You are operating the IoT infrastructure of a company manufacturing chemical compounds in five geographical locations.
In the previous years, all the sites were equipped with a number of field sensors which are now registered to Azure IoT hubs, via the automatic provisioning service.
One of the lines of businesses being sold, devices at site B must be decommissioned from the system and they must be prevented from provisioning again in the future.
Which two of the following steps should you execute to meet the requirement?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: B and C.
Option A is incorrect because you cannot disable the X.509 certificate in DPS.
What you can do is disable the enrollment group (which invalidates the certificate, implicitly).
Option B is CORRECT because of the change of ownership, you need to permanently remove the devices from the IoT hub's registry, in order to prevent future communications and data transfer.
Therefore, you need to delete the device's entry from the identity registry.
Option C is CORRECT because, in order to prevent devices from automatically re-enrolling to DPS, their entrymust be permanently removed from the provisioning service.
Option D is incorrect because, for the given scenario, you have to ensure that the devices will not be able to re-provision after being decommissioned.
The enrollment entries must be deleted instead of getting disabled.
Option E is incorrect because, for the given scenario, you have to ensure that the devices will not be present in the IoT hub any more, after being decommissioned.
The identities entries must be deleted from IoT hub.
Reference:
To meet the requirement of decommissioning devices from the system and preventing them from provisioning again in the future, the following two steps should be executed:
B. Delete the device identities from IoT Hub: This step will remove the device identities registered to the Azure IoT Hub, which means that the devices will no longer be able to send or receive messages from the hub. Deleting device identities will also revoke any security tokens issued to the devices, and any access policies or shared access keys associated with the devices will be removed. This will effectively disable the devices in the IoT hub.
D. Disable the enrollment group in DPS: An enrollment group is a collection of devices that share a common set of enrollment criteria and configuration settings. Disabling the enrollment group in the Device Provisioning Service (DPS) will prevent any new devices from being enrolled or provisioned in the group. This step will ensure that the devices at site B will not be able to register to the DPS again in the future.
The other options are not relevant to the requirement or may cause unintended consequences:
A. Disabling the X.509 certificate in Device Provisioning Service: This will revoke the certificate used for device authentication, but it will not prevent the devices from provisioning again in the future.
C. Deleting the enrollment group from DPS: This step will remove the enrollment group, but it will not prevent the devices from provisioning again in the future.
E. Disabling the devices on the IoT Hub: This step will disable the devices in the IoT Hub, but it will not prevent the devices from provisioning again in the future.