Microsoft.Devices provisioningServices
Bicep resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Devices/provisioningServices@2025-02-01-preview' = {
etag: 'string'
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
location: 'string'
name: 'string'
properties: {
allocationPolicy: 'string'
authorizationPolicies: [
{
keyName: 'string'
primaryKey: 'string'
rights: 'string'
secondaryKey: 'string'
}
]
enableDataResidency: bool
iotHubs: [
{
allocationWeight: int
applyAllocationPolicy: bool
authenticationType: 'string'
connectionString: 'string'
location: 'string'
selectedUserAssignedIdentityResourceId: 'string'
}
]
ipFilterRules: [
{
action: 'string'
filterName: 'string'
ipMask: 'string'
target: 'string'
}
]
portalOperationsHostName: 'string'
privateEndpointConnections: [
{
properties: {
privateEndpoint: {}
privateLinkServiceConnectionState: {
actionsRequired: 'string'
description: 'string'
status: 'string'
}
}
}
]
provisioningState: 'string'
publicNetworkAccess: 'string'
state: 'string'
}
resourcegroup: 'string'
sku: {
capacity: int
name: 'string'
}
subscriptionid: 'string'
tags: {
{customized property}: 'string'
}
}
Property values
IotDpsPropertiesDescription
Name | Description | Value |
---|---|---|
allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
enableDataResidency | Optional. Indicates if the DPS instance has Data Residency enabled, removing the cross geo-pair disaster recovery. |
bool |
iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
ipFilterRules | The IP filter rules. | IpFilterRule[] |
portalOperationsHostName | Portal endpoint to enable CORS for this provisioning service. | string |
privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
provisioningState | The ARM provisioning state of the provisioning service. | string |
publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
Name | Description | Value |
---|---|---|
capacity | The number of units to provision | int |
name | Sku name. | 'S1' |
IotHubDefinitionDescription
Name | Description | Value |
---|---|---|
allocationWeight | weight to apply for a given iot h. | int |
applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
authenticationType | IotHub MI authentication type: KeyBased, UserAssigned, SystemAssigned. | 'KeyBased' 'SystemAssigned' 'UserAssigned' |
connectionString | Connection string of the IoT hub. | string |
location | ARM region of the IoT hub. | string (required) |
selectedUserAssignedIdentityResourceId | The selected user-assigned identity resource Id associated with IoT Hub. This is required when authenticationType is UserAssigned. | string |
IpFilterRule
Name | Description | Value |
---|---|---|
action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
filterName | The name of the IP filter rule. | string (required) |
ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Devices/provisioningServices
Name | Description | Value |
---|---|---|
etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
identity | The managed identities for a provisioning service. | ManagedServiceIdentity |
location | The resource location. | string (required) |
name | The resource name | string (required) |
properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
resourcegroup | The resource group of the resource. | string |
sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
subscriptionid | The subscription id of the resource. | string |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
PrivateEndpoint
Name | Description | Value |
---|
PrivateEndpointConnection
Name | Description | Value |
---|---|---|
properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
Name | Description | Value |
---|---|---|
privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
Name | Description | Value |
---|---|---|
actionsRequired | Actions required for a private endpoint connection | string |
description | The description for the current state of a private endpoint connection | string (required) |
status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
Name | Description | Value |
---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
Name | Description | Value |
---|---|---|
keyName | Name of the key. | string (required) |
primaryKey | Primary SAS key value. | string |
rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
secondaryKey | Secondary SAS key value. | string |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart samples
The following quickstart samples deploy this resource type.
Bicep File | Description |
---|---|
Create an IoT Hub Device Provisioning Service | This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. |
ARM template resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following JSON to your template.
{
"type": "Microsoft.Devices/provisioningServices",
"apiVersion": "2025-02-01-preview",
"name": "string",
"etag": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"location": "string",
"properties": {
"allocationPolicy": "string",
"authorizationPolicies": [
{
"keyName": "string",
"primaryKey": "string",
"rights": "string",
"secondaryKey": "string"
}
],
"enableDataResidency": "bool",
"iotHubs": [
{
"allocationWeight": "int",
"applyAllocationPolicy": "bool",
"authenticationType": "string",
"connectionString": "string",
"location": "string",
"selectedUserAssignedIdentityResourceId": "string"
}
],
"ipFilterRules": [
{
"action": "string",
"filterName": "string",
"ipMask": "string",
"target": "string"
}
],
"portalOperationsHostName": "string",
"privateEndpointConnections": [
{
"properties": {
"privateEndpoint": {
},
"privateLinkServiceConnectionState": {
"actionsRequired": "string",
"description": "string",
"status": "string"
}
}
}
],
"provisioningState": "string",
"publicNetworkAccess": "string",
"state": "string"
},
"resourcegroup": "string",
"sku": {
"capacity": "int",
"name": "string"
},
"subscriptionid": "string",
"tags": {
"{customized property}": "string"
}
}
Property values
IotDpsPropertiesDescription
Name | Description | Value |
---|---|---|
allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
enableDataResidency | Optional. Indicates if the DPS instance has Data Residency enabled, removing the cross geo-pair disaster recovery. |
bool |
iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
ipFilterRules | The IP filter rules. | IpFilterRule[] |
portalOperationsHostName | Portal endpoint to enable CORS for this provisioning service. | string |
privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
provisioningState | The ARM provisioning state of the provisioning service. | string |
publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
Name | Description | Value |
---|---|---|
capacity | The number of units to provision | int |
name | Sku name. | 'S1' |
IotHubDefinitionDescription
Name | Description | Value |
---|---|---|
allocationWeight | weight to apply for a given iot h. | int |
applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
authenticationType | IotHub MI authentication type: KeyBased, UserAssigned, SystemAssigned. | 'KeyBased' 'SystemAssigned' 'UserAssigned' |
connectionString | Connection string of the IoT hub. | string |
location | ARM region of the IoT hub. | string (required) |
selectedUserAssignedIdentityResourceId | The selected user-assigned identity resource Id associated with IoT Hub. This is required when authenticationType is UserAssigned. | string |
IpFilterRule
Name | Description | Value |
---|---|---|
action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
filterName | The name of the IP filter rule. | string (required) |
ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Devices/provisioningServices
Name | Description | Value |
---|---|---|
apiVersion | The api version | '2025-02-01-preview' |
etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
identity | The managed identities for a provisioning service. | ManagedServiceIdentity |
location | The resource location. | string (required) |
name | The resource name | string (required) |
properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
resourcegroup | The resource group of the resource. | string |
sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
subscriptionid | The subscription id of the resource. | string |
tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
type | The resource type | 'Microsoft.Devices/provisioningServices' |
PrivateEndpoint
Name | Description | Value |
---|
PrivateEndpointConnection
Name | Description | Value |
---|---|---|
properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
Name | Description | Value |
---|---|---|
privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
Name | Description | Value |
---|---|---|
actionsRequired | Actions required for a private endpoint connection | string |
description | The description for the current state of a private endpoint connection | string (required) |
status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
Name | Description | Value |
---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
Name | Description | Value |
---|---|---|
keyName | Name of the key. | string (required) |
primaryKey | Primary SAS key value. | string |
rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
secondaryKey | Secondary SAS key value. | string |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|
Quickstart templates
The following quickstart templates deploy this resource type.
Template | Description |
---|---|
Create an IOT Hub and Ubuntu edge simulator |
This template creates an IOT Hub and Virtual Machine Ubuntu edge simulator. |
Create an IoT Hub Device Provisioning Service |
This template enables you to create an IoT hub and an IoT Hub Device Provisioning Service, and link the two services together. |
Terraform (AzAPI provider) resource definition
The provisioningServices resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Devices/provisioningServices resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Devices/provisioningServices@2025-02-01-preview"
name = "string"
etag = "string"
identity = {
type = "string"
userAssignedIdentities = {
{customized property} = {
}
}
}
location = "string"
resourcegroup = "string"
sku = {
capacity = int
name = "string"
}
subscriptionid = "string"
tags = {
{customized property} = "string"
}
body = jsonencode({
properties = {
allocationPolicy = "string"
authorizationPolicies = [
{
keyName = "string"
primaryKey = "string"
rights = "string"
secondaryKey = "string"
}
]
enableDataResidency = bool
iotHubs = [
{
allocationWeight = int
applyAllocationPolicy = bool
authenticationType = "string"
connectionString = "string"
location = "string"
selectedUserAssignedIdentityResourceId = "string"
}
]
ipFilterRules = [
{
action = "string"
filterName = "string"
ipMask = "string"
target = "string"
}
]
portalOperationsHostName = "string"
privateEndpointConnections = [
{
properties = {
privateEndpoint = {
}
privateLinkServiceConnectionState = {
actionsRequired = "string"
description = "string"
status = "string"
}
}
}
]
provisioningState = "string"
publicNetworkAccess = "string"
state = "string"
}
})
}
Property values
IotDpsPropertiesDescription
Name | Description | Value |
---|---|---|
allocationPolicy | Allocation policy to be used by this provisioning service. | 'GeoLatency' 'Hashed' 'Static' |
authorizationPolicies | List of authorization keys for a provisioning service. | SharedAccessSignatureAuthorizationRuleAccessRightsDescription[] |
enableDataResidency | Optional. Indicates if the DPS instance has Data Residency enabled, removing the cross geo-pair disaster recovery. |
bool |
iotHubs | List of IoT hubs associated with this provisioning service. | IotHubDefinitionDescription[] |
ipFilterRules | The IP filter rules. | IpFilterRule[] |
portalOperationsHostName | Portal endpoint to enable CORS for this provisioning service. | string |
privateEndpointConnections | Private endpoint connections created on this IotHub | PrivateEndpointConnection[] |
provisioningState | The ARM provisioning state of the provisioning service. | string |
publicNetworkAccess | Whether requests from Public Network are allowed | 'Disabled' 'Enabled' |
state | Current state of the provisioning service. | 'Activating' 'ActivationFailed' 'Active' 'Deleted' 'Deleting' 'DeletionFailed' 'FailingOver' 'FailoverFailed' 'Resuming' 'Suspended' 'Suspending' 'Transitioning' |
IotDpsSkuInfo
Name | Description | Value |
---|---|---|
capacity | The number of units to provision | int |
name | Sku name. | 'S1' |
IotHubDefinitionDescription
Name | Description | Value |
---|---|---|
allocationWeight | weight to apply for a given iot h. | int |
applyAllocationPolicy | flag for applying allocationPolicy or not for a given iot hub. | bool |
authenticationType | IotHub MI authentication type: KeyBased, UserAssigned, SystemAssigned. | 'KeyBased' 'SystemAssigned' 'UserAssigned' |
connectionString | Connection string of the IoT hub. | string |
location | ARM region of the IoT hub. | string (required) |
selectedUserAssignedIdentityResourceId | The selected user-assigned identity resource Id associated with IoT Hub. This is required when authenticationType is UserAssigned. | string |
IpFilterRule
Name | Description | Value |
---|---|---|
action | The desired action for requests captured by this rule. | 'Accept' 'Reject' (required) |
filterName | The name of the IP filter rule. | string (required) |
ipMask | A string that contains the IP address range in CIDR notation for the rule. | string (required) |
target | Target for requests captured by this rule. | 'all' 'deviceApi' 'serviceApi' |
ManagedServiceIdentity
Name | Description | Value |
---|---|---|
type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | UserAssignedIdentities |
Microsoft.Devices/provisioningServices
Name | Description | Value |
---|---|---|
etag | The Etag field is not required. If it is provided in the response body, it must also be provided as a header per the normal ETag convention. | string |
identity | The managed identities for a provisioning service. | ManagedServiceIdentity |
location | The resource location. | string (required) |
name | The resource name | string (required) |
properties | Service specific properties for a provisioning service | IotDpsPropertiesDescription (required) |
resourcegroup | The resource group of the resource. | string |
sku | Sku info for a provisioning Service. | IotDpsSkuInfo (required) |
subscriptionid | The subscription id of the resource. | string |
tags | Resource tags | Dictionary of tag names and values. |
type | The resource type | "Microsoft.Devices/provisioningServices@2025-02-01-preview" |
PrivateEndpoint
Name | Description | Value |
---|
PrivateEndpointConnection
Name | Description | Value |
---|---|---|
properties | The properties of a private endpoint connection | PrivateEndpointConnectionProperties (required) |
PrivateEndpointConnectionProperties
Name | Description | Value |
---|---|---|
privateEndpoint | The private endpoint property of a private endpoint connection | PrivateEndpoint |
privateLinkServiceConnectionState | The current state of a private endpoint connection | PrivateLinkServiceConnectionState (required) |
PrivateLinkServiceConnectionState
Name | Description | Value |
---|---|---|
actionsRequired | Actions required for a private endpoint connection | string |
description | The description for the current state of a private endpoint connection | string (required) |
status | The status of a private endpoint connection | 'Approved' 'Disconnected' 'Pending' 'Rejected' (required) |
ResourceTags
Name | Description | Value |
---|
SharedAccessSignatureAuthorizationRuleAccessRightsDescription
Name | Description | Value |
---|---|---|
keyName | Name of the key. | string (required) |
primaryKey | Primary SAS key value. | string |
rights | Rights that this key has. | 'DeviceConnect' 'EnrollmentRead' 'EnrollmentWrite' 'RegistrationStatusRead' 'RegistrationStatusWrite' 'ServiceConfig' (required) |
secondaryKey | Secondary SAS key value. | string |
UserAssignedIdentities
Name | Description | Value |
---|
UserAssignedIdentity
Name | Description | Value |
---|