy	Allocation policy to be used by this provisioning service.	'GeoLatency' 'Hashed' 'Static'
authorizationPolicies	List of authorization keys for a provisioning service.	SharedAccessSignatureAuthorizationRuleAccessRightsDescription[]
encryption	The encryption properties for the IoT DPS instance.	EncryptionPropertiesDescription
iotHubs	List of IoT hubs associated with this provisioning service.	IotHubDefinitionDescription[]
ipFilterRules	The IP filter rules.	IpFilterRule[]
privateEndpointConnections	Private endpoint connections created on this IotHub	PrivateEndpointConnection[]
provisioningState	The ARM provisioning state of the provisioning service.	string
publicNetworkAccess	Whether requests from Public Network are allowed	'Disabled' 'Enabled'
state	Current state of the provisioning service.	'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning'

IotDpsSkuInfo

Name	Description	Value
capacity	The number of units to provision	int
name	Sku name.	'S1'

IotHubDefinitionDescription

Name	Description	Value
allocationWeight	weight to apply for a given iot h.	int
applyAllocationPolicy	flag for applying allocationPolicy or not for a given iot hub.	bool
connectionString	Connection string of the IoT hub.	string (required)
location	ARM region of the IoT hub.	string (required)

IpFilterRule

Name	Description	Value
action	The desired action for requests captured by this rule.	'Accept' 'Reject' (required)
filterName	The name of the IP filter rule.	string (required)
ipMask	A string that contains the IP address range in CIDR notation for the rule.	string (required)
target	Target for requests captured by this rule.	'all' 'deviceApi' 'serviceApi'

KeyVaultKeyProperties

Name	Description	Value
keyIdentifier	The identifier of the key.	string

Microsoft.Devices/provisioningServices

Name	Description	Value
etag	The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention.	string
identity	The managed identities for the IotDps instance.	ArmIdentity
location	The resource location.	string (required)
name	The resource name	string (required)
properties	Service specific properties for a provisioning service	IotDpsPropertiesDescription (required)
sku	Sku info for a provisioning Service.	IotDpsSkuInfo (required)
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.Devices/provisioningServices@2020-09-01-preview"

PrivateEndpoint

Name	Description	Value

PrivateEndpointConnection

Name	Description	Value
properties	The properties of a private endpoint connection	PrivateEndpointConnectionProperties (required)

PrivateEndpointConnectionProperties

Name	Description	Value
privateEndpoint	The private endpoint property of a private endpoint connection	PrivateEndpoint
privateLinkServiceConnectionState	The current state of a private endpoint connection	PrivateLinkServiceConnectionState (required)

PrivateLinkServiceConnectionState

Name	Description	Value
actionsRequired	Actions required for a private endpoint connection	string
description	The description for the current state of a private endpoint connection	string (required)
status	The status of a private endpoint connection	'Approved' 'Disconnected' 'Pending' 'Rejected' (required)

ResourceTags

Name	Description	Value

SharedAccessSignatureAuthorizationRuleAccessRightsDescription

Name	Description	Value
keyName	Name of the key.	string (required)
primaryKey	Primary SAS key value.	string
rights	Rights that this key has.	'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required)
secondaryKey	Secondary SAS key value.	string