Skip to content

Commit 21e54ec

Browse files
authored
Add warning in DPS docs too
1 parent 25f0219 commit 21e54ec

File tree

2 files changed

+8
-6
lines changed

2 files changed

+8
-6
lines changed

articles/iot-dps/how-to-manage-linked-iot-hubs.md

Lines changed: 7 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ title: How to manage linked IoT hubs with Device Provisioning Service (DPS)
33
description: This article shows how to link and manage IoT hubs with the Device Provisioning Service (DPS).
44
author: kgremban
55
ms.author: kgremban
6-
ms.date: 10/24/2022
6+
ms.date: 01/18/2023
77
ms.topic: how-to
88
ms.service: iot-dps
99
services: iot-dps
@@ -38,6 +38,12 @@ When you link an IoT hub to your DPS instance, it becomes available to participa
3838

3939
* For enrollments that do explicitly set the IoT hubs to apply allocation policy to, you'll need to manually or programmatically add the new IoT hub to the enrollment settings for it to participate in allocation.
4040

41+
### Limitations
42+
43+
* There are some limitations when working with linked IoT hubs and private endpoints. For more information, see [Private endpoint limitations](virtual-network-support.md#private-endpoint-limitations).
44+
45+
* The linked IoT Hub must have [Connect using shared access policies](../iot-hub/iot-hub-dev-guide-azure-ad-rbac.md#azure-ad-access-and-shared-access-policies) set to **Allow**.
46+
4147
### Use the Azure portal to link an IoT hub
4248

4349
In the Azure portal, you can link an IoT hub either from the left menu of your DPS instance or from the enrollment when creating or updating an enrollment. In both cases, the IoT hub is scoped to the DPS instance (not just the enrollment).
@@ -215,10 +221,6 @@ To update symmetric keys for a linked IoT hub with Azure CLS:
215221
az iot dps update --name MyExampleDps --set properties.iotHubs[0].connectionString="HostName=MyExampleHub-2.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=NewTokenValue"
216222
```
217223
218-
## Limitations
219-
220-
There are some limitations when working with linked IoT hubs and private endpoints. For more information, see [Private endpoint limitations](virtual-network-support.md#private-endpoint-limitations).
221-
222224
## Next steps
223225
224226
* To learn more about allocation policies, see [Manage allocation policies](how-to-use-allocation-policies.md).

articles/iot-hub/iot-hub-dev-guide-azure-ad-rbac.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -101,7 +101,7 @@ By default, IoT Hub supports service API access through both Azure AD and [share
101101
1. On the left pane, select **Shared access policies**.
102102
1. Under **Connect using shared access policies**, select **Deny**, and review the warning.
103103
:::image type="content" source="media/iot-hub-dev-guide-azure-ad-rbac/disable-local-auth.png" alt-text="Screenshot that shows how to turn off IoT Hub shared access policies." border="true":::
104-
104+
105105
> [!WARNING]
106106
> By denying connections using shared access policies, all users and services that connect using this method lose access immediately. Notably, since Device Provisioning Service (DPS) only supports linking IoT hubs using shared access policies, all device provisioning flows will fail with "unauthorized" error. Proceed carefully and plan to replace access with Azure AD role based access. **Do not proceed if you use DPS**.
107107

0 commit comments

Comments
 (0)