Windows IoT Docs

Zero‑Touch Deployment Overview

Zero‑Touch Deployment (ZTD) enables you to provision and configure Windows IoT devices at scale without manual interaction. By leveraging Azure Device Provisioning Service (DPS) and a custom image, you can automatically enroll devices, apply policies, and install required workloads the moment they connect to the network.

Prerequisites

Step‑by‑Step Guide

  1. Create a DPS instance – Follow the Azure portal wizard to register a new Device Provisioning Service.
  2. Configure enrollment group – Upload your X.509 certificate or symmetric key and set the IoT Hub target.
  3. Build a custom Windows IoT image – Use wimlib and DISM to add your app packages and set IoTSetup.cfg for automatic provisioning.
  4. Flash the image to devices – Use dd, Win32DiskImager, or OEM tools.
  5. Power on devices – Devices will reach out to DPS, receive IoT Hub assignment, and run the provisioning script.

Sample Provisioning Script

#!/bin/bash
# Zero‑Touch provisioning script for Windows IoT
set -e
# Register device with DPS using TPM
az iot dps enrollment-group create \
    --dps-name MyDps \
    --enrollment-id $DEVICE_ID \
    --attestation-type tpm
# Configure IoT Edge runtime
iotedge config apply -c /etc/iotedge/config.yaml
# Install required packages
dism /online /add-package /packagepath:C:\Packages\MyApp.cab
# Signal completion
echo "Zero‑Touch provisioning completed!" > C:\Provisioning\status.txt

Common Issues & Troubleshooting

Device cannot reach DPS
Check network firewalls for outbound HTTPS (port 443). Verify DNS resolution for global.azure-devices-provisioning.net.
TPM enrollment fails
Ensure TPM is enabled in BIOS and the device firmware is updated. Run tpm.msc to verify TPM status.
Provisioning script hangs
Enable detailed logging in IoTSetup.cfg and review Event Viewer → Applications and Services Logs → Microsoft → Windows → Provisioning-Diagnostics.