Create and manage Azure IoT hubs

Article
08/09/2024

This article describes how to create and manage an IoT hub.

Prerequisites

Prepare the following prerequisites, depending on which tool you use.

Access to the Azure portal.

The Azure CLI installed on your development machine. If you don't have the Azure CLI, follow the steps to Install the Azure CLI.
A resource group in your Azure subscription. If you want to create a new resource group, use the az group create command:
```
az group create --name <RESOURCE_GROUP_NAME> --location <REGION>
```

Azure PowerShell installed on your development machine. If you don't have Azure PowerShell, follow the steps to Install Azure PowerShell.
A resource group in your Azure subscription. If you want to create a new resource group, use the New-AzResourceGroup command:
```
New-AzResourceGroup -Name <RESOURCE_GROUP_NAME> -Location "<REGION>"
```

Create an IoT hub

This section describes how to create an IoT hub using the Azure portal.

Sign in to the Azure portal.
On the Azure homepage, select the + Create a resource button.
From the Categories menu, select Internet of Things, and then select IoT Hub.

On the Basics tab, complete the fields as follows:

Important

Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

Property	Value
Subscription	Select the subscription to use for your hub.
Resource group	Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use.
IoT hub name	Enter a name for your hub. This name must be globally unique, with a length between 3 and 50 alphanumeric characters. The name can also include the dash (`'-'`) character.
Region	Select the region, closest to you, where you want your hub to be located. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.
Tier	Select the tier that you want to use for your hub. Tier selection depends on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier. To compare the features available to each tier, select Compare tiers. For more information, see Choose the right IoT Hub tier for your solution.
Daily message limit	Select the maximum daily quota of messages for your hub. The available options depend on the tier you've selected for your hub. To see the available messaging and pricing options, select See all options and select the option that best matches the needs of your hub. For more information, see IoT Hub quotas and throttling.

Screen capture that shows how to create an IoT hub in the Azure portal.

Select Next: Networking to continue creating your hub.

On the Networking tab, complete the fields as follows:

Property	Value
Connectivity configuration	Choose the endpoints that devices can use to connect to your IoT hub. Accept the default setting, Public endpoint, for this example. You can change this setting after the IoT hub is created. For more information, see Managing public network access for your IoT hub.

Screen capture that shows how to choose the endpoints that can connect to a new IoT hub.

Select Next: Management to continue creating your hub.

Accept the default settings here. If desired, you can modify any of the following fields:
- Pricing and scale tier: Tier selection depends on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier. For details about other tier options, see Choosing the right IoT Hub tier.
  
  If you're working through a quickstart, select the free tier.
- IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, choose two S1 tier units.
- Role-based access control: This property decides how you manage access to your IoT hub. Allow shared access policies or choose only role-based access control. For more information, see Control access to IoT Hub by using Azure Active Directory.
- Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.
Note

Prices shown are for example purposes only.
Select Next: Tags to continue to the next screen.

Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. In this document, you won't be adding any tags. For more information, see Use tags to organize your Azure resources.
Select Next: Review + create to review your choices.
Select Create to start the deployment of your new hub. Your deployment will be in progress a few minutes while the hub is being created. Once the deployment is complete, select Go to resource to open the new hub.

Use the az iot hub create command to create an IoT hub in your resource group, using a globally unique name for your IoT hub. For example:

az iot hub create --name <NEW_NAME_FOR_YOUR_IOT_HUB> --resource-group <RESOURCE_GROUP_NAME> --sku S1

Important

Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

The previous command creates an IoT hub in the S1 pricing tier. For more information, see Azure IoT Hub pricing.

Use the New-AzIotHub command to create an IoT hub in your resource group. The name of the IoT hub must be globally unique. For example:

New-AzIotHub `
    -ResourceGroupName <RESOURCE_GROUP_NAME> `
    -Name <NEW_NAME_FOR_YOUR_IOT_HUB> `
    -SkuName S1 -Units 1 `
    -Location "<REGION>"

Important

Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

The previous command creates an IoT hub in the S1 pricing tier. For more information, see Azure IoT Hub pricing.

Connect to an IoT hub

Provide access permissions to applications and services that use IoT Hub functionality.

Connect with a connection string

Connection strings are tokens that grant devices and services permissions to connect to IoT Hub based on shared access policies. Connection strings are an easy way to get started with IoT Hub, and are used in many samples and tutorials, but aren't recommended for production scenarios.

For most sample scenarios, the service policy is sufficient. The service policy grants Service Connect permissions to access service endpoints.

To get the IoT Hub connection string for the service policy, follow these steps:

In the Azure portal, select Resource groups. Select the resource group where your hub is located, and then select your hub from the list of resources.
On the left-side pane of your IoT hub, select Shared access policies.
From the list of policies, select the service policy.
Copy the Primary connection string and save the value.

Use the az iot hub connection-string show command to get a connection string for your IoT hub that grants the service policy permissions:

az iot hub connection-string show --hub-name <YOUR_IOT_HUB_NAME> --policy-name service

The service connection string should look similar to the following example:

"HostName=<IOT_HUB_NAME>.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=<SHARED_ACCESS_KEY>"

Use the Get-AzIotHubConnectionString command to get a connection string for your IoT hub that grants the service policy permissions.

Get-AzIotHubConnectionString -ResourceGroupName "<YOUR_RESOURCE_GROUP>" -Name "<YOUR_IOT_HUB_NAME>" -KeyName "service"

The service connection string should look similar to the following example:

"HostName=<IOT_HUB_NAME>.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=<SHARED_ACCESS_KEY>"

Connect with role assignments

Authenticating access by using Microsoft Entra ID and controlling permissions by using Azure role-based access control (RBAC) provides improved security and ease of use over security tokens. To minimize potential security issues inherent in security tokens, we recommend that you enforce Microsoft Entra authentication whenever possible. For more information, see Control access to IoT Hub by using Microsoft Entra ID.

Delete an IoT hub

When you delete an IoT hub, you lose the associated device identity registry. If you want to move or upgrade an IoT hub, or delete an IoT hub but keep the devices, consider migrating an IoT hub using the Azure CLI.

To delete an IoT hub, open your IoT hub in the Azure portal, then choose Delete.

To delete an IoT hub, run the az iot hub delete command:

az iot hub delete --name <IOT_HUB_NAME> --resource-group <RESOURCE_GROUP_NAME>

To delete the IoT hub, use the Remove-AzIotHub command.

Remove-AzIotHub `
    -ResourceGroupName MyIoTRG1 `
    -Name MyTestIoTHub

Other tools for managing IoT hubs

In addition to the Azure portal and CLI, the following tools are available to help you work with IoT hubs in whichever way supports your scenario:

IoT Hub resource provider REST API

Use the IoT Hub Resource set of operations.
Azure resource manager templates, Bicep, or Terraform

Use the Microsoft.Devices/IoTHubs resource type. For examples, see IoT Hub sample templates.

Create and manage Azure IoT hubs

Prerequisites

Create an IoT hub

Connect to an IoT hub

Connect with a connection string

Connect with role assignments

Delete an IoT hub

Other tools for managing IoT hubs

Additional resources