Share via


az iot device registration

Note

This reference is part of the azure-iot extension for the Azure CLI (version 2.46.0 or higher). The extension will automatically install the first time you run an az iot device registration command. Learn more about extensions.

This command group is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Manage IoT device registrations for the IoT Device Provisioning Service.

Use az iot dps enrollment registration or az iot dps enrollment-group registration to view and delete registrations.

Commands

Name Description Type Status
az iot device registration create

Register an IoT device with the IoT Device Provisioning Service.

Extension Preview

az iot device registration create

Preview

Command group 'iot device registration' is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus

Register an IoT device with the IoT Device Provisioning Service.

The following attestation mechanisms are supported:

  • Symmetric key
  • x509 certificate If using x509 authentication methods, the certificate and key files (and passphrase if needed) must be provided.
az iot device registration create --registration-id
                                  [--auth-type {key, login}]
                                  [--certificate-file-path]
                                  [--ck]
                                  [--dps-name]
                                  [--enrollment-group-id]
                                  [--host]
                                  [--id-scope]
                                  [--key]
                                  [--key-file-path]
                                  [--login]
                                  [--pass]
                                  [--payload]
                                  [--resource-group]

Examples

Register an IoT device using an individual enrollment.

az iot device registration create -n {dps_name} --rid {registration_id}

Register an IoT device using a group enrollment.

az iot device registration create -n {dps_name} --rid {registration_id} --gid {group_enrollment_id}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given symmetric key. This will bypass retrieving the ID Scope and individal enrollment symmetric key.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --key {symmetric_key}

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given enrollment group symmetric key. This will bypass retrieving the ID Scope and enrollment-group symmetric key. The symmetric key used for the device registration will be computed from the given symmetric key.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --gid {group_enrollment_id} --key {symmetric_key} --ck

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given symmetric key. This will bypass retrieving the ID Scope. Note that since the symmetric key should be the computed device key, the enrollment group id is not needed.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --key {symmetric_key}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given certificate and key files. This will bypass retrieving the ID Scope.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file}

Register an IoT device using an individual enrollment, the Device Provisioning Service ID Scope, and given certificate and key files and passphrase for the key file. This will bypass retrieving the ID Scope.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file} --pass {passphrase}

Register an IoT device using a group enrollment, the Device Provisioning Service ID Scope, and given certificate and key files. This will bypass retrieving the ID Scope. Note that the group enrollment id is not needed for x509 attestations and the subject of the certificate file is the registration id.

az iot device registration create --id-scope {id_scope} --rid {registration_id} --cp {certificate_file} --kp {key_file}

Required Parameters

--registration-id --rid

Device registration ID or individual enrollment ID.

Optional Parameters

--auth-type

Indicates whether the operation should auto-derive a policy key or use the current Azure AD session. If the authentication type is login and the resource hostname is provided, resource lookup will be skipped unless needed.You can configure the default using az configure --defaults iothub-data-auth-type={auth-type-value}.

Accepted values: key, login
Default value: key
--certificate-file-path --cp

Path to certificate PEM file. Required for x509 registrations.

--ck --compute-key

Flag to indicate that the symmetric key for the device registration should be computed from the given key with --symmetric-key.

Default value: False
--dps-name -n

Name of the Azure IoT Hub Device Provisioning Service. Required if --login is not provided or authenticaton arguments and --id-scope are not provided.

--enrollment-group-id --gid --group-id

Enrollment group ID. Only needed to retrieve authentication arguments.

--host --provisioning-host

Endpoint pointing to the provisioning host to use.

Default value: global.azure-devices-provisioning.net
--id-scope --scope

Id Scope of the Azure IoT Hub Device Provisioning Service. If provided with authentication arguments, will avoid session login.

--key --symmetric-key

The symmetric shared access key for the device registration.

--key-file-path --kp

Path to key PEM file. Required for x509 registrations.

--login -l

This command supports an entity connection string with rights to perform action. Use to avoid session login via "az login". If both an entity connection string and name are provided the connection string takes priority. Required if --dps-name is not provided or authenticaton arguments and --id-scope are not provided.

--pass --passphrase

Passphrase for the certificate.

--payload

Custom allocation payload as JSON. Specifically for use with custom allocation policies using Azure Functions.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters
--debug

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.