Azure IoT Hub Device Provisioning Service frequently asked questions (FAQ)

This article answers to common questions about Azure IoT Hub Device Provisioning Service. The following topics are covered:

Devices and provisioning

How can I disable or remove a single device within an enrollment group without affecting any other devices?

You can create a disabled individual enrollment entry for the device. To learn more, see How to disenroll a device from Azure IoT Hub Device Provisioning Service.

Does DPS support provisioning a parent/child topology of IoT Edge gateways and devices?

No.

Can multiple DPS instances provision devices to the same IoT hub?

Yes; however, built-in allocation policies apply to each DPS instance individually, so load balancing across multiple IoT hubs is not possible when using the built-in DPS policies. Instead, you can use a custom allocation policy to implement load balancing when using multiple DPS instances. To learn more about custom allocation policies, see Understand custom allocation policies.

Why can't I manage enrollments in the Azure portal?

If you created a private endpoint for DPS and disabled public network access, that removes the ability to manage enrollments in the Azure portal. You can still use the Azure CLI, PowerShell, or service APIs from machines that have access to the private endpoint. For more information, see DPS support for virtual networks.

Management and monitoring

The primary key is embedded inside the connection string that DPS uses for authentication. Whenever the primary connection string is modified, the primary key will also be modified, and you'll need to relink the hub to your DPS.

Can I use a WHERE clause to filter results when querying individual enrollments or enrollment groups?

Filtering results with a WHERE clause is not supported at this time. You can use SELECT * to return paged results for all the individual enrollments or enrollment groups in a DPS instance.

How does the health of an IoT hub affect device provisioning?

Currently DPS doesn't check the health of an IoT hub before assigning devices. DPS will continue to try to assign devices to an IoT hub that is down based on its configured allocation policy. For example, if the configured allocation policy is Lowest latency and DPS has a linked IoT hub in region A (hub A) and one in region B (hub B), it will assign a device trying to provision from region A to hub A, even if hub A is down. To factor in IoT hub health when provisioning devices, you can implement a custom allocation policy with your own monitoring logic based on IoT Hub diagnostics or your own user-defined metrics. To learn more about custom allocation policies, see Understand custom allocation policies.

How can I recover from an accidental deletion of a DPS instance?

There's no recovery mechanism. Open a support ticket and we can create a new DPS instance with the same scope ID. The provisioning data will be lost but at least with the same scope ID, devices will be able to reconnect once the enrollments are rebuilt.

How can I get an authorization token to use for REST service operations?

For information about how to get an authorization token for REST service operations like Create or Update Enrollment Group and Get Device Registration State, see Service API authentication.

Where does DPS store customer data?

Device Provisioning Service doesn't store or process customer data outside of the geography where you deploy the service instance. For more information, see Data residency considerations.

Will I be billed again if my device was successfully provisioned to a hub, then I had to reconnect?

Reprovisioning through DPS is a billable operation but reconnecting to IoT Hub is not. Whenever possible, devices should attempt to reconnect to their assigned IoT hub before going through the reprovisioning process.

Next steps

If this FAQ doesn't answer your question, you can contact us through the following channels (in escalating order):

  • The comments section of this article.
  • Azure Support. To create a new support request, in the Azure portal, on the Help tab, select the Help + support button, and then select New support request.