One of the services within Microsoft Azure for building out IoT solutions is the Azure IoT Hub Device Provisioning Service (DPS). Just as with other services in Azure, the Azure CLI (cross-platform command-line tool) includes several commands that can be used to create, manage, and delete the this service within your Azure subscriptions. Below are commands and examples to create and delete Azure DPS, as well as an example on connecting DPS with Azure IoT Hub.

First, let’s take a look at what Azure DPS is, and it’s main advantages, before we dive into the Azure CLI commands!

This article and the scripts included are part of the larger Azure CLI Kung Fu (az-kung-fu) project here on Build5Nines.com!

What is Azure IoT Hub Device Provisioning Service?

The Azure IoT Hub Device Provisioning Service (DPS) is a service within Microsoft Azure that enables zero-touch, just-in-time provisioning of IoT Devices within Azure IoT Hub. This enables IoT Devices to be provisioned without human interaction as scale. The service can be used to provision millions of devices in a scalable and secure manner.

There are several advantages to using Device Provisioning Service (DPS):

Zero-touch provisioning of IoT Devices to a single IoT solution without the need to hardcode the Azure IoT Hub connection information. There is no more need to configure connection information during manufacture at the factory.
Ability to load balance millions of IoT Devices across multiple Azure IoT Hubs.
Multi-tenancy: Connect IoT Devices to their owner’s IoT solutions based on sales transaction data.
Solution Isolation: Connect IoT Devices to a particular IoT solution depending on use-case.
Geo-sharding: Connect IoT Devices to the Azure IoT Hub with the lowest latency.
Reprovision based on changes in the IoT device.
Rolling keys: Rolling update of keys used by the IoT Device to connect to Azure IoT Hub when not using x.509 certificates for connection.

Manage Azure IoT Hub Device Provisioning Service (DPS) using the Azure CLI

The Azure Portal can always be used to manage Azure IoT Hub and the Device Provisioning Service (DPS). In addition, the Azure CLI cross-platform tools can be used to provision and manage the DPS service in a scriptable and automated fashion.

Install the Azure IoT Extension for Azure CLI

The Azure CLI commands for managing the Azure DPS service reside within the Azure IoT Extension for Azure CLI. Before using these commands, the Azure IoT Extension needs to be installed within your environment.

The following command can be used to install this extension:

az extension add --name azure-iot

Once installed, the usage and help content for the commands included in the Azure IoT Extension can be displayed using the az iot -h command:

$ az iot -h
Group
    az iot : Manage Internet of Things (IoT) assets.
        Comprehensive IoT data-plane functionality is available in the Azure IoT CLI Extension. For
        more info and install guide go to https://github.com/Azure/azure-iot-cli-extension.
Subgroups:
    dps : Manage Azure IoT Hub Device Provisioning Service.
    hub : Manage Azure IoT hubs.
    pnp : Manage IoT Plug and Play repositories and repository access keys.

Now that the Azure IoT Extension for Azure CLI is installed, the various Azure IoT command are ready to be used.

Create Device Provisioning Service using Azure CLI

The az iot dps create command can be used to create new Azure IoT Hub Device Provisioning Service (DPS) instances within an Azure subscription. There are only a few required parameters necessary to define the configuration of the service to be provisioned.

Parameter	Description
`--name`	The name to assign to the DPS service.
`--resource-group`	The resource group to organize the DPS service within.
`--sku`	The pricing tier / SKU to use for the DPS service.
`--location`	The Azure region to provision the DPS service within.

Here’s an example of using this command to create a new Azure IoT Hub Device Provisioning Service instance:

#!/bin/bash
#################################################################################
# project: az-kung-fu
# http://www.build5nines.com/az-kung-fu
# MIT License - https://github.com/Build5Nines/az-kung-fu
# WARNING: These scripts could either cause resume generating events or get you promoted.
# Please, proceed with extreme caution!
#################################################################################
#Script Purpose
# - Create a New Azure IoT Hub Device Provisioning Service (DPS) service
#Script Usage
# - update the variables to create a DPS service
##################################################################################
#Variables for Script
rg=[resource_group_name]
dpsName=[dps_name]
sku=[iot_hub_sku]
location=[location]
#Create Azure IoT Hub Device Provisioning Service (DPS)
az iot dps create --name $dpsName \
    --resource-group $rg --sku $sku \
    --location $location

Link Azure IoT Hub to DPS Service using Azure CLI

The az iot dps linked-hub create command can be used to configure the connection between a Device Provisioning Service (DPS) and an Azure IoT Hub service. This link connects the two services so that DPS can be used to provision IoT Devices within a particular Azure IoT Hub service.

This command only has a couple required parameters when calling:

Parameter	Description
`--dps-name`	The name of the Azure IoT Hub Device Provisioning Service (DPS) to add the linked connection to.
`--resource-group` / `-g`	The resource group where the DPS service is organized within.
`--connection-string`	The Azure IoT Hub Connection String used to link with DPS.
`--location`	The Azure region where the DPS service is hosted.

When scripting out and automating the configuration of connecting / linking a DPS service instance to an Azure IoT Hub, it can be useful to retrieve the Connection String from the Azure IoT Hub service. The following command can be used to retrieve the Azure IoT Hub Connection String that can later be pass to the az iot dps linked-hub create command:

az iot hub show-connection-string \
    --hub-name $hubName \
    --query connectionString \
    --output tsv

Here’s an example of using these commands to create the link between an Azure Device Provisioning Service (DPS) instance and an Azure IoT Hub service:

#!/bin/bash
#################################################################################
# project: az-kung-fu
# http://www.build5nines.com/az-kung-fu
# MIT License - https://github.com/Build5Nines/az-kung-fu
# WARNING: These scripts could either cause resume generating events or get you promoted.
# Please, proceed with extreme caution!
#################################################################################
#Script Purpose
# - Link existing Azure IoT Hub and Device Provisioning Service (DPS) instances together
#Script Usage
# - update the variables to target existing IoT Hub and DPS services
##################################################################################
#Variables for Script
rg=[resource_group_name]
hubName=[iot_hub_name]
dpsName=[dps_name]
location=[location]
# Get Connection String for existing Azure IoT Hub
hubConnectionString=$(
    az iot hub show-connection-string \
        --hub-name $hubName \
        --query connectionString \
        --output tsv
)
# Link Azure IoT Hub with Device Provisioning Service (DPS) using IoT Hub Connection String
az iot dps linked-hub create --dps-name $dpsName \
    -g $rg \
    --connection-string $hubConnectionString \
    --location $location

Delete Device Provisioning Service using Azure CLI

The az iot dps delete command can be used to DELETE an Azure IoT Hub Device Provisioning Service (DPS) instance. While this action isn’t performed as often, it is an important management action to do.

This command only has two required parameters"

Parameter	Description
`-n`	The name of the Device Provisioning Service that is to be deleted.
`--resource-group` / `-g`	The resource group where the DPS service is organized within.

Here’s an example of using this command to delete an Azure IoT Hub Device Provisioning Service (DPS) instance:

#!/bin/bash
#################################################################################
# project: az-kung-fu
# http://www.build5nines.com/az-kung-fu
# MIT License - https://github.com/Build5Nines/az-kung-fu
# WARNING: These scripts could either cause resume generating events or get you promoted.
# Please, proceed with extreme caution!
#################################################################################
#Script Purpose
# - Delete an existing Azure IoT Hub Device Provisioning Service (DPS) service
#Script Usage
# - update the variables to delete a DPS service
##################################################################################
#Variables for Script
rg=[resource_group_name]
dpsName=[dps_name]
sku=[iot_hub_sku]
location=[location]
#Delete an Azure IoT Hub Device Provisioning Service (DPS)
az iot dps delete -n $dpsName -g $rg

Wrap Up

The Azure IoT Hub Device Provisioning Service (DPS) is an important service when building and managing any IoT solution with any number of IoT Devices; including MILLIONS of devices! The Azure CLI is an important tool that is used by many developers and administrators to manage their Azure IoT solutions. The command and scripts in this article are important to be familiar with.

Additionally, the scripts included within this article can also be found within the Azure CLI Kung Fu (az-kung-fu) project on GitHub. Here’s the location of all the scripts in that project relating to Azure IoT: https://github.com/Build5Nines/az-kung-fu/tree/master/iot

About the Author

Chris Pietschmann

Chris Pietschmann is a Microsoft MVP, HashiCorp Ambassador, and Microsoft Certified Trainer (MCT) with 20+ years of experience designing and building Cloud & Enterprise systems. He has worked with companies of all sizes from startups to large enterprises. He has a passion for technology and sharing what he learns with others to help enable them to learn faster and be more productive.