Microsoft Entra ID · Hardware & Devices

IoT Device Administrator

Provisions new IoT devices, manages their lifecycle, configures certificates, and manages device templates.

Scope: Full management of IoT devices and device templates in Entra ID

Permissions

  • Provision IoT devices
  • Manage device lifecycle
  • Configure device certificates
  • Create device templates
  • Manage template owners

Common use cases

  • IoT device onboarding
  • Device template management
  • Certificate configuration
  • Device lifecycle management
  • Smart building deployments

Best practices

  • Use standardized templates
  • Rotate certificates regularly
  • Document device provisioning
  • Monitor device health

Security considerations

  • Can provision new devices
  • Certificate access is sensitive
  • Device impersonation risk
  • Network access implications

Common questions

When should I assign the IoT Device Administrator role?

Assign IoT Device Administrator when you need to: IoT device onboarding; Device template management; Certificate configuration; Device lifecycle management; and Smart building deployments. It is part of Microsoft Entra ID and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the IoT Device Administrator role do?

The IoT Device Administrator role grants permissions including: Provision IoT devices; Manage device lifecycle; Configure device certificates; Create device templates; and Manage template owners. See the Permissions section above for the full list.

What are the security risks of the IoT Device Administrator role?

Key considerations when assigning IoT Device Administrator: Can provision new devices; Certificate access is sensitive; Device impersonation risk; and Network access implications. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →