Merge pull request #178741 from anastasia-ms/dps-faq

FAQ for DPS

Author: jborsecnik

articles/iot-dps/about-iot-dps.md

@@ -3,7 +3,7 @@ title: Overview of the Microsoft Azure IoT Hub Device Provisioning Service
 description: Describes device provisioning in Azure with the Device Provisioning Service (DPS) and IoT Hub
 author: anastasia-ms
 ms.author: v-stharr
-ms.date: 10/06/2021
+ms.date: 11/09/2021
 ms.topic: overview
 ms.service: iot-dps
 services: iot-dps
@@ -36,6 +36,7 @@ There are many provisioning scenarios in which DPS is an excellent choice for ge
 
 
 ## Behind the scenes
+
 All the scenarios listed in the previous section can be done using DPS for zero-touch provisioning with the same flow. Many of the manual steps traditionally involved in provisioning are automated with DPS to reduce the time to deploy IoT devices and lower the risk of manual error. The following section describes what goes on behind the scenes to get a device provisioned. The first step is manual, all of the following steps are automated.
 
 ![Basic provisioning flow](./media/about-iot-dps/dps-provisioning-flow.png)
@@ -50,6 +51,7 @@ All the scenarios listed in the previous section can be done using DPS for zero-
 8. The device gets the desired state from its device twin in IoT hub.
 
 ## Provisioning process
+
 There are two distinct steps in the deployment process of a device in which DPS takes a part that can be done independently:
 
 * The **manufacturing step** in which the device is created and prepared at the factory, and
@@ -58,20 +60,23 @@ There are two distinct steps in the deployment process of a device in which DPS
 Both these steps fit in seamlessly with existing manufacturing and deployment processes. DPS even simplifies some deployment processes that involve manual work to get connection information onto the device.
 
 ### Manufacturing step
+
 This step is all about what happens on the manufacturing line. The roles involved in this step include silicon designer, silicon manufacturer, integrator and/or the end manufacturer of the device. This step is concerned with creating the hardware itself.
 
 DPS does not introduce a new step in the manufacturing process; rather, it ties into the existing step that installs the initial software and (ideally) the HSM on the device. Instead of creating a device ID in this step, the device is programmed with the provisioning service information, enabling it to call the provisioning service to get its connection info/IoT solution assignment when it is switched on.
 
 Also in this step, the manufacturer supplies the device deployer/operator with identifying key information. Supplying that information could be as simple as confirming that all devices have an X.509 certificate generated from a signing certificate provided by the device deployer/operator, or as complicated as extracting the public portion of a TPM endorsement key from each TPM device. These services are offered by many silicon manufacturers today.
 
 ### Cloud setup step
+
 This step is about configuring the cloud for proper automatic provisioning. Generally there are two types of users involved in the cloud setup step: someone who knows how devices need to be initially set up (a device operator), and someone else who knows how devices are to be split among the IoT hubs (a solution operator).
 
 There is a one-time initial setup of the provisioning that must occur, which is usually handled by the solution operator. Once the provisioning service is configured, it does not have to be modified unless the use case changes.
 
 After the service has been configured for automatic provisioning, it must be prepared to enroll devices. This step is done by the device operator, who knows the desired configuration of the device(s) and is in charge of making sure the provisioning service can properly attest to the device's identity when it comes looking for its IoT hub. The device operator takes the identifying key information from the manufacturer and adds it to the enrollment list. There can be subsequent updates to the enrollment list as new entries are added or existing entries are updated with the latest information about the devices.
 
 ## Registration and provisioning
+
 *Provisioning* means various things depending on the industry in which the term is used. In the context of provisioning IoT devices to their cloud solution, provisioning is a two part process:
 
 1. The first part is establishing the initial connection between the device and the IoT solution by registering the device.
@@ -80,6 +85,7 @@ After the service has been configured for automatic provisioning, it must be pre
 Once both of those two steps have been completed, we can say that the device has been fully provisioned. Some cloud services only provide the first step of the provisioning process, registering devices to the IoT solution endpoint, but do not provide the initial configuration. DPS automates both steps to provide a seamless provisioning experience for the device.
 
 ## Features of the Device Provisioning Service
+
 DPS has many features, making it ideal for provisioning devices.
 
 * **Secure attestation** support for both X.509 and TPM-based identities.
@@ -90,10 +96,10 @@ DPS has many features, making it ideal for provisioning devices.
 * **Cross-region support** allows DPS to assign devices to IoT hubs in other regions.
 * **Encryption for data at rest** allows data in DPS to be encrypted and decrypted transparently using 256-bit AES encryption, one of the strongest block ciphers available, and is FIPS 140-2 compliant.
 
-
 You can learn more about the concepts and features involved in device provisioning by reviewing the [DPS terminology](concepts-service.md) topic along with the other conceptual topics in the same section.
 
 ## Cross-platform support
+
 Just like all Azure IoT services, DPS works cross-platform with a variety of operating systems. Azure offers open-source SDKs in a variety of [languages](https://github.com/Azure/azure-iot-sdks) to facilitate connecting devices and managing the service. DPS supports the following protocols for connecting devices:
 
 * HTTPS
@@ -105,26 +111,74 @@ Just like all Azure IoT services, DPS works cross-platform with a variety of ope
 DPS only supports HTTPS connections for service operations.
 
 ## Regions
+
 DPS is available in many regions. The updated list of existing and newly announced regions for all services is at [Azure Regions](https://azure.microsoft.com/regions/). You can check availability of the Device Provisioning Service on the [Azure Status](https://azure.microsoft.com/status/) page.
 
 > [!NOTE]
 > DPS is global and not bound to a location. However, you must specify a region in which the metadata associated with your DPS profile will reside.
 
 ## Availability
+
 There is a 99.9% Service Level Agreement for DPS, and you can [read the SLA](https://azure.microsoft.com/support/legal/sla/iot-hub/). The full [Azure SLA](https://azure.microsoft.com/support/legal/sla/) explains the guaranteed availability of Azure as a whole.
 
 ## Quotas and Limits
+
 Each Azure subscription has default quota limits in place that could impact the scope of your IoT solution. The current limit on a per-subscription basis is 10 Device Provisioning Services per subscription.
 
 For more details on quota limits, see [Azure Subscription Service Limits](../azure-resource-manager/management/azure-subscription-service-limits.md).
 
 [!INCLUDE [azure-iotdps-limits](../../includes/iot-dps-limits.md)]
 
+## Billable service operations and pricing
+
+Each API call on DPS is billable as one *operation*. This includes all the service APIs and the device registration API.
+
+The tables below show the current billable status for each DPS service API operation. To learn more about pricing, see [Azure Hub Pricing](https://azure.microsoft.com/pricing/details/iot-hub/) in the IoT Hub Device Provisioning Service section.
+
+| API | Operation | Billable? |
+| --------------- | -------  | -- |
+|  Device API | [Device Registration Status Lookup](/api/iot-dps/device/runtime-registration/device-registration-status-lookup) | Yes|
+|  Device API | [Operation Status Lookup](/api/iot-dps/device/runtime-registration/operation-status-lookup)| No |
+|  Device API | [Register Device](/api/iot-dps/device/runtime-registration/register-device) | Yes |
+| DPS Service API (registration state)  | [Delete](/api/iot-dps/service/device-registration-state/delete) | Yes|
+| DPS Service API (registration state)  | [Get](/api/iot-dps/service/device-registration-state/get) | Yes|
+| DPS Service API (registration state)  | [Query](/api/iot-dps/service/device-registration-state/query) | Yes|
+| DPS Service API (enrollment group) | [Create or Update](/api/iot-dps/service/enrollment-group/create-or-update) | Yes|
+| DPS Service API (enrollment group) | [Delete](/api/iot-dps/service/enrollment-group/delete) | Yes|
+| DPS Service API (enrollment group) | [Get](/api/iot-dps/service/enrollment-group/get) | Yes|
+| DPS Service API (enrollment group) | [Get Attestation Mechanism](/api/iot-dps/service/enrollment-group/get-attestation-mechanism)| Yes|
+| DPS Service API (enrollment group) | [Query](/api/iot-dps/service/enrollment-group/query) | Yes|
+| DPS Service API (enrollment group) | [Run Bulk Operation](/api/iot-dps/service/enrollment-group/run-bulk-operation) | Yes|
+| DPS Service API (individual enrollment) | [Create or Update](/api/iot-dps/service/individual-enrollment/create-or-update)  | Yes|
+| DPS Service API (individual enrollment)| [Delete](/api/iot-dps/service/individual-enrollment/delete) | Yes|
+| DPS Service API (individual enrollment)| [Get](/api/iot-dps/service/individual-enrollment/get) | Yes|
+| DPS Service API (individual enrollment)| [Get Attestation Mechanism](/api/iot-dps/service/individual-enrollment/get-attestation-mechanism) | Yes|
+| DPS Service API (individual enrollment)| [Query](/api/iot-dps/service/individual-enrollment/query)  | Yes|
+| DPS Service API (individual enrollment)| [Run Bulk Operation](/api/iot-dps/service/individual-enrollment/run-bulk-operation)  | Yes|
+|  DPS Certificate API|  [Create or Update](/api/iot-dps/dps-certificate/create-or-update) | No |
+|  DPS Certificate API| [Delete](/api/iot-dps/dps-certificate/delete) | No |
+|  DPS Certificate API| [Generate Verification Code](/api/iot-dps/dps-certificate/generate-verification-code)|No  |
+|  DPS Certificate API| [Get](/api/iot-dps/dps-certificate/get) | No |
+|  DPS Certificate API| [List](/api/iot-dps/dps-certificate/list) |No  |
+|  DPS Certificate API| [Verify Certificate](/api/iot-dps/dps-certificate/verify-certificate) | No |
+|  IoT DPS Resource API| [Check Provisioning Service Name Availability](/api/iot-dps/iot-dps-resource/check-provisioning-service-name-availability)  | No |
+|  IoT DPS Resource API| [Create or Update](/api/iot-dps/iot-dps-resource/create-or-update)  | No |
+|  IoT DPS Resource API| [Delete](/api/iot-dps/iot-dps-resource/delete) |  No|
+|  IoT DPS Resource API| [Get](/api/iot-dps/iot-dps-resource/get) | No |
+|  IoT DPS Resource API| [Get Operation Result](/api/iot-dps/iot-dps-resource/get-operation-result)| No |
+|  IoT DPS Resource API| [List By Resource Group](/api/iot-dps/iot-dps-resource/list-by-resource-group) |No  |
+|  IoT DPS Resource API| [List By Subscription](/api/iot-dps/iot-dps-resource/list-by-subscription) |No  |
+|  IoT DPS Resource API| [List By Keys](/api/iot-dps/iot-dps-resource/list-keys) |No  |
+|  IoT DPS Resource API| [List Keys for Key Name](/api/iot-dps/iot-dps-resource/list-keys-for-key-name) |No  |
+|  IoT DPS Resource API| [List Valid SKUs](/api/iot-dps/iot-dps-resource/list-valid-skus) |No  |
+|  IoT DPS Resource API| [Update](/api/iot-dps/iot-dps-resource/update) |  No|
 
 ## Related Azure components
+
 DPS automates device provisioning with Azure IoT Hub. Learn more about [IoT Hub](../iot-hub/index.yml).
 
 ## Next steps
+
 You now have an overview of provisioning IoT devices in Azure. The next step is to try out an end-to-end IoT scenario.
 
 [Set up IoT Hub Device Provisioning Service with the Azure portal](quick-setup-auto-provision.md)

articles/iot-dps/dps-faq.yml

@@ -0,0 +1,50 @@
+### YamlMime:FAQ
+metadata:
+  title: Microsoft Azure IoT Hub Device Provisioning Service frequently asked questions (FAQ) 
+  description: Find answer to common questions about Azure IoT Hub Device Provisioning Service.
+  author: anastasia-ms
+  ms.author: v-stharr
+  ms.date: 11/08/2021
+  ms.topic: conceptual
+  ms.service: iot-dps
+  services: iot-dps
+  
+    
+title: Azure IoT Hub Device Provisioning Service frequently asked questions (FAQ)
+summary: |
+  This article answers to common questions about Azure IoT Hub Device Provisioning Service. The following topics are covered:
+  
+  * DPS Management
+  * DPS Billing
+
+  
+
+sections:
+  - name: DPS Management
+    questions:
+      - question: |
+         What is the recommended way to update a linked hub when the primary key for the IoT Hub access policy is regenerated? 
+        answer: |
+         The primary key is embedded inside the connection string that DPS uses for authentication. Whenever the primary connection string is modified, the primary key will also be modified, and you'll need to relink the hub to your DPS.
+  - name: DPS Billing
+    questions:
+      - question: |
+         Which Device Provisioning Service API operations are billable and what are their prices?” 
+        answer: |
+         For information on which operations are billable and their prices, see [Billable service operations and pricing for Microsoft Device Provisioning Service](about-iot-dps.md#billable-service-operations-and-pricing)
+
+additionalContent: |
+
+  ## Next steps
+  
+  If this FAQ doesn’t answer your question, you can contact us through the following channels (in escalating order):
+
+  * The comments section of this article.
+  * [MSFT Q&A page for Azure DPS(/answers/topics/azure-dps.html).
+  * Microsoft Support. To create a new support request, in the [Azure portal](https://portal.azure.com/), on the Help tab, select the **Help +** support button, and then select **New support request**.
+  
+
+  > [!div class="nextstepaction"]
+  > [https://github.com/anastasia-ms/azure-docs-pr/pull/new/dps-faq](how-to-troubleshoot-dps.md)
+  
+

articles/iot-dps/toc.yml

@@ -106,8 +106,12 @@
     - name: Windows
       href: ../iot-edge/how-to-provision-devices-at-scale-windows-tpm.md
       maintainContext: true
-  - name: Troubleshooting
-    href: how-to-troubleshoot-dps.md 
+  - name: Troubleshooting and FAQ
+    items:
+    - name: Troubleshooting DPS
+      href: how-to-troubleshoot-dps.md
+    - name: DSP FAQ
+      href: dps-faq.yml
 - name: Reference
   items:
   - name: REST API

includes/iot-dps-limits.md

@@ -37,4 +37,3 @@ The Device Provisioning Service has the following rate limits.
 | Device registrations | 200/min/service | Yes |
 | Device polling operation | 5/10 sec/device | No |
 
-Each API call on DPS is billable as one *Operation*. This includes all the service APIs and the device registration API. The device registration polling operation is not billed.