Azure IoT Device Provisioning Service (DPS)
The Azure IoT Device Provisioning Service (DPS) enables zero-touch, scalable, and secure device provisioning to the Azure IoT hub of your choice. It eliminates the need for manual provisioning steps and supports a wide range of authentication mechanisms.
Key Features
- Supports X.509 certificates and symmetric keys
- Automatic assignment of devices to IoT hubs
- Policy-driven enrollment groups
- Global scale and high availability
How it Works
- Create an enrollment or enrollment group in DPS.
- Device connects to DPS using its credentials.
- DPS authenticates the device and assigns it to a target IoT hub.
- Device establishes a secure MQTT/HTTPS/AMQP connection to the assigned hub.
Quickstart: Register a Device
Follow these steps to provision a device using the Azure portal.
- Navigate to Device Provisioning Services in the Azure portal.
- Create a new DPS instance or select an existing one.
- Under Enrollments, click Add enrollment group.
- Upload a root certificate (or use a symmetric key) and provide a group name.
- Configure the IoT hub that devices in this group should be assigned to.
- Save the enrollment and note the
registration IDfor your device.
Device Provisioning Sample (C#)
using Microsoft.Azure.Devices.Provisioning.Client;
using Microsoft.Azure.Devices.Provisioning.Client.Transport;
using Microsoft.Azure.Devices.Shared;
var provisioningHost = "global.azure-devices-provisioning.net";
var idScope = "<Your ID Scope>";
var registrationId = "<Device Registration Id>";
var symmetricKey = Convert.FromBase64String("<Device Symmetric Key>");
using var security = new SecurityProviderSymmetricKey(registrationId, symmetricKey, null);
using var transport = new ProvisioningTransportHandlerMqtt(TransportFallbackType.TcpOnly);
var provClient = ProvisioningDeviceClient.Create(provisioningHost, idScope, security, transport);
Console.WriteLine("Attempting registration...");
DeviceRegistrationResult result = await provClient.RegisterAsync();
Console.WriteLine($"Status: {result.Status}");
if (result.Status == ProvisioningRegistrationStatusType.Assigned)
{
var iotHub = result.AssignedHub;
var deviceId = result.DeviceId;
Console.WriteLine($"Device assigned to {iotHub} with DeviceId {deviceId}");
}
REST API Reference
Base URL: https://global.azure-devices-provisioning.net
| Method | Endpoint | Description |
|---|---|---|
| GET | /enrollments | List all enrollments |
| POST | /enrollments | Create a new enrollment |
| GET | /enrollments/{id} | Retrieve enrollment details |
| DELETE | /enrollments/{id} | Delete an enrollment |
All requests must include the Authorization header with a valid SAS token.