Share via


az iot central enrollment-group

Note

This reference is part of the azure-iot extension for the Azure CLI (version 2.46.0 or higher). The extension will automatically install the first time you run an az iot central enrollment-group command. Learn more about extensions.

Manage and configure IoT Central enrollment group.

Commands

Name Description Type Status
az iot central enrollment-group create

Create an enrollment group.

Extension GA
az iot central enrollment-group delete

Delete an enrollment group by ID.

Extension GA
az iot central enrollment-group generate-verification-code

Generate a verification code for the primary or secondary x509 certificate of an enrollment group.

Extension GA
az iot central enrollment-group list

Get the list of enrollment groups in an application.

Extension GA
az iot central enrollment-group show

Get details about an enrollment group by ID.

Extension GA
az iot central enrollment-group update

Update an enrollment group.

Extension GA
az iot central enrollment-group verify-certificate

Verify the primary or secondary x509 certificate of an enrollment group.

Extension GA

az iot central enrollment-group create

Create an enrollment group.

az iot central enrollment-group create --app-id
                                       --at {symmetricKey, x509}
                                       --display-name
                                       --group-id
                                       --type
                                       [--api-version {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri]
                                       [--certificate-path]
                                       [--etag]
                                       [--pk]
                                       [--provisioning-status {disabled, enabled}]
                                       [--scp]
                                       [--secondary-key]
                                       [--token]

Examples

Create an enrollment group

az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at {attestation} --display-name {displayName} --type {type}

Create an enrollment group with x509 primary certification

az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at 'x509' --display-name {displayName} --type {type} --cp {primayCertPath}

Create an enrollment group with given symmetric key certification

az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at 'symmetricKey' --display-name {displayName} --type {type} --pk {primaryKey} --sk {secondaryKey}

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--at --attestation-type

The attestation mechanism for the enrollment group. Only 'x509' or 'symmetricKey' are allowed.By default 'symmetricKey' will be used for attestation.

Accepted values: symmetricKey, x509
Default value: symmetricKey
--display-name

Display name of the enrollment group.

--group-id --id

Unique identifier for the enrollment group.

--type

Type of devices that connect through the group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--certificate-path --cp

The path to the file containing the primary certificate.

--etag -e

Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.

--pk --primary-key

The primary symmetric shared access key stored in base64 format.

--provisioning-status --ps

Whether the devices using the group are allowed to connect to IoT Central. True or False.

Accepted values: disabled, enabled
Default value: enabled
--scp --secondary-certificate-path

The path to the file containing the secondary certificate.

--secondary-key --sk

The secondary symmetric shared access key stored in base64 format.

--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group delete

Delete an enrollment group by ID.

az iot central enrollment-group delete --app-id
                                       --group-id
                                       [--api-version {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri]
                                       [--token]

Examples

Delete an enrollment group by ID

az iot central enrollment-group delete --app-id {appid} --id {enrollmentGroupId}

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--group-id --id

Unique identifier for the enrollment group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group generate-verification-code

Generate a verification code for the primary or secondary x509 certificate of an enrollment group.

az iot central enrollment-group generate-verification-code --app-id
                                                           --group-id
                                                           [--api-version {2022-06-30-preview, 2022-07-31}]
                                                           [--central-api-uri]
                                                           [--certificate-entry {primary, secondary}]
                                                           [--token]

Examples

Generate a verification code for the primary x509 certificate of an enrollment group

az iot central enrollment-group generate-verification-code --app-id {appid} --id {enrollmentGroupId} --entry 'primary'

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--group-id --id

Unique identifier for the enrollment group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--certificate-entry --entry

Entry type of the x509 certificate which only allows 'primary' and 'secondary'.

Accepted values: primary, secondary
--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group list

Get the list of enrollment groups in an application.

az iot central enrollment-group list --app-id
                                     [--api-version {2022-06-30-preview, 2022-07-31}]
                                     [--central-api-uri]
                                     [--token]

Examples

Get the list of enrollment groups in an application

az iot central enrollment-group list --app-id {appid}

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group show

Get details about an enrollment group by ID.

az iot central enrollment-group show --app-id
                                     --group-id
                                     [--api-version {2022-06-30-preview, 2022-07-31}]
                                     [--central-api-uri]
                                     [--certificate-entry {primary, secondary}]
                                     [--token]

Examples

Get details about an enrollment group by ID

az iot central enrollment-group show --app-id {appid} --id {enrollmentGroupId}

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--group-id --id

Unique identifier for the enrollment group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--certificate-entry --entry

Entry type of the x509 certificate which only allows 'primary' and 'secondary'.

Accepted values: primary, secondary
--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group update

Update an enrollment group.

az iot central enrollment-group update --app-id
                                       --group-id
                                       [--api-version {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri]
                                       [--certificate-entry {primary, secondary}]
                                       [--certificate-path]
                                       [--display-name]
                                       [--etag]
                                       [--provisioning-status {disabled, enabled}]
                                       [--remove-x509 {false, true}]
                                       [--scp]
                                       [--token]
                                       [--type]

Examples

Update an enrollment group

az iot central enrollment-group update --app-id {appid} --id {enrollmentGroupId} --display-name {displayName} --type {type} --ps {enabled}

Remove x509 primary certificate from an enrollment group

az iot central enrollment-group update --app-id {appid} --id {enrollmentGroupId} --remove-x509 'true' --entry 'primary'

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--group-id --id

Unique identifier for the enrollment group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--certificate-entry --entry

Entry type of the x509 certificate which only allows 'primary' and 'secondary'.

Accepted values: primary, secondary
--certificate-path --cp

The path to the file containing the primary certificate.

--display-name

Display name of the enrollment group.

--etag

ETag used to prevent conflict in enrollment group updates.

--provisioning-status --ps

Whether the devices using the group are allowed to connect to IoT Central. True or False.

Accepted values: disabled, enabled
Default value: enabled
--remove-x509

Whether the x509 certificate should be removed from the group. True or False.

Accepted values: false, true
--scp --secondary-certificate-path

The path to the file containing the secondary certificate.

--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

--type

Type of devices that connect through the group.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

az iot central enrollment-group verify-certificate

Verify the primary or secondary x509 certificate of an enrollment group.

Verify the primary or secondary x509 certificate of an enrollment group by providing a certificate with the signed verification code.

Please note that if an enrollment group was created with an unverified x509 certificate, a verification certificate will need to be created using the unverified x509 certificate and a verification code before using this command. A verification code can be generated via cli using the 'enrollment-group generate-verification-code' command. Learn more on how to create verification certificates using verification code at https://learn.microsoft.com/en-us/azure/iot-central/core/how-to-connect-devices-x509.

az iot central enrollment-group verify-certificate --app-id
                                                   --group-id
                                                   [--api-version {2022-06-30-preview, 2022-07-31}]
                                                   [--central-api-uri]
                                                   [--certificate-path]
                                                   [--scp]
                                                   [--token]

Examples

Verify the primary x509 certificate of an enrollment group

az iot central enrollment-group verify-certificate --app-id {appid} --id {enrollmentGroupId} --cp {primayCertPath}

Required Parameters

--app-id -n

The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.

--group-id --id

Unique identifier for the enrollment group.

Optional Parameters

--api-version --av
Deprecated

Argument 'api_version' has been deprecated and will be removed in a future release.

This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.

Accepted values: 2022-06-30-preview, 2022-07-31
Default value: 2022-07-31
--central-api-uri --central-dns-suffix

The IoT Central DNS suffix associated with your application.

Default value: azureiotcentral.com
--certificate-path --cp

The path to the file containing the primary certificate.

--scp --secondary-certificate-path

The path to the file containing the secondary certificate.

--token

If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.