Background on Azure Sphere tenant concept
Posted on Monday, October 22, 2018
An Azure Sphere tenant provides a secure way for your organization to remotely manage its Azure Sphere devices in isolation from other customers' devices. Your organization must create an Azure Sphere tenant and then claim each of its devices into that tenant, so that you can manage those devices remotely and securely.
The Azure Sphere tenant is associated with your organization’s Azure Active Directory (Azure AD) instance. Only people with an account in that directory will be able to manage devices within your Azure Sphere tenant, and you can further restrict access to specific people. Note that the term "tenant" is sometimes used elsewhere to refer to a directory, but here we use the term "tenant" only to refer to the Azure Sphere tenant.
You can determine whether an Azure Sphere tenant is already associated with your directory by issuing this command in an Azure Sphere developer command prompt and signing in with your work or school account if prompted:
azsphere tenant list
If no tenant exists already, you can create one. You must have an Azure Sphere device attached to your PC when creating a tenant. Type the following command to create a tenant; sign in to your directory if prompted:
azsphere tenant create –name <your-tenant-name>
If you enclose the name in quotes, it can be of any length and can contain spaces or other special characters.
Most organizations need only one Azure Sphere tenant. However, large organizations that have independent divisions, such as different brands or geographically independent suborganizations, might need to administer devices on a per-division basis. Such organizations might want to consider creating a separate Azure Sphere tenant for each division.
If you are certain that you want to create an additional tenant, use the –force option on the tenant create command:
azsphere tenant create --name <your-2nd-tenant-name> --force
Each device can be used only once to create a tenant. So, if the currently attached device has already been used for this purpose, you’ll need to attach a new device.
Finally, before you can remotely manage your attached device or any other device, you need to claim it into your newly created tenant:
azsphere device claim
Your tenant then has permanent ownership of the device. Nobody else can claim ownership of the same device. We currently do not provide a way to transfer ownership to another tenant.
For more information on tenant creation, claiming, and remotely managing devices, see the tenant documentation.