Background on Azure Sphere tenant concept
Published date: 10 May, 2019
An Azure Sphere tenant provides a secure way for your organisation to remotely manage its Azure Sphere devices in isolation from other customers’ devices. Your organisation must create an Azure Sphere tenant and then claim each of its devices into that tenant, so that you can manage those devices remotely and securely.
The Azure Sphere tenant is associated with your organisation’s Azure Active Directory (Azure AD) instance. Only people with an account in that directory will be able to manage devices within your Azure Sphere tenant, and you can further restrict access to specific people. Note that the term “tenant” is sometimes used elsewhere to refer to a directory, but here we only use the term “tenant” to refer to the Azure Sphere tenant.
You can determine whether an Azure Sphere tenant is already associated with your directory by issuing this command in an Azure Sphere developer command prompt and signing in with your work or school account if prompted:
azsphere tenant list
If no tenant exists already, you can create one. You must have an Azure Sphere device attached to your PC when creating a tenant. Type the following command to create a tenant; sign in to your directory if prompted:
azsphere tenant create –name <your-tenant-name>
If you enclose the name in quotes, it can be of any length and can contain spaces or other special characters.
Most organisations only need one Azure Sphere tenant. However, large organisations that have independent divisions, such as different brands or geographically independent suborganisations, might need to administer devices on a per-division basis. Such organisations might want to consider creating a separate Azure Sphere tenant for each division.
If you are certain that you want to create an additional tenant, use the –force option on the tenant create command:
azsphere tenant create --name <your-2nd-tenant-name> --force
Each device can only be used once to create a tenant. So, if the currently attached device has already been used for this purpose, you’ll need to attach a new device.
Finally, before you can remotely manage your attached device or any other device, you need to claim it into your newly created tenant:
azsphere device claim
Your tenant will then have permanent ownership of the device. Nobody else can claim ownership of the same device. We do not currently provide a way to transfer ownership to another tenant.
For more information on tenant creation, claiming and remotely managing devices, see the tenant documentation.