| title | Create an Azure IoT hub | ||
|---|---|---|---|
| titleSuffix | Azure IoT Hub | ||
| description | How to create, manage, and delete Azure IoT hubs through the Azure portal, CLI, and PowerShell. Includes information about retrieving the service connection string. | ||
| author | cwatson-cat | ||
| ms.author | cwatson | ||
| ms.service | azure-iot-hub | ||
| ms.topic | how-to | ||
| ms.date | 06/25/2025 | ||
| ms.custom |
|
This article explains how to create an IoT hub without Azure Device Registry (ADR) and certificate management integration. If you want to create an IoT hub integrated with these preview features, see Get started with ADR and certificate management in IoT Hub (Preview).
Prepare the following prerequisites, depending on which tool you use.
- Access to the Azure portal.
-
The Azure CLI installed on your development machine. If you don't have the Azure CLI, follow the steps provided in How to install the Azure CLI.
-
A resource group in your Azure subscription. If you want to create a new resource group, use the az group create command:
az group create --name <RESOURCE_GROUP_NAME> --location <REGION>
-
Azure PowerShell installed on your development machine. If you don't have Azure PowerShell, follow the steps provided in How to install Azure PowerShell.
-
A resource group in your Azure subscription. If you want to create a new resource group, use the New-AzResourceGroup command:
New-AzResourceGroup -Name <RESOURCE_GROUP_NAME> -Location "<REGION>"
[!INCLUDE iot-hub-include-create-hub]
Use the az iot hub create command to create an IoT hub in your resource group, using a globally unique name for your IoT hub. For example:
az iot hub create --name <NEW_NAME_FOR_YOUR_IOT_HUB> --resource-group <RESOURCE_GROUP_NAME> --sku S1
[!INCLUDE iot-hub-pii-note-naming-hub]
The previous command creates an IoT hub in the S1 pricing tier. For more information, see Azure IoT Hub pricing.
Use the New-AzIotHub command to create an IoT hub in your resource group. The name of the IoT hub must be globally unique. For example:
New-AzIotHub `
-ResourceGroupName <RESOURCE_GROUP_NAME> `
-Name <NEW_NAME_FOR_YOUR_IOT_HUB> `
-SkuName S1 -Units 1 `
-Location "<REGION>"
[!INCLUDE iot-hub-pii-note-naming-hub]
The previous command creates an IoT hub in the S1 pricing tier. For more information, see Azure IoT Hub pricing.
Provide access permissions to applications and services that use IoT Hub functionality.
Connection strings are tokens that grant devices and services permissions to connect to IoT Hub based on shared access policies. Connection strings are an easy way to get started with IoT Hub, and are used in many samples and tutorials, but aren't recommended for production scenarios.
For most sample scenarios, the service policy is sufficient. The service policy grants Service Connect permissions to access service endpoints. For more information about the other built-in shared access policies, see Access control and permissions.
To get the IoT Hub connection string for the service policy, follow these steps:
-
In the Azure portal, select Resource groups. Select the resource group where your hub is located, and then select your hub from the list of resources.
-
On the left-side pane of your IoT hub, select Shared access policies under Security settings.
-
From the list of policies, select the service policy.
-
Copy the Primary connection string and save the value.
Use the az iot hub connection-string show command to get a connection string for your IoT hub that grants the service policy permissions:
az iot hub connection-string show --hub-name <YOUR_IOT_HUB_NAME> --policy-name service
The service connection string should look similar to the following example:
"HostName=<IOT_HUB_NAME>.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=<SHARED_ACCESS_KEY>"
Use the Get-AzIotHubConnectionString command to get a connection string for your IoT hub that grants the service policy permissions.
Get-AzIotHubConnectionString -ResourceGroupName "<YOUR_RESOURCE_GROUP>" -Name "<YOUR_IOT_HUB_NAME>" -KeyName "service"
The service connection string should look similar to the following example:
"HostName=<IOT_HUB_NAME>.azure-devices.net;SharedAccessKeyName=service;SharedAccessKey=<SHARED_ACCESS_KEY>"
Authenticating access by using Microsoft Entra ID and controlling permissions by using Azure role-based access control (RBAC) provides improved security and ease of use over security tokens. To minimize potential security issues inherent in security tokens, we recommend that you enforce Microsoft Entra authentication whenever possible. For more information, see Control access to IoT Hub by using Microsoft Entra ID.
When you delete an IoT hub, you lose the associated device identity registry. If you want to move or upgrade an IoT hub, or delete an IoT hub but keep the devices, consider migrating an IoT hub using the Azure CLI.
To delete an IoT hub, open your IoT hub in the Azure portal, then choose Delete.
:::image type="content" source="./media/create-hub/delete-iot-hub.png" alt-text="Screenshot showing where to find the delete button for an IoT hub in the Azure portal." lightbox="./media/create-hub/delete-iot-hub.png":::
To delete an IoT hub, run the az iot hub delete command:
az iot hub delete --name <IOT_HUB_NAME> --resource-group <RESOURCE_GROUP_NAME>
To delete the IoT hub, use the Remove-AzIotHub command.
Remove-AzIotHub `
-ResourceGroupName MyIoTRG1 `
-Name MyTestIoTHub
In addition to the Azure portal and CLI, the following tools are available to help you work with IoT hubs in whichever way supports your scenario:
-
IoT Hub resource provider REST API: Use the IoT Hub Resource set of operations.
-
Azure resource manager templates, Bicep, or Terraform: Use the Microsoft.Devices/IoTHubs resource type. For examples, see IoT Hub sample templates.
-
Visual Studio Code: Use the Azure IoT Hub extension for Visual Studio Code.