Azure Digital Twins is an Azure IoT service that creates models of the physical environment. Azure Digital Twins creates spatial intelligence graphs to model the interactions and relationships between spaces, devices, and most importantly, people.
By using Azure Digital Twins, data can be queried from a physical space rather than from various disparate sensors. Azure Digital Twins helps build spatially aware experiences that link streaming data across the physical and digital world.
Azure Digital Twins Capabilities
The following are some key capabilities of Azure Digital Twins:
- Built-in access control: Identity management features, such as role-based access control and Azure Active Directory, enable you to securely control access for individuals and devices.
- Multiple and nested tenants: You can create multiple subtenants that can be used and accessed in an isolated and secure manner.
- Spatial intelligence graph:: The spatial intelligence graph is a virtual representation of the physical environment. This can be used to model the relationships between people, places, and devices.
- Advanced compute capabilities: We can define and run custom functions against incoming device data to send signals to predefined endpoints.
- Digital twin object models: Digital Twin object models are predefined device protocols and data schema.
- Ecosystem: We can connect an Azure Digital Twins instance to many powerful Azure services, including Azure Stream Analytics, Azure AI; and Azure Storage, Azure Maps, Microsoft Mixed Reality, Dynamics 365, or Office 365.
- Role-based access control: Azure Digital Twins enables precise access control to specific actions, data, and resources through RBAC (Role-based access control). Role-based access control simply consists of roles and role assignments. By using Role-based access control, permissions can be granted to the following:
- Users
- Devices
- Service principals
- User-defined functions
- Users who belong to a domain
- Tenants
Role Definition
Role definitions are collections of permissions; they list allowed operations such as the CRUD operations (REATE, READ, UPDATE, and DELETE). Table 1 shows the available roles in Azure Digital Twins.
| Role | Description |
| Space Administrator |
Specified space: CREATE, READ, UPDATE, and DELETE All nodes underneath: CREATE, READ, UPDATE, and DELETE |
| User Administrator |
Users: CREATE, READ, UPDATE, and DELETE User-related objects: CREATE, READ, UPDATE, and DELETE Spaces: READ |
| Device Administrator |
Devices: CREATE, READ, UPDATE, and DELETE Device-related objects: CREATE, READ, UPDATE, and DELETE Spaces: READ |
| Key Administrator |
Access-keys: CREATE, READ, UPDATE, and DELETE Key-related objects: CREATE, READ, UPDATE, and DELETE Spaces: READ |
| Token Administrator |
Access Keys: READ and UPDATE Spaces: READ |
| User |
Spaces, Sensors, Users: READ |
| Support Specialist | Everything except access-keys: READ |
| Device Installer |
Devices and Sensors: READ and UPDATE Spaces: READ |
| Gateway Device |
Sensors: CREATE Devices: READ |
Table 1: The available roles in Azure Digital Twins
Object Identifiers
Object identifiers simply refer to the type of identity that is given to a particular role.
Table 2 shows the supported object identifiers in Azure Digital Twins.
| Type | Description |
| UserId | Assigns a role to a user |
| DeviceId | Assigns a role to a device |
| DomainName | Assigns a role to a domain name |
| TenantId | Assigns a role to a tenant |
| ServicePrincipalId | Assigns a role to a service principal |
| UserDefinedFunctionId | Assigns a role to a user-defined function |
Table 2: The supported object identifiers in Azure Digital Twins
Conclusion
Azure is growing strength by strength, and before we know it, it has become our reality.
