az iot dps enrollment

Manage enrollments in an Azure IoT Hub Device Provisioning Service.

Commands

az iot dps enrollment create

Create a device enrollment in an Azure IoT Hub Device Provisioning Service.
az iot dps enrollment delete

Delete a device enrollment in an Azure IoT Hub Device Provisioning Service.
az iot dps enrollment list

List device enrollments in an Azure IoT Hub Device Provisioning Service.
az iot dps enrollment show

Get device enrollment details in an Azure IoT Hub Device Provisioning Service.
az iot dps enrollment update

Update a device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment create

Create a device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment create --at {symmetricKey, tpm, x509}
                             --dps-name
                             --enrollment-id
                             --resource-group
                             [--allocation-policy {custom, geolatency, hashed, static}]
                             [--api-version]
                             [--certificate-path]
                             [--device-id]
                             [--edge-enabled {false, true}]
                             [--ek]
                             [--hn]
                             [--ih]
                             [--initial-twin-properties]
                             [--initial-twin-tags]
                             [--pk]
                             [--provisioning-status {disabled, enabled}]
                             [--reprovision-policy {never, reprovisionandmigratedata, reprovisionandresetdata}]
                             [--scp]
                             [--secondary-key]
                             [--webhook-url]

Examples

Create an enrollment '{enrollment_id}' with attestation type 'x509' in the Azure IoT provisioning service '{dps_name}' in the resource group '{resource_group_name}'

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type x509 --certificate-path /certificates/Certificate.pem

Create an enrollment '{enrollment_id}' with attestation type 'x509' in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}' with provisioning status 'disabled', target IoT Hub '{iothub_host_name}', device id '{device_id}' and initial twin properties '{"location":{"region":"US"}}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type x509 --certificate-path /certificates/Certificate.pem --provisioning-status disabled --iot-hub-host-name {iothub_host_name} --initial-twin-properties "{'location':{'region':'US'}}" --device-id {device_id}

Create an enrollment 'MyEnrollment' with attestation type 'tpm' in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89

Create an enrollment 'MyEnrollment' with attestation type 'symmetrickey' in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type symmetrickey --primary-key {primary_key} --secondary-key {secondary_key}

Create an enrollment 'MyEnrollment' with reprovision in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --reprovision-policy {reprovision_type} --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89

Create an enrollment 'MyEnrollment' with static allocation policy in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --allocation-policy static --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --iot-hubs {iot_hub_host_name}

Create an enrollment 'MyEnrollment' with hashed allocation policy and multiple hubs in the Azure IoT Device Provisioning service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type tpm --allocation-policy hashed --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --iot-hubs "{iot_hub_host_name1} {iot_hub_host_name2}"

Create an enrollment 'MyEnrollment' with custom allocation policy,

az iot dps enrollment create -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --attestation-type symmetrickey --allocation-policy custom --webhook-url {webhook_url} --api-version {api_version}

Required Parameters

--at --attestation-type

Attestation Mechanism.

accepted values: symmetricKey, tpm, x509
--dps-name

Name of the Azure IoT Hub device provisioning service.

--enrollment-id

ID of device enrollment record.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allocation-policy --ap

Type of allocation for device assigned to the Hub.

accepted values: custom, geolatency, hashed, static
--api-version --av

The API version of the provisioning service types sent in the custom allocation request. Minimum supported version: 2018-09-01-preview.

--certificate-path --cp

The path to the file containing the primary certificate. When choosing x509 as attestation type, one of the certificate path is required.

--device-id -d

IoT Hub Device ID.

--edge-enabled --ee

Flag indicating edge enablement.

accepted values: false, true
--ek --endorsement-key

TPM endorsement key for a TPM device. When choosing tpm as attestation type, endorsement key is required.

--hn --iot-hub-host-name

Host name of target IoT Hub.

--ih --iot-hubs

Host name of target IoT Hub. Use space-separated list for multiple IoT Hubs.

--initial-twin-properties --props

Initial twin properties.

--initial-twin-tags --tags

Initial twin tags.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--provisioning-status --ps

Enable or disable enrollment entry.

accepted values: disabled, enabled
--reprovision-policy --rp

Device data to be handled on re-provision to different Iot Hub.

accepted values: never, reprovisionandmigratedata, reprovisionandresetdata
--scp --secondary-certificate-path

The path to the file containing the secondary certificate. When choosing x509 as attestation type, one of the certificate path is required.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--webhook-url --wh

The webhook URL used for custom allocation requests.

az iot dps enrollment delete

Delete a device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment delete --dps-name
                             --enrollment-id
                             --resource-group

Required Parameters

--dps-name

Name of the Azure IoT Hub device provisioning service.

--enrollment-id

ID of device enrollment record.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

az iot dps enrollment list

List device enrollments in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment list --dps-name
                           --resource-group
                           [--top]

Required Parameters

--dps-name

Name of the Azure IoT Hub device provisioning service.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--top

Maximum number of elements to return. Use -1 for unlimited.

az iot dps enrollment show

Get device enrollment details in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment show --dps-name
                           --enrollment-id
                           --resource-group
                           [--keys {false, true}]

Examples

Basic usage

az iot dps enrollment show --dps-name {dps_name} -g {resource_group} --enrollment-id {enrollment_id}

Include full attestation information in results for a symmetric key enrollment

az iot dps enrollment show --dps-name {dps_name} -g {resource_group} --enrollment-id {symmetric_key_enrollment_id} --show-keys

Required Parameters

--dps-name

Name of the Azure IoT Hub device provisioning service.

--enrollment-id

ID of device enrollment record.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--keys --show-keys

Include attestation keys and information in enrollment results.

accepted values: false, true

az iot dps enrollment update

Update a device enrollment in an Azure IoT Hub Device Provisioning Service.

az iot dps enrollment update --dps-name
                             --enrollment-id
                             --resource-group
                             [--allocation-policy {custom, geolatency, hashed, static}]
                             [--api-version]
                             [--certificate-path]
                             [--device-id]
                             [--edge-enabled {false, true}]
                             [--ek]
                             [--etag]
                             [--hn]
                             [--ih]
                             [--initial-twin-properties]
                             [--initial-twin-tags]
                             [--pk]
                             [--provisioning-status {disabled, enabled}]
                             [--rc {false, true}]
                             [--remove-secondary-certificate {false, true}]
                             [--reprovision-policy {never, reprovisionandmigratedata, reprovisionandresetdata}]
                             [--scp]
                             [--secondary-key]
                             [--webhook-url]

Examples

Update enrollment '{enrollment_id}' with a new x509 certificate in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --certificate-path /certificates/NewCertificate.pem --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new endorsement key in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --endorsement-key 14963E8F3BA5B3984110B3C1CA8E8B89 --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new primary key in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --primary-key {new_primary_key} --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new reprovision type in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --reprovision-policy {reprovision_type} --etag AAAAAAAAAAA=

Update enrollment '{enrollment_id}' with a new allocation policy in the Azure IoT Device Provisioning Service '{dps_name}' in the resource group '{resource_group_name}'.

az iot dps enrollment update -g {resource_group_name} --dps-name {dps_name} --enrollment-id {enrollment_id} --allocation-policy geolatency --etag AAAAAAAAAAA= --iot-hubs "{iot_hub_host_name1} {iot_hub_host_name2} {iot_hub_host_name3}"

Required Parameters

--dps-name

Name of the Azure IoT Hub device provisioning service.

--enrollment-id

ID of device enrollment record.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

--allocation-policy --ap

Type of allocation for device assigned to the Hub.

accepted values: custom, geolatency, hashed, static
--api-version --av

The API version of the provisioning service types sent in the custom allocation request. Minimum supported version: 2018-09-01-preview.

--certificate-path --cp

The path to the file containing the primary certificate.

--device-id -d

IoT Hub Device ID.

--edge-enabled --ee

Flag indicating edge enablement.

accepted values: false, true
--ek --endorsement-key

TPM endorsement key for a TPM device.

--etag -e

Entity tag value.

--hn --iot-hub-host-name

Host name of target IoT Hub.

--ih --iot-hubs

Host name of target IoT Hub. Use space-separated list for multiple IoT Hubs.

--initial-twin-properties --props

Initial twin properties.

--initial-twin-tags --tags

Initial twin tags.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--provisioning-status --ps

Enable or disable enrollment entry.

accepted values: disabled, enabled
--rc --remove-certificate

Remove current primary certificate.

accepted values: false, true
--remove-secondary-certificate --rsc

Remove current secondary certificate.

accepted values: false, true
--reprovision-policy --rp

Device data to be handled on re-provision to different Iot Hub.

accepted values: never, reprovisionandmigratedata, reprovisionandresetdata
--scp --secondary-certificate-path

The path to the file containing the secondary certificate.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--webhook-url --wh

The webhook URL used for custom allocation requests.