Share via

az iot ops mgmt-actions

Note

This reference is part of the azure-iot-ops extension for the Azure CLI (version 2.70.0 or higher). The extension will automatically install the first time you run an az iot ops mgmt-actions command. Learn more about extensions.

Instance management actions configuration.

Commands

Name Description Type Status
az iot ops mgmt-actions disable

Disable management actions for an IoT Operations instance.

 Extension GA
az iot ops mgmt-actions enable

Enable management actions for an IoT Operations instance.

 Extension GA
az iot ops mgmt-actions execute

Execute a management action on a namespace asset.

 Extension GA
az iot ops mgmt-actions show

Show management actions configuration for an IoT Operations instance.

 Extension GA

az iot ops mgmt-actions disable

Disable management actions for an IoT Operations instance.

Removes management actions resources associated with the instance including the dataflow graph, response dataflow, EG dataflow endpoint, EG topic space, permission bindings, and the ADR namespace management endpoint entry.

Role assignments are not removed as they may be shared with other resources.

The Event Grid namespace is discovered from the ADR namespace management endpoint config. If the management endpoint entry has already been removed, Event Grid cleanup is skipped gracefully.

az iot ops mgmt-actions disable --instance
                                --resource-group
                                [--acquire-policy-token]
                                [--change-reference]
                                [--no-progress {false, true}]
                                [--yes {false, true}]

Examples

Disable management actions for an instance.

az iot ops mgmt-actions disable --instance myinstance -g myresourcegroup

Disable management actions without confirmation prompt.

az iot ops mgmt-actions disable --instance myinstance -g myresourcegroup --yes

Required Parameters

--instance -i -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--acquire-policy-token

Acquiring an Azure Policy token automatically for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--change-reference

The related change reference ID for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--no-progress

Disable visual representation of work.

Property Value
Accepted values: false, true
--yes -y

Confirm [y]es without a prompt. Useful for CI and automation scenarios.

Property Value
Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az iot ops mgmt-actions enable

Enable management actions for an IoT Operations instance.

Bootstraps the infrastructure enabling cloud-based invocation of management actions on assets through Event Grid MQTT broker integration.

The operation configures resources across three domains:

  • Event Grid Namespace: topic space, topic templates, and permission bindings.
  • Device Registry Namespace: managed identity enablement and management endpoint config.
  • IoT Operations Instance: EG dataflow endpoint, dataflow graph, and response dataflow.

The command is idempotent. If a resource already exists, it is skipped. On partial failure, re-run the command to reach the desired state.

By default, role assignments (Event Grid TopicSpaces Publisher and Subscriber) are created for both the ADR namespace MI and the AIO extension MI against the EG namespace. Use --skip-ra to skip role assignment creation, or --adr-role-ids / --ops-role-ids to provide custom role Ids.

az iot ops mgmt-actions enable --eg-resource-id
                               --instance
                               --resource-group
                               [--acquire-policy-token]
                               [--adr-role-ids]
                               [--change-reference]
                               [--dataflow-profile]
                               [--eg-client-group]
                               [--mi-user-assigned]
                               [--no-progress {false, true}]
                               [--ops-role-ids]
                               [--registry-endpoint]
                               [--skip-ra {false, true}]

Examples

Enable management actions for an instance using system managed identity.

az iot ops mgmt-actions enable --instance myinstance -g myresourcegroup --eg-resource-id $EG_NAMESPACE_RESOURCE_ID

Enable management actions using a user-assigned managed identity for the EG dataflow endpoint.

az iot ops mgmt-actions enable --instance myinstance -g myresourcegroup --eg-resource-id $EG_NAMESPACE_RESOURCE_ID --mi-user-assigned $UA_MI_RESOURCE_ID

Enable management actions and skip role assignments.

az iot ops mgmt-actions enable --instance myinstance -g myresourcegroup --eg-resource-id $EG_NAMESPACE_RESOURCE_ID --skip-ra

Required Parameters

--eg-resource-id

Event Grid Namespace ARM resource Id.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--acquire-policy-token

Acquiring an Azure Policy token automatically for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--adr-role-ids

Custom role Ids for ADR namespace managed identity role assignments against the EG namespace. Default: 'Event Grid TopicSpaces Publisher' and 'Event Grid TopicSpaces Subscriber'.

Property Value
Parameter group: Role Assignment Arguments
--change-reference

The related change reference ID for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--dataflow-profile

Dataflow profile name for graph and dataflow resources. Default: 'default'.

--eg-client-group

Client group for EG permission bindings. Default: $all.

--mi-user-assigned

User-assigned managed identity resource Id for EG dataflow endpoint authentication. Default: system managed identity.

--no-progress

Disable visual representation of work.

Property Value
Accepted values: false, true
--ops-role-ids

Custom role Ids for AIO extension managed identity role assignments against the EG namespace. Default: 'Event Grid TopicSpaces Publisher' and 'Event Grid TopicSpaces Subscriber'.

Property Value
Parameter group: Role Assignment Arguments
--registry-endpoint

Registry endpoint name for the dataflow graph. Default: 'default'.

--skip-ra

When used the role assignment step of the operation will be skipped.

Property Value
Parameter group: Role Assignment Arguments
Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az iot ops mgmt-actions execute

Execute a management action on a namespace asset.

Invokes a management action defined on a namespace asset via the Device Registry executeAction operation. The management actions infrastructure must be enabled (az iot ops mgmt-actions enable) before actions can be executed.

The command resolves the ADR namespace from the IoT Operations instance and submits the action as a long-running operation. The result includes the action status, any response from the asset, and error details if the action failed.

When a payload is provided, the CLI validates it against the action's request schema (if available) before sending the request. Use --no-validate to skip this check. Use --show-schema to view the action's request schema without executing.

az iot ops mgmt-actions execute --action
                                --asset
                                --group
                                --instance
                                --resource-group
                                [--acquire-policy-token]
                                [--change-reference]
                                [--no-validate]
                                [--payload]
                                [--show-schema]

Examples

Execute a management action with no payload.

az iot ops mgmt-actions execute --instance myinstance -g myresourcegroup --asset myasset --group mygroup --action reboot

Execute a management action with inline JSON payload.

az iot ops mgmt-actions execute --instance myinstance -g myresourcegroup --asset myasset --group mygroup --action configure -p '{"temperature": {"setpoint": 72}}'

Execute a management action with payload from file.

az iot ops mgmt-actions execute --instance myinstance -g myresourcegroup --asset myasset --group mygroup --action configure -p payload.json

Show the request schema for a management action.

az iot ops mgmt-actions execute --instance myinstance -g myresourcegroup --asset myasset --group mygroup --action configure --show-schema

Execute with payload, skipping schema validation.

az iot ops mgmt-actions execute --instance myinstance -g myresourcegroup --asset myasset --group mygroup --action configure -p '{"temperature": {"setpoint": 72}}' --no-validate

Required Parameters

--action

Management action name to execute.

--asset

Name of the namespace asset to execute the management action on.

--group

Management group name under which the action is defined.

--instance -i -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--acquire-policy-token

Acquiring an Azure Policy token automatically for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--change-reference

The related change reference ID for this resource operation.

Property Value
Parameter group: Global Policy Arguments
--no-validate

Skip client-side payload validation against the action's request schema.

Property Value
Default value: False
--payload -p

JSON payload for the management action. Inline JSON string or file path (e.g., payload.json).

--show-schema

Resolve and display the action's request schema. No action is executed.

Property Value
Default value: False
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False

az iot ops mgmt-actions show

Show management actions configuration for an IoT Operations instance.

Checks the status of management actions resources across three areas: Device Registry (ADR) namespace, Event Grid resources, and AIO dataflow resources.

Returns a structured summary with an overall enabled flag and per-domain detail sections. A domain that cannot be probed (e.g. missing ADR namespace ref) returns null for that section without blocking other domains from being checked.

az iot ops mgmt-actions show --instance
                             --resource-group
                             [--no-progress {false, true}]

Examples

Show management actions configuration for an instance.

az iot ops mgmt-actions show --instance myinstance -g myresourcegroup

Required Parameters

--instance -i -n

IoT Operations instance name.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=<name>.

Optional Parameters

The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.

--no-progress

Disable visual representation of work.

Property Value
Accepted values: false, true
Global Parameters
--debug

Increase logging verbosity to show all debug logs.

Property Value
Default value: False
--help -h

Show this help message and exit.

--only-show-errors

Only show errors, suppressing warnings.

Property Value
Default value: False
--output -o

Output format.

Property Value
Default value: json
Accepted values: json, jsonc, none, table, tsv, yaml, yamlc
--query

JMESPath query string. See http://jmespath.org/ for more information and examples.

--subscription

Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.

--verbose

Increase logging verbosity. Use --debug for full debug logs.

Property Value
Default value: False