Add warning in DPS docs too

Author: jlian

articles/iot-dps/how-to-manage-linked-iot-hubs.md

@@ -3,7 +3,7 @@ title: How to manage linked IoT hubs with Device Provisioning Service (DPS)
 description: This article shows how to link and manage IoT hubs with the Device Provisioning Service (DPS).
 author: kgremban
 ms.author: kgremban
-ms.date: 10/24/2022
+ms.date: 01/18/2023
 ms.topic: how-to
 ms.service: iot-dps
 services: iot-dps
@@ -38,6 +38,12 @@ When you link an IoT hub to your DPS instance, it becomes available to participa
 
 * For enrollments that do explicitly set the IoT hubs to apply allocation policy to, you'll need to manually or programmatically add the new IoT hub to the enrollment settings for it to participate in allocation.
 
+### Limitations
+
+* There are some limitations when working with linked IoT hubs and private endpoints. For more information, see [Private endpoint limitations](virtual-network-support.md#private-endpoint-limitations).
+
+* The linked IoT Hub must have [Connect using shared access policies](../iot-hub/iot-hub-dev-guide-azure-ad-rbac.md#azure-ad-access-and-shared-access-policies) set to **Allow**.
+
 ### Use the Azure portal to link an IoT hub
 
 In the Azure portal, you can link an IoT hub either from the left menu of your DPS instance or from the enrollment when creating or updating an enrollment. In both cases, the IoT hub is scoped to the DPS instance (not just the enrollment).
@@ -215,10 +221,6 @@ To update symmetric keys for a linked IoT hub with Azure CLS:
     az iot dps update --name MyExampleDps --set properties.iotHubs[0].connectionString="HostName=MyExampleHub-2.azure-devices.net;SharedAccessKeyName=iothubowner;SharedAccessKey=NewTokenValue"
     ```
 
-## Limitations
-
-There are some limitations when working with linked IoT hubs and private endpoints. For more information, see [Private endpoint limitations](virtual-network-support.md#private-endpoint-limitations).
-
 ## Next steps
 
 * To learn more about allocation policies, see [Manage allocation policies](how-to-use-allocation-policies.md).

articles/iot-hub/iot-hub-dev-guide-azure-ad-rbac.md

@@ -101,7 +101,7 @@ By default, IoT Hub supports service API access through both Azure AD and [share
 1. On the left pane, select **Shared access policies**.
 1. Under **Connect using shared access policies**, select **Deny**, and review the warning.
     :::image type="content" source="media/iot-hub-dev-guide-azure-ad-rbac/disable-local-auth.png" alt-text="Screenshot that shows how to turn off IoT Hub shared access policies." border="true":::
-   
+
    > [!WARNING]
    > By denying connections using shared access policies, all users and services that connect using this method lose access immediately. Notably, since Device Provisioning Service (DPS) only supports linking IoT hubs using shared access policies, all device provisioning flows will fail with "unauthorized" error. Proceed carefully and plan to replace access with Azure AD role based access. **Do not proceed if you use DPS**.