az iot dps policy

Manage shared access policies for an Azure IoT Hub Device Provisioning Service instance.


Name Description Type Status
az iot dps policy create

Create a new shared access policy in an Azure IoT Hub Device Provisioning Service instance.

Core GA
az iot dps policy delete

Delete a shared access policies in an Azure IoT Hub Device Provisioning Service instance.

Core GA
az iot dps policy list

List all shared access policies in an Azure IoT Hub Device Provisioning Service instance.

Core GA
az iot dps policy show

Show details of a shared access policies in an Azure IoT Hub Device Provisioning Service instance.

Core GA
az iot dps policy update

Update a shared access policy in an Azure IoT Hub Device Provisioning Service instance.

Core GA

az iot dps policy create

Create a new shared access policy in an Azure IoT Hub Device Provisioning Service instance.

az iot dps policy create --dps-name
                         --rights {DeviceConnect, EnrollmentRead, EnrollmentWrite, RegistrationStatusRead, RegistrationStatusWrite, ServiceConfig}


Create a new shared access policy in an Azure IoT Hub Device Provisioning Service instance with EnrollmentRead right

az iot dps policy create --dps-name MyDps --resource-group MyResourceGroup --policy-name MyPolicy --rights EnrollmentRead

Required Parameters

--dps-name -n

IoT Hub Device Provisioning Service name.

--pn --policy-name

A friendly name for DPS access policy.

--rights -r

Access rights for the IoT Hub Device Provisioning Service. Use space-separated list for multiple rights.

Accepted values: DeviceConnect, EnrollmentRead, EnrollmentWrite, RegistrationStatusRead, RegistrationStatusWrite, ServiceConfig

Optional Parameters


Do not wait for the long-running operation to finish.

Default value: False

Primary SAS key value, if not provided it will be generated by the service.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.


Secondary SAS key value, if not provided it will be generated by the service.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az iot dps policy delete

Delete a shared access policies in an Azure IoT Hub Device Provisioning Service instance.

az iot dps policy delete --dps-name


Delete shared access policy 'MyPolicy' in the Azure IoT Hub Device Provisioning Service instance 'MyDps'

az iot dps policy delete --dps-name MyDps --resource-group MyResourceGroup --policy-name MyPolicy

Required Parameters

--dps-name -n

IoT Hub Device Provisioning Service name.

--pn --policy-name

A friendly name for DPS access policy.

Optional Parameters


Do not wait for the long-running operation to finish.

Default value: False
--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az iot dps policy list

List all shared access policies in an Azure IoT Hub Device Provisioning Service instance.

az iot dps policy list --dps-name


List all shared access policies in MyDps in the Azure IoT Hub Device Provisioning Service instance 'MyDps'

az iot dps policy list --dps-name MyDps --resource-group MyResourceGroup

Required Parameters

--dps-name -n

IoT Hub Device Provisioning Service name.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az iot dps policy show

Show details of a shared access policies in an Azure IoT Hub Device Provisioning Service instance.

az iot dps policy show --dps-name


Show details of shared access policy 'MyPolicy' in the Azure IoT Hub Device Provisioning Service instance 'MyDps'

az iot dps policy show --dps-name MyDps --resource-group MyResourceGroup --policy-name MyPolicy

Required Parameters

--dps-name -n

IoT Hub Device Provisioning Service name.

--pn --policy-name

A friendly name for DPS access policy.

Optional Parameters

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.

az iot dps policy update

Update a shared access policy in an Azure IoT Hub Device Provisioning Service instance.

az iot dps policy update --dps-name
                         [--rights {DeviceConnect, EnrollmentRead, EnrollmentWrite, RegistrationStatusRead, RegistrationStatusWrite, ServiceConfig}]


Update shared access policy 'MyPolicy' in an Azure IoT Hub Device Provisioning Service instance with EnrollmentWrite right

az iot dps policy update --dps-name MyDps --resource-group MyResourceGroup --policy-name MyPolicy --rights EnrollmentWrite

Regenerate keys for access policy 'MyPolicy' by updating keys to empty values

az iot dps policy update --dps-name MyDps --resource-group MyResourceGroup --policy-name MyPolicy --primary-key "" --secondary-key ""

Required Parameters

--dps-name -n

IoT Hub Device Provisioning Service name.

--pn --policy-name

A friendly name for DPS access policy.

Optional Parameters


Do not wait for the long-running operation to finish.

Default value: False

Primary SAS key value. Set to empty string in order to regenerate a new primary key.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

--rights -r

Access rights for the IoT Hub Device Provisioning Service. Use space-separated list for multiple rights.

Accepted values: DeviceConnect, EnrollmentRead, EnrollmentWrite, RegistrationStatusRead, RegistrationStatusWrite, ServiceConfig

Secondary SAS key value. Set to empty string in order to regenerate a new secondary key.

Global Parameters

Increase logging verbosity to show all debug logs.

--help -h

Show this help message and exit.


Only show errors, suppressing warnings.

--output -o

Output format.

Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
Default value: json

JMESPath query string. See for more information and examples.


Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.


Increase logging verbosity. Use --debug for full debug logs.