Share via

az iot device registration

  • Preview

Note

This reference is part of the azure-iot extension for the Azure CLI (version 2.59.0 or higher). The extension will automatically install the first time you run an az iot device registration command. Learn more about extensions.

This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage IoT device registrations for the IoT Device Provisioning Service.

Use az iot dps enrollment registration or az iot dps enrollment-group registration to view and delete registrations.

Commands

Name Description Type Status
az iot device registration create

Register an IoT device with the IoT Device Provisioning Service.

 Extension Preview

az iot device registration create

Preview

Command group 'iot device registration' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Register an IoT device with the IoT Device Provisioning Service.

The following attestation mechanisms are supported:

  • Symmetric key
  • x509 certificate If using x509 authentication methods, the certificate and key files (and passphrase if needed) must be provided.
az iot device registration create --registration-id --rid
                                  [--auth-type {key, login}]
                                  [--certificate-file-path --cp]
                                  [--ck --compute-key]
                                  [--dps-name]
                                  [--enrollment-group-id --gid --group-id]
                                  [--host --provisioning-host]
                                  [--id-scope --scope]
                                  [--key --symmetric-key]
                                  [--key-file-path --kp]
                                  [--login]
                                  [--pass --passphrase]
                                  [--payload]
                                  [--resource-group]

Examples

Register an IoT device using an individual enrollment.

az iot device registration create -n {dps_name} --rid {registration_id}

Register an IoT device using a group enrollment.

az iot device registration create -n {dps_name} --rid {registration_id} --gid {group_enrollment_id}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given symmetric key. This will bypass retrieving the ID Scope and individal enrollment symmetric key.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --key {symmetric_key}

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given enrollment group symmetric key. This will bypass retrieving the ID Scope and enrollment-group symmetric key. The symmetric key used for the device registration will be computed from the given symmetric key.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --gid {group_enrollment_id} --key {symmetric_key} --ck

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given symmetric key. This will bypass retrieving the ID Scope. Note that since the symmetric key should be the computed device key, the enrollment group id is not needed.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --key {symmetric_key}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given certificate and key files. This will bypass retrieving the ID Scope.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given certificate and key files and passphrase for the key file. This will bypass retrieving the ID Scope.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file} --pass {passphrase}

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given certificate and key files. This will bypass retrieving the ID Scope. Note that the group enrollment id is not needed for x509 attestations and the subject of the certificate file is the registration id.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file}

Required Parameters

--registration-id --rid

Device registration ID or individual enrollment ID.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. If the authentication type is login and the resource hostname is provided, resource lookup will be skipped unless needed.You can configure the default using az configure --defaults iothub-data-auth-type={auth-type-value}.

Property Value
Parameter group: Access Control Arguments
Default value: key
Accepted values: key, login
--certificate-file-path --cp

Path to certificate PEM file. Required for x509 registrations.

Property Value
Parameter group: x509 Authentication Arguments
--ck --compute-key

Flag to indicate that the symmetric key for the device registration should be computed from the given key with --symmetric-key.

Property Value
Parameter group: Symmetric Key Authentication Arguments
Default value: False
--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided or authenticaton arguments and --id-scope are not provided.

Property Value
Parameter group: DPS Identifier Arguments
--enrollment-group-id --gid --group-id

Enrollment group ID. Only needed to retrieve authentication arguments.

--host --provisioning-host

Endpoint pointing to the provisioning host to use.

Property Value
Default value: global.azure-devices-provisioning.net
--id-scope --scope

Id Scope of the Azure IoT Hub Device Provisioning Service. If provided with authentication arguments, will avoid session login.

Property Value
Parameter group: DPS Identifier Arguments
--key --symmetric-key

The symmetric shared access key for the device registration.

Property Value
Parameter group: Symmetric Key Authentication Arguments
--key-file-path --kp

Path to key PEM file. Required for x509 registrations.

Property Value
Parameter group: x509 Authentication Arguments
--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided or authenticaton arguments and --id-scope are not provided.

Property Value
Parameter group: DPS Identifier Arguments
--pass --passphrase

Passphrase for the certificate.

Property Value
Parameter group: x509 Authentication Arguments
--payload

Custom allocation payload as JSON. Specifically for use with custom allocation policies using Azure Functions.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False