Turn Node-RED into a first-class citizen Azure IoT connected device

A few months ago, I gave some comments on the node-red-contrib-azure-iot-hub Node-RED module.

The consensus was that the module is OK to be used in the Azure portal but had almost no value within an IoT device.

Just last week, Eric van Uum from the Microsoft IoT Blackbelt team released a brand new Node-RED module which turns your Node-RED into a full Azure IoT device. The feature set is very extensive.

Azure IoT Device node

Let’s see what is offered.

This is the feature set offered:

  • sending telemetry to Azure IoT Hub
  • receiving and responding to direct messages coming from Azure
  • receiving and responding to desired properties using the Device Twin
  • updating reported properties in the Device Twin
  • receiving and responding to C2D messages (commands)
  • Act as child device for an Azure IoT Edge Transparent gateway

Note: C2D messages for a certain registered device are stored on IoT Hub until that device connects and actively reads the message. This makes it possible to send commands to occasionally connected devices. Direct methods require a live connection that can expire.

This is a nice and pretty feature-complete Azure IoT device support. Let’s check out how it is working.


On GitHub, multiple ways to deploy this module are described.

Because the module is now released on the official NodeRed Flows, you can add it inside Node-RED using the Pallete menu:


Once deployed, you can use it as described on GitHub. See also the usage of topics here.

If you want a quick start, make use of the example flow. Just copy that “code” on the GitHub page and open the Import menu:

There, just paste the code and import it:

Finally, this flow is shown:

This flow makes it easy to:

  1. Trigger some telemetry to be sent (inject node).
  2. Trigger reported properties to be sent (inject node).
  3. See the arrival of C2D messages (commands) and reported properties (debug node).
  4. being able to retrieve a Direct message and sending a response back (command response).

If you click the inject node for sending telemetry, you start sending messages on a five second interval. Just open the node to alter the properties:

The command response just echoes back Direct methods. I normally attach a second debug output to the command response so I can see the incoming methods.

Configuring the node

After adding the Azure Device node, the configuration is simple. Just open the node:

Here I filled in the development settings for a device as seen in the registration in the IoT Hub.

It only needs the Device ID, the full hostname of the IoT Hub, and one of the two SAS keys.

You can experiment with the protocol together with outbound firewall settings on the actual device or network. Even communication over Websockets is available:

Note: Using symmetric keys is not recommended in production. Making use of the Device Provisioning service increases security and makes the use of the device much more flexible.

Azure IoT Edge transparent gateway support

This Node-RED node turns your device in an internet-connected device that tries to send messages to the internet. If an internet connection is not available, you have to take measures to prevent the messages from being lost (you need to cache them somewhere and try to resend them at a later moment).

Next to direct internet-connected devices, Microsoft also supports edge devices. These devices are local gateways to the internet and can run logic on the edge of your network. This can be a simple filter on telemetry coming from actual sensors to Machine learning, Vision, or stream analytics.

An Azure IoT Edge device can also act as a transparent gateway for child devices. A child device is a regular Azure IoT device which is configurated to connect to the Edge device instead of being connected to the internet directly.

This has a couple of advantages:

  • Outgoing communication from internet-connected devices is tunneled through one device so configuring security (outbound connections through the firewall) is simplified.
  • Messages sent from child devices are accepted directly by the edge device. The messages are stored and forwarded by the edge device. The edge device will mitigate with internet connection losses.

The node can be configured to connect to an IoT Edge device. All you need is:

  1. the hostname of the edge device on the local network.
  2. A certificate to secure the child device – edge communication.

This looks like this:

Note: The edge device has to be configured to trust incoming messages from potential child devices. Check the documentation.


With this new node, Node-RED is now a first-class citizen of the Azure IoT device family.

Stay tuned for future additions like Azure IoT Plug and Play support.