| author | SoniaLopezBravo |
|---|---|
| ms.service | azure-iot-hub |
| ms.topic | include |
| ms.date | 10/14/2025 |
| ms.author | sonialopez |
| ms.subservice | azure-iot-hub-dps |
-
Sign in to the Azure portal and navigate to your Device Provisioning Service instance.
-
Select Manage enrollments from the Settings section of the navigation menu.
-
At the top of the page, select Add enrollment group.
-
On the Registration + provisioning tab of the Add enrollment group page, provide the following information to configure the enrollment group details:
Field Description Attestation Select X.509 intermediate certificates as the Attestation mechanism if you want to upload intermediate certificates to be used for just this enrollment group, or select X.509 certificates uploaded to this Device Provisioning Service if you already uploaded intermediate certificates. X.509 certificate settings Depending on the attestation method that you chose, either upload or select the primary and secondary intermediate certificates for this enrollment group. Group name Provide a name for the group of devices. The enrollment group name is a case-insensitive string (up to 128 characters long) of alphanumeric characters plus the special characters: '-','.','_',':'. The last character must be alphanumeric or dash ('-').Provisioning status Check the Enable this enrollment box if you want this enrollment group to be available to provision devices. Uncheck this box if you want the group to be disabled. You can change this setting later. Reprovision policy Choose a reprovision policy that reflects how you want DPS to handle devices that request reprovisioning. For more information, see Reprovision policies :::image type="content" source="../articles/iot-dps/media/how-to-manage-enrollments/add-enrollment-group-cert.png" alt-text="Screenshot that shows adding an enrollment group for X.509 certificate attestation.":::
-
Select Next: IoT hubs.
-
On the IoT hubs tab of the Add enrollment group page, provide the following information to determine which IoT hubs the enrollment group can provision devices to:
Field Description Target IoT hubs Select one or more of your linked IoT hubs, or add a new link to an IoT hub. To learn more about linking IoT hubs to your DPS instance, see How to link and manage IoT hubs. Allocation policy If you selected more than one linked IoT hub, select how you want to assign devices to the different hubs. To learn more about allocation policies, see How to use allocation policies.
If you selected only one linked IoT hub, we recommend using the Evenly weighted distribution policy.:::image type="content" source="../articles/iot-dps/media/how-to-manage-enrollments/add-enrollment-group-key-linked-hub.png" alt-text="Screenshot that shows connecting IoT hubs to the new enrollment group.":::
-
Select Next: Device settings
-
On the Device settings tab of the Add enrollment group page, provide the following information to define how newly provisioned devices are configured:
Field Description IoT Edge Check the Enable IoT Edge on provisioned devices if all the devices provisioned through this group run Azure IoT Edge. Uncheck this box if this group is for non-IoT Edge-enabled devices only. Either all devices in a group are IoT Edge-enabled or none can be. Device tags Use this text box to provide any tags that you want to apply to the device twins of provisioned devices. Desired properties Use this text box to provide any desired properties that you want to apply to the device twins of provisioned devices. For more information, see Understand and use device twins in IoT Hub.
-
Select Next: Review + create.
-
On the Review + create tab, verify all of your values then select Create.