This article answers to common questions about Azure IoT Hub Device Provisioning Service. The following topics are covered:
How can I disable or remove a single device within an enrollment group without affecting any other devices?
You can create a disabled individual enrollment entry for the device. To learn more, see How to disenroll a device from Azure IoT Hub Device Provisioning Service.
No.
Yes; however, built-in allocation policies apply to each DPS instance individually, so load balancing across multiple IoT hubs is not possible when using the built-in DPS policies. Instead, you can use a custom allocation policy to implement load balancing when using multiple DPS instances. To learn more about custom allocation policies, see Understand custom allocation policies.
If you created a private endpoint for DPS and disabled public network access, that removes the ability to manage enrollments in the Azure portal. You can still use the Azure CLI, PowerShell, or service APIs from machines that have access to the private endpoint. For more information, see DPS support for virtual networks.
What is the recommended way to update a linked hub when the primary key for the IoT Hub access policy is regenerated?
The primary key is embedded inside the connection string that DPS uses for authentication. Whenever the primary connection string is modified, the primary key will also be modified, and you'll need to relink the hub to your DPS.
Can I use a WHERE clause to filter results when querying individual enrollments or enrollment groups?
Filtering results with a WHERE clause is not supported at this time. You can use SELECT * to return paged results for all the individual enrollments or enrollment groups in a DPS instance.
Currently DPS doesn't check the health of an IoT hub before assigning devices. DPS will continue to try to assign devices to an IoT hub that is down based on its configured allocation policy. For example, if the configured allocation policy is Lowest latency and DPS has a linked IoT hub in region A (hub A) and one in region B (hub B), it will assign a device trying to provision from region A to hub A, even if hub A is down. To factor in IoT hub health when provisioning devices, you can implement a custom allocation policy with your own monitoring logic based on IoT Hub diagnostics or your own user-defined metrics. To learn more about custom allocation policies, see Understand custom allocation policies.
There's no recovery mechanism. Open a support ticket and we can create a new DPS instance with the same scope ID. The provisioning data will be lost but at least with the same scope ID, devices will be able to reconnect once the enrollments are rebuilt.
For information about how to get an authorization token for REST service operations like Create or Update Enrollment Group and Get Device Registration State, see Service API authentication.
Device Provisioning Service stores customer data in the region where you deployed the service instance, and replicates data to a secondary region to support disaster recovery scenarios. For more information, see Data residency considerations.
Reprovisioning through DPS is a billable operation but reconnecting to IoT Hub is not. Whenever possible, devices should attempt to reconnect to their assigned IoT hub before going through the reprovisioning process.
If this FAQ doesn't answer your question, you can contact us through the following channels (in escalating order):
- The comments section of this article.
- Azure Support. To create a new support request, in the Azure portal, on the Help tab, select the Help + support button, and then select New support request.