az iot central enrollment-group
Note
This reference is part of the azure-iot extension for the Azure CLI (version 2.59.0 or higher). The extension will automatically install the first time you run an az iot central enrollment-group command. Learn more about extensions.
Manage and configure IoT Central enrollment group.
Commands
| Name | Description | Type | Status | 
|---|---|---|---|
| az iot central enrollment-group create | Create an enrollment group. | Extension | GA | 
| az iot central enrollment-group delete | Delete an enrollment group by ID. | Extension | GA | 
| az iot central enrollment-group generate-verification-code | Generate a verification code for the primary or secondary x509 certificate of an enrollment group. | Extension | GA | 
| az iot central enrollment-group list | Get the list of enrollment groups in an application. | Extension | GA | 
| az iot central enrollment-group show | Get details about an enrollment group by ID. | Extension | GA | 
| az iot central enrollment-group update | Update an enrollment group. | Extension | GA | 
| az iot central enrollment-group verify-certificate | Verify the primary or secondary x509 certificate of an enrollment group. | Extension | GA | 
az iot central enrollment-group create
Create an enrollment group.
az iot central enrollment-group create --app-id
                                       --at --attestation-type {symmetricKey, x509}
                                       --display-name
                                       --group-id --id
                                       --type
                                       [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri --central-dns-suffix]
                                       [--certificate-path --cp]
                                       [--etag]
                                       [--pk --primary-key]
                                       [--provisioning-status --ps {disabled, enabled}]
                                       [--scp --secondary-certificate-path]
                                       [--secondary-key --sk]
                                       [--token]Examples
Create an enrollment group
az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at {attestation} --display-name {displayName} --type {type}Create an enrollment group with x509 primary certification
az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at 'x509' --display-name {displayName} --type {type} --cp {primayCertPath}Create an enrollment group with given symmetric key certification
az iot central enrollment-group create --app-id {appid} --id {enrollmentGroupId} --at 'symmetricKey' --display-name {displayName} --type {type} --pk {primaryKey} --sk {secondaryKey}Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
The attestation mechanism for the enrollment group. Only 'x509' or 'symmetricKey' are allowed.By default 'symmetricKey' will be used for attestation.
| Property | Value | 
|---|---|
| Default value: | symmetricKey | 
| Accepted values: | symmetricKey, x509 | 
Display name of the enrollment group.
Unique identifier for the enrollment group.
Type of devices that connect through the group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
The path to the file containing the primary certificate.
Etag or entity tag corresponding to the last state of the resource. If no etag is provided the value '*' is used.
The primary symmetric shared access key stored in base64 format.
Whether the devices using the group are allowed to connect to IoT Central. True or False.
| Property | Value | 
|---|---|
| Default value: | enabled | 
| Accepted values: | disabled, enabled | 
The path to the file containing the secondary certificate.
The secondary symmetric shared access key stored in base64 format.
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group delete
Delete an enrollment group by ID.
az iot central enrollment-group delete --app-id
                                       --group-id --id
                                       [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri --central-dns-suffix]
                                       [--token]Examples
Delete an enrollment group by ID
az iot central enrollment-group delete --app-id {appid} --id {enrollmentGroupId}Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Unique identifier for the enrollment group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group generate-verification-code
Generate a verification code for the primary or secondary x509 certificate of an enrollment group.
az iot central enrollment-group generate-verification-code --app-id
                                                           --group-id --id
                                                           [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                                           [--central-api-uri --central-dns-suffix]
                                                           [--certificate-entry --entry {primary, secondary}]
                                                           [--token]Examples
Generate a verification code for the primary x509 certificate of an enrollment group
az iot central enrollment-group generate-verification-code --app-id {appid} --id {enrollmentGroupId} --entry 'primary'Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Unique identifier for the enrollment group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
Entry type of the x509 certificate which only allows 'primary' and 'secondary'.
| Property | Value | 
|---|---|
| Accepted values: | primary, secondary | 
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group list
Get the list of enrollment groups in an application.
az iot central enrollment-group list --app-id
                                     [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                     [--central-api-uri --central-dns-suffix]
                                     [--token]Examples
Get the list of enrollment groups in an application
az iot central enrollment-group list --app-id {appid}Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group show
Get details about an enrollment group by ID.
az iot central enrollment-group show --app-id
                                     --group-id --id
                                     [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                     [--central-api-uri --central-dns-suffix]
                                     [--certificate-entry --entry {primary, secondary}]
                                     [--token]Examples
Get details about an enrollment group by ID
az iot central enrollment-group show --app-id {appid} --id {enrollmentGroupId}Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Unique identifier for the enrollment group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
Entry type of the x509 certificate which only allows 'primary' and 'secondary'.
| Property | Value | 
|---|---|
| Accepted values: | primary, secondary | 
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group update
Update an enrollment group.
az iot central enrollment-group update --app-id
                                       --group-id --id
                                       [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                       [--central-api-uri --central-dns-suffix]
                                       [--certificate-entry --entry {primary, secondary}]
                                       [--certificate-path --cp]
                                       [--display-name]
                                       [--etag]
                                       [--provisioning-status --ps {disabled, enabled}]
                                       [--remove-x509 {false, true}]
                                       [--scp --secondary-certificate-path]
                                       [--token]
                                       [--type]Examples
Update an enrollment group
az iot central enrollment-group update --app-id {appid} --id {enrollmentGroupId} --display-name {displayName} --type {type} --ps {enabled}Remove x509 primary certificate from an enrollment group
az iot central enrollment-group update --app-id {appid} --id {enrollmentGroupId} --remove-x509 'true' --entry 'primary'Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Unique identifier for the enrollment group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
Entry type of the x509 certificate which only allows 'primary' and 'secondary'.
| Property | Value | 
|---|---|
| Accepted values: | primary, secondary | 
The path to the file containing the primary certificate.
Display name of the enrollment group.
ETag used to prevent conflict in enrollment group updates.
Whether the devices using the group are allowed to connect to IoT Central. True or False.
| Property | Value | 
|---|---|
| Default value: | enabled | 
| Accepted values: | disabled, enabled | 
Whether the x509 certificate should be removed from the group. True or False.
| Property | Value | 
|---|---|
| Accepted values: | false, true | 
The path to the file containing the secondary certificate.
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Type of devices that connect through the group.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
az iot central enrollment-group verify-certificate
Verify the primary or secondary x509 certificate of an enrollment group.
Verify the primary or secondary x509 certificate of an enrollment group by providing a certificate with the signed verification code.
Please note that if an enrollment group was created with an unverified x509 certificate, a verification certificate will need to be created using the unverified x509 certificate and a verification code before using this command. A verification code can be generated via cli using the 'enrollment-group generate-verification-code' command. Learn more on how to create verification certificates using verification code at https://free.blessedness.top/en-us/azure/iot-central/core/how-to-connect-devices-x509.
az iot central enrollment-group verify-certificate --app-id
                                                   --group-id --id
                                                   [--api-version --av {2022-06-30-preview, 2022-07-31}]
                                                   [--central-api-uri --central-dns-suffix]
                                                   [--certificate-path --cp]
                                                   [--scp --secondary-certificate-path]
                                                   [--token]Examples
Verify the primary x509 certificate of an enrollment group
az iot central enrollment-group verify-certificate --app-id {appid} --id {enrollmentGroupId} --cp {primayCertPath}Required Parameters
The App ID of the IoT Central app you want to manage. You can find the App ID in the "About" page for your application under the help menu.
Unique identifier for the enrollment group.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Argument 'api_version' has been deprecated and will be removed in a future release.
This command parameter has been deprecated and will be ignored.In the future release, we will only support IoT Central APIs from latest GA version.If any API is not GA yet, we will call latest preview version.
| Property | Value | 
|---|---|
| Default value: | 2022-07-31 | 
| Accepted values: | 2022-06-30-preview, 2022-07-31 | 
The IoT Central DNS suffix associated with your application.
| Property | Value | 
|---|---|
| Default value: | azureiotcentral.com | 
The path to the file containing the primary certificate.
The path to the file containing the secondary certificate.
If you'd prefer to submit your request without authenticating against the Azure CLI, you can specify a valid user token to authenticate your request. You must specify the type of key as part of the request. Learn more at https://aka.ms/iotcentraldocsapi.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value | 
|---|---|
| Default value: | False | 
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value | 
|---|---|
| Default value: | False | 
Output format.
| Property | Value | 
|---|---|
| Default value: | json | 
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc | 
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value | 
|---|---|
| Default value: | False |