Create and manage Azure IoT hubs

This article describes how to create and manage an IoT hub.

Prerequisites

Prepare the following prerequisites, depending on which tool you use.

Create an IoT hub

This section describes how to create an IoT hub using the Azure portal.

  1. Sign in to the Azure portal.

  2. On the Azure homepage, select the + Create a resource button.

  3. From the Categories menu, select Internet of Things, and then select IoT Hub.

  4. On the Basics tab, complete the fields as follows:

    Important

    Because the IoT hub will be publicly discoverable as a DNS endpoint, be sure to avoid entering any sensitive or personally identifiable information when you name it.

    Property Value
    Subscription Select the subscription to use for your hub.
    Resource group Select a resource group or create a new one. To create a new one, select Create new and fill in the name you want to use.
    IoT hub name Enter a name for your hub. This name must be globally unique, with a length between 3 and 50 alphanumeric characters. The name can also include the dash ('-') character.
    Region Select the region, closest to you, where you want your hub to be located. Some features, such as IoT Hub device streams, are only available in specific regions. For these limited features, you must select one of the supported regions.
    Tier Select the tier that you want to use for your hub. Tier selection depends on how many features you want and how many messages you send through your solution per day.

    The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier.

    To compare the features available to each tier, select Compare tiers. For more information, see Choose the right IoT Hub tier for your solution.
    Daily message limit Select the maximum daily quota of messages for your hub. The available options depend on the tier you've selected for your hub. To see the available messaging and pricing options, select See all options and select the option that best matches the needs of your hub. For more information, see IoT Hub quotas and throttling.

    Screen capture that shows how to create an IoT hub in the Azure portal.

  5. Select Next: Networking to continue creating your hub.

  6. On the Networking tab, complete the fields as follows:

    Property Value
    Connectivity configuration Choose the endpoints that devices can use to connect to your IoT hub. Accept the default setting, Public endpoint, for this example. You can change this setting after the IoT hub is created. For more information, see Managing public network access for your IoT hub.

    Screen capture that shows how to choose the endpoints that can connect to a new IoT hub.

  7. Select Next: Management to continue creating your hub.

    Screen capture that shows how to set the role-based access control and scale for a new IoT hub.

    Accept the default settings here. If desired, you can modify any of the following fields:

    • Pricing and scale tier: Tier selection depends on how many features you want and how many messages you send through your solution per day. The free tier is intended for testing and evaluation. The free tier allows 500 devices to be connected to the hub and up to 8,000 messages per day. Each Azure subscription can create one IoT hub in the free tier. For details about other tier options, see Choosing the right IoT Hub tier.

      If you're working through a quickstart, select the free tier.

    • IoT Hub units: The number of messages allowed per unit per day depends on your hub's pricing tier. For example, if you want the hub to support ingress of 700,000 messages, choose two S1 tier units.

    • Role-based access control: This property decides how you manage access to your IoT hub. Allow shared access policies or choose only role-based access control. For more information, see Control access to IoT Hub by using Azure Active Directory.

    • Device-to-cloud partitions: This property relates the device-to-cloud messages to the number of simultaneous readers of the messages. Most hubs need only four partitions.

    Note

    Prices shown are for example purposes only.

  8. Select Next: Tags to continue to the next screen.

    Tags are name/value pairs. You can assign the same tag to multiple resources and resource groups to categorize resources and consolidate billing. In this document, you won't be adding any tags. For more information, see Use tags to organize your Azure resources.

    Screen capture that shows how to assign tags for a new IoT hub.

  9. Select Next: Review + create to review your choices.

  10. Select Create to start the deployment of your new hub. Your deployment will be in progress a few minutes while the hub is being created. Once the deployment is complete, select Go to resource to open the new hub.

Connect to an IoT hub

Provide access permissions to applications and services that use IoT Hub functionality.

Connect with a connection string

Connection strings are tokens that grant devices and services permissions to connect to IoT Hub based on shared access policies. Connection strings are an easy way to get started with IoT Hub, and are used in many samples and tutorials, but aren't recommended for production scenarios.

For most sample scenarios, the service policy is sufficient. The service policy grants Service Connect permissions to access service endpoints.

To get the IoT Hub connection string for the service policy, follow these steps:

  1. In the Azure portal, select Resource groups. Select the resource group where your hub is located, and then select your hub from the list of resources.

  2. On the left-side pane of your IoT hub, select Shared access policies.

  3. From the list of policies, select the service policy.

  4. Copy the Primary connection string and save the value.

Connect with role assignments

Authenticating access by using Microsoft Entra ID and controlling permissions by using Azure role-based access control (RBAC) provides improved security and ease of use over security tokens. To minimize potential security issues inherent in security tokens, we recommend that you enforce Microsoft Entra authentication whenever possible. For more information, see Control access to IoT Hub by using Microsoft Entra ID.

Delete an IoT hub

When you delete an IoT hub, you lose the associated device identity registry. If you want to move or upgrade an IoT hub, or delete an IoT hub but keep the devices, consider migrating an IoT hub using the Azure CLI.

To delete an IoT hub, open your IoT hub in the Azure portal, then choose Delete.

Screenshot showing where to find the delete button for an IoT hub in the Azure portal.

Other tools for managing IoT hubs

In addition to the Azure portal and CLI, the following tools are available to help you work with IoT hubs in whichever way supports your scenario: