Azure IoT Hub Device Provisioning Service frequently asked questions (FAQ)

You can create a disabled individual enrollment entry for the device. To learn more, see How to disenroll a device from Azure IoT Hub Device Provisioning Service.

No.

Yes; however, built-in allocation policies apply to each DPS instance individually, so load balancing across multiple IoT hubs is not possible when using the built-in DPS policies. Instead, you can use a custom allocation policy to implement load balancing when using multiple DPS instances. To learn more about custom allocation policies, see Understand custom allocation policies.

If you created a private endpoint for DPS and disabled public network access, that removes the ability to manage enrollments in the Azure portal. You can still use the Azure CLI, PowerShell, or service APIs from machines that have access to the private endpoint. For more information, see DPS support for virtual networks.

The primary key is embedded inside the connection string that DPS uses for authentication. Whenever the primary connection string is modified, the primary key will also be modified, and you'll need to relink the hub to your DPS.

Filtering results with a WHERE clause is not supported at this time. You can use SELECT * to return paged results for all the individual enrollments or enrollment groups in a DPS instance.

Currently DPS doesn't check the health of an IoT hub before assigning devices. DPS will continue to try to assign devices to an IoT hub that is down based on its configured allocation policy. For example, if the configured allocation policy is Lowest latency and DPS has a linked IoT hub in region A (hub A) and one in region B (hub B), it will assign a device trying to provision from region A to hub A, even if hub A is down. To factor in IoT hub health when provisioning devices, you can implement a custom allocation policy with your own monitoring logic based on IoT Hub diagnostics or your own user-defined metrics. To learn more about custom allocation policies, see Understand custom allocation policies.

There's no recovery mechanism. Open a support ticket and we can create a new DPS instance with the same scope ID. The provisioning data will be lost but at least with the same scope ID, devices will be able to reconnect once the enrollments are rebuilt.

For information about how to get an authorization token for REST service operations like Create or Update Enrollment Group and Get Device Registration State, see Service API authentication.

Device Provisioning Service doesn't store or process customer data outside of the geography where you deploy the service instance. For more information, see Data residency considerations.

Reprovisioning through DPS is a billable operation but reconnecting to IoT Hub is not. Whenever possible, devices should attempt to reconnect to their assigned IoT hub before going through the reprovisioning process.

Next steps

If this FAQ doesn't answer your question, you can contact us through the following channels (in escalating order):

• The comments section of this article.
• Azure Support. To create a new support request, in the Azure portal, on the Help tab, select the Help + support button, and then select New support request.