Enrollment Group - Get

Service:: IoT Hub Device Provisioning Service

API Version:: 2021-10-01

Get a device enrollment group.

GET https://{dpsName}.azure-devices-provisioning.net/enrollmentGroups/{id}?api-version=2021-10-01

URI Parameters

Name	In	Required	Type	Description
dpsName	path	True	string	The DPS instance hostname.
id	path	True	string	Enrollment group ID.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Header

Name	Required	Type	Description
Authorization	True	string

Responses

Name	Type	Description
200 OK	EnrollmentGroup	The request has succeeded.
Other Status Codes	ProvisioningServiceErrorDetails	An unexpected error response. Headers x-ms-error-code: string

Name

Type

Description

200 OK

EnrollmentGroup

The request has succeeded.

Other Status Codes

ProvisioningServiceErrorDetails

An unexpected error response.

Headers

x-ms-error-code: string

Security

Authorization

Type: apiKey
In: header

Examples

EnrollmentGroup_Get_MaximumSet_Gen

EnrollmentGroup_Get_MinimumSet_Gen

EnrollmentGroup_Get_MaximumSet_Gen

Sample request

HTTP

GET https://{dpsName}.azure-devices-provisioning.net/enrollmentGroups/aeejtkwwsgoraodfdlh?api-version=2021-10-01

Sample response

Status code:: 200

{
  "allocationPolicy": "hashed",
  "attestation": {
    "type": "none",
    "symmetricKey": {
      "primaryKey": "tdoshkmlo",
      "secondaryKey": "lmajoyzuojahffcmdlcwjhntqzyqzk"
    },
    "tpm": {
      "endorsementKey": "naoofgjbxiulcitlysusxdvagyucgn",
      "storageRootKey": "tdgkgcvptrsw"
    },
    "x509": {
      "caReferences": {
        "primary": "efbkbboxkvrsdl",
        "secondary": "vckhuzqgbcinighxwyuyd"
      },
      "clientCertificates": {
        "primary": {
          "info": {
            "issuerName": "pkuinyhttjlozsbtvxuizzkjlakga",
            "notAfterUtc": "2025-10-01T17:42:04.760Z",
            "notBeforeUtc": "2025-10-01T17:42:04.760Z",
            "serialNumber": "mzoidcxayenpgyrek",
            "sha1Thumbprint": "fdmftjqllzvxcd",
            "sha256Thumbprint": "ei",
            "subjectName": "qqjdjgrkiqvtnshkisozut",
            "version": 12
          },
          "certificate": "gkozpt"
        },
        "secondary": {
          "info": {
            "issuerName": "pkuinyhttjlozsbtvxuizzkjlakga",
            "notAfterUtc": "2025-10-01T17:42:04.760Z",
            "notBeforeUtc": "2025-10-01T17:42:04.760Z",
            "serialNumber": "mzoidcxayenpgyrek",
            "sha1Thumbprint": "fdmftjqllzvxcd",
            "sha256Thumbprint": "ei",
            "subjectName": "qqjdjgrkiqvtnshkisozut",
            "version": 12
          },
          "certificate": "gkozpt"
        }
      },
      "signingCertificates": {
        "primary": {
          "info": {
            "issuerName": "pkuinyhttjlozsbtvxuizzkjlakga",
            "notAfterUtc": "2025-10-01T17:42:04.760Z",
            "notBeforeUtc": "2025-10-01T17:42:04.760Z",
            "serialNumber": "mzoidcxayenpgyrek",
            "sha1Thumbprint": "fdmftjqllzvxcd",
            "sha256Thumbprint": "ei",
            "subjectName": "qqjdjgrkiqvtnshkisozut",
            "version": 12
          },
          "certificate": "gkozpt"
        },
        "secondary": {
          "info": {
            "issuerName": "pkuinyhttjlozsbtvxuizzkjlakga",
            "notAfterUtc": "2025-10-01T17:42:04.760Z",
            "notBeforeUtc": "2025-10-01T17:42:04.760Z",
            "serialNumber": "mzoidcxayenpgyrek",
            "sha1Thumbprint": "fdmftjqllzvxcd",
            "sha256Thumbprint": "ei",
            "subjectName": "qqjdjgrkiqvtnshkisozut",
            "version": 12
          },
          "certificate": "gkozpt"
        }
      }
    }
  },
  "capabilities": {
    "iotEdge": true
  },
  "createdDateTimeUtc": "2025-10-01T17:42:05.495Z",
  "customAllocationDefinition": {
    "apiVersion": "gbannxdstouqrfonxdxfurv",
    "webhookUrl": "todqbubyxeumrtvhsscedwrkz"
  },
  "enrollmentGroupId": "sfsevlobqfdnqmghunj",
  "etag": "kmvtdrkjyfzj",
  "initialTwin": {
    "properties": {
      "desired": {
        "count": 16,
        "key2428": {},
        "metadata": {
          "lastUpdated": "2025-10-01T17:42:04.760Z",
          "lastUpdatedVersion": 19
        },
        "version": 9
      }
    },
    "tags": {
      "count": 16,
      "key2428": {},
      "metadata": {
        "lastUpdated": "2025-10-01T17:42:04.760Z",
        "lastUpdatedVersion": 19
      },
      "version": 9
    }
  },
  "iotHubHostName": "dey",
  "iotHubs": [
    "ehqilokxpijrvaigiaf"
  ],
  "lastUpdatedDateTimeUtc": "2025-10-01T17:42:05.495Z",
  "provisioningStatus": "enabled",
  "reprovisionPolicy": {
    "migrateDeviceData": true,
    "updateHubAssignment": true
  }
}

EnrollmentGroup_Get_MinimumSet_Gen

Sample request

HTTP

GET https://{dpsName}.azure-devices-provisioning.net/enrollmentGroups/foizrzwygyrulkdxcyb?api-version=2021-10-01

Sample response

Status code:: 200

{
  "attestation": {
    "type": "none"
  },
  "enrollmentGroupId": "sfsevlobqfdnqmghunj"
}

Definitions

Name	Description
AllocationPolicy	The allocation policy of this resource. This policy overrides the tenant level allocation policy for this individual enrollment or enrollment group. Possible values include 'hashed': Linked IoT hubs are equally likely to have devices provisioned to them, 'geoLatency': Devices are provisioned to an IoT hub with the lowest latency to the device.If multiple linked IoT hubs would provide the same lowest latency, the provisioning service hashes devices across those hubs, 'static' : Specification of the desired IoT hub in the enrollment list takes priority over the service-level allocation policy, 'custom': Devices are provisioned to an IoT hub based on your own custom logic. The provisioning service passes information about the device to the logic, and the logic returns the desired IoT hub as well as the desired initial configuration. We recommend using Azure Functions to host your logic.
AttestationMechanism	Attestation mechanism for individualEnrollment as well as enrollmentGroup.
AttestationType	Attestation Type.
CustomAllocationDefinition	This tells DPS which webhook to call when using custom allocation.
DeviceCapabilities	Device capabilities.
EnrollmentGroup	Enrollment group record.
InitialTwin	Initial device twin. Contains a subset of the properties of Twin.
InitialTwinProperties	Represents the initial properties that will be set on the device twin.
Metadata	Metadata for the TwinCollection
ProvisioningServiceErrorDetails	Contains the properties of an error returned by the Azure IoT Hub Provisioning Service.
ProvisioningStatus	The provisioning status.
ReprovisionPolicy	The behavior of the service when a device is re-provisioned to an IoT hub.
SymmetricKeyAttestation	Attestation via SymmetricKey.
TpmAttestation	Attestation via TPM.
TwinCollection	Represents a collection of properties within a Twin
X509Attestation	Attestation via X509.
X509CAReferences	Primary and secondary CA references.
X509CertificateInfo	X509 certificate info.
X509Certificates	Primary and secondary certificates
X509CertificateWithInfo	Certificate and Certificate info

AllocationPolicy

Enumeration

The allocation policy of this resource. This policy overrides the tenant level allocation policy for this individual enrollment or enrollment group. Possible values include 'hashed': Linked IoT hubs are equally likely to have devices provisioned to them, 'geoLatency': Devices are provisioned to an IoT hub with the lowest latency to the device.If multiple linked IoT hubs would provide the same lowest latency, the provisioning service hashes devices across those hubs, 'static' : Specification of the desired IoT hub in the enrollment list takes priority over the service-level allocation policy, 'custom': Devices are provisioned to an IoT hub based on your own custom logic. The provisioning service passes information about the device to the logic, and the logic returns the desired IoT hub as well as the desired initial configuration. We recommend using Azure Functions to host your logic.

Value	Description
hashed	hashed
geoLatency	geoLatency
static	static
custom	custom

AttestationMechanism

Object

Attestation mechanism for individualEnrollment as well as enrollmentGroup.

Name	Type	Description
symmetricKey	SymmetricKeyAttestation	Symmetric Key attestation method.
tpm	TpmAttestation	TPM attestation method.
type	AttestationType	Attestation Type.
x509	X509Attestation	X509 attestation method.

AttestationType

Enumeration

Attestation Type.

Value	Description
none	none
tpm	tpm
x509	x509
symmetricKey	symmetricKey

CustomAllocationDefinition

Object

This tells DPS which webhook to call when using custom allocation.

Name	Type	Description
apiVersion	string	The API version of the provisioning service types (such as IndividualEnrollment) sent in the custom allocation request. Minimum supported version: "2018-09-01-preview".
webhookUrl	string	The webhook URL used for allocation requests.

DeviceCapabilities

Object

Device capabilities.

Name	Type	Default value	Description
iotEdge	boolean	False	If set to true, this device is an IoTEdge device.

EnrollmentGroup

Object

Enrollment group record.

Name	Type	Default value	Description
allocationPolicy	AllocationPolicy		The allocation policy of this resource. This policy overrides the tenant level allocation policy for this individual enrollment or enrollment group. Possible values include 'hashed': Linked IoT hubs are equally likely to have devices provisioned to them, 'geoLatency': Devices are provisioned to an IoT hub with the lowest latency to the device.If multiple linked IoT hubs would provide the same lowest latency, the provisioning service hashes devices across those hubs, 'static' : Specification of the desired IoT hub in the enrollment list takes priority over the service-level allocation policy, 'custom': Devices are provisioned to an IoT hub based on your own custom logic. The provisioning service passes information about the device to the logic, and the logic returns the desired IoT hub as well as the desired initial configuration. We recommend using Azure Functions to host your logic.
attestation	AttestationMechanism		Attestation method used by the device.
capabilities	DeviceCapabilities		Capabilities of the device.
createdDateTimeUtc	string (date-time)		The DateTime this resource was created.
customAllocationDefinition	CustomAllocationDefinition		This tells DPS which webhook to call when using custom allocation.
enrollmentGroupId	string		Enrollment Group ID.
etag	string		The entity tag associated with the resource.
initialTwin	InitialTwin		Initial device twin.
iotHubHostName	string		The Iot Hub host name.
iotHubs	string[]		The list of IoT Hub hostnames the device(s) in this resource can be allocated to. Must be a subset of tenant level list of IoT hubs.
lastUpdatedDateTimeUtc	string (date-time)		The DateTime this resource was last updated.
provisioningStatus	ProvisioningStatus	enabled	The provisioning status.
reprovisionPolicy	ReprovisionPolicy		The behavior when a device is re-provisioned to an IoT hub.

InitialTwin

Object

Initial device twin. Contains a subset of the properties of Twin.

Name	Type	Description
properties	InitialTwinProperties	Twin desired properties.
tags	TwinCollection	Twin tags.

InitialTwinProperties

Object

Represents the initial properties that will be set on the device twin.

Name	Type	Description
desired	TwinCollection	Gets and sets the InitialTwin desired properties.

Metadata

Object

Metadata for the TwinCollection

Name	Type	Description
lastUpdated	string (date-time)	Last time the TwinCollection was updated
lastUpdatedVersion	integer (int32)	This is null for reported properties metadata and is not null for desired properties metadata.

ProvisioningServiceErrorDetails

Object

Contains the properties of an error returned by the Azure IoT Hub Provisioning Service.

Name	Type	Description
errorCode	integer (int32)	Error code for the operation.
info	object	Dictionary of <string>
message	string	Human-readable error message.
timestampUtc	string (date-time)	UTC timestamp of the error.
trackingId	string	Tracking ID for the error.

ProvisioningStatus

Enumeration

The provisioning status.

Value	Description
enabled	enabled
disabled	disabled

ReprovisionPolicy

Object

The behavior of the service when a device is re-provisioned to an IoT hub.

Name	Type	Default value	Description
migrateDeviceData	boolean	True	When set to true (default), the Device Provisioning Service will migrate the device's data (twin, device capabilities, and device ID) from one IoT hub to another during an IoT hub assignment update. If set to false, the Device Provisioning Service will reset the device's data to the initial desired configuration stored in the corresponding enrollment list.
updateHubAssignment	boolean	True	When set to true (default), the Device Provisioning Service will evaluate the device's IoT Hub assignment and update it if necessary for any provisioning requests beyond the first from a given device. If set to false, the device will stay assigned to its current IoT hub.

SymmetricKeyAttestation

Object

Attestation via SymmetricKey.

Name	Type	Description
primaryKey	string	Primary symmetric key.
secondaryKey	string	Secondary symmetric key.

TpmAttestation

Object

Attestation via TPM.

Name	Type	Description
endorsementKey	string	TPM endorsement key.
storageRootKey	string	TPM storage root key.

TwinCollection

Object

Represents a collection of properties within a Twin

Name	Type	Description
count	integer (int32)	Number of properties in the TwinCollection
metadata	Metadata	Metadata for the TwinCollection
version	integer (int32)	Version of the TwinCollection

X509Attestation

Object

Attestation via X509.

Name	Type	Description
caReferences	X509CAReferences	Primary and secondary CA references.
clientCertificates	X509Certificates	Primary and secondary certificates
signingCertificates	X509Certificates	Primary and secondary certificates

X509CAReferences

Object

Primary and secondary CA references.

Name	Type	Description
primary	string	Primary CA reference.
secondary	string	Secondary CA reference.

X509CertificateInfo

Object

X509 certificate info.

Name	Type	Description
issuerName	string	Issuer name of the certificate.
notAfterUtc	string (date-time)	Certificate validity end (UTC).
notBeforeUtc	string (date-time)	Certificate validity start (UTC).
serialNumber	string	Serial number of the certificate.
sha1Thumbprint	string	SHA-1 thumbprint of the certificate.
sha256Thumbprint	string	SHA-256 thumbprint of the certificate.
subjectName	string	Subject name of the certificate.
version	integer (int32)	Version of the certificate.

X509Certificates

Object

Primary and secondary certificates

Name	Type	Description
primary	X509CertificateWithInfo	Certificate and Certificate info
secondary	X509CertificateWithInfo	Certificate and Certificate info

X509CertificateWithInfo

Object

Certificate and Certificate info

Name	Type	Description
certificate	string	PEM-formatted certificate string.
info	X509CertificateInfo	X509 certificate info.