This chapter covers Azure IoT Hub, the central message broker for bidirectional communication between IoT devices and cloud services. For the DP-900 exam, understanding IoT Hub's telemetry ingestion capabilities is critical, as it is a core component of the Azure IoT solution architecture. Approximately 10-15% of exam questions touch on IoT Hub topics, including device provisioning, message routing, and security. By the end of this chapter, you will be able to explain how IoT Hub ingests telemetry, routes messages, and integrates with other Azure data services.
Jump to a section
Think of Azure IoT Hub as a highly organized postal service for a city with millions of houses (devices). Each house has a unique address (device ID) and can send letters (telemetry) to the central post office. The post office doesn't just drop letters into a bin; it sorts each letter by sender, verifies the stamp (authentication), and then routes it to the correct internal department (like 'temperature data' or 'humidity data'). The post office also allows the city government (cloud applications) to send official notices back to specific houses using a special courier service (cloud-to-device messages). The post office ensures that no letters are lost by acknowledging receipt (telemetry acknowledgment) and can even hold messages for houses that are temporarily away (offline device message queue). Importantly, the post office can handle millions of letters per second without losing track, thanks to its automated sorting machines (partitioning and load balancing). If a house sends a letter with a fake address or no stamp, the post office rejects it (authentication failure). The post office also has a lost-and-found department (dead-letter queue) for messages that couldn't be delivered after multiple attempts. This entire system is managed by a set of rules (IoT Hub policies) that define who can send letters, how long to hold them, and where to forward them (to Azure Stream Analytics, Blob Storage, etc.).
What is Azure IoT Hub and Why Does It Exist?
Azure IoT Hub is a managed cloud service that acts as a central message hub for bidirectional communication between IoT applications and the devices they manage. It is designed to securely connect, monitor, and manage billions of IoT devices. Before IoT Hub, developers had to build their own messaging infrastructure, handle device authentication, manage scaling, and ensure reliable message delivery. IoT Hub abstracts all that complexity.
The DP-900 exam focuses on IoT Hub's role in telemetry ingestion—the process of collecting data from devices. Telemetry is typically small, frequent messages (e.g., temperature readings every 10 seconds) sent from devices to the cloud. IoT Hub can ingest millions of such messages per second, scale automatically, and ensure at-least-once delivery.
How IoT Hub Works Internally
IoT Hub uses a publish-subscribe pattern with device-specific endpoints. Each device has a unique identity and security key stored in the IoT Hub identity registry. When a device sends a message, it connects to its device-specific endpoint (e.g., /devices/{deviceId}/messages/events). The hub authenticates the device using either symmetric keys, X.509 certificates, or Azure Active Directory tokens.
Once authenticated, the message is placed into a per-device queue. IoT Hub supports multiple message routes: the default event hub-compatible endpoint, custom endpoints (like Azure Storage, Service Bus, Event Hubs), and fallback routes. Message routing is based on properties and body content, allowing you to send temperature alerts to a separate queue or store all telemetry in Blob Storage.
Key Components, Values, Defaults, and Timers
Device Identity Registry: Stores device IDs, authentication keys, and device twin state. Maximum of 1,000,000 devices per IoT Hub (in standard tier).
Built-in Event Hub-compatible Endpoint: Default telemetry sink. It is compatible with Azure Event Hubs, allowing stream processing with Azure Stream Analytics. Default partition count is 4, but can be increased up to 32 for standard tier.
Message Retention: 1 day (default) to 7 days (configurable) for the built-in endpoint.
Message Size: Maximum 256 KB per message (standard tier) – this includes the body and system properties.
Cloud-to-Device (C2D) Messages: Maximum 64 KB per message. Each device has a queue that holds up to 50 messages. TTL defaults to 1 hour, configurable up to 2 days.
Device-to-Cloud (D2C) Telemetry: IoT Hub supports at-least-once delivery. Acknowledgment can be requested by setting the iothub-ack property.
Throttling Limits: For standard tier, up to 6,000 messages per second per unit (S1: 1 unit = 1.1 million messages/day; S2: 1 unit = 11 million messages/day).
Protocols: MQTT (port 8883), MQTT over WebSockets (port 443), AMQP (port 5671), AMQP over WebSockets (port 443), HTTPS (port 443).
Configuration and Verification Commands
You can create an IoT Hub using Azure CLI:
az iot hub create --resource-group MyResourceGroup --name MyIoTHub --sku S1 --unit-count 1To send a simulated device message:
az iot device simulate --device-id MyDevice --hub-name MyIoTHub --data "{\"temperature\":25}"To view device telemetry:
az iot hub monitor-events --hub-name MyIoTHub --device-id MyDeviceHow IoT Hub Interacts with Related Technologies
IoT Hub is often the entry point for telemetry that flows into Azure data analytics services: - Azure Stream Analytics: Directly consumes from IoT Hub's built-in endpoint to run real-time queries. - Azure Blob Storage: Custom endpoint to archive raw telemetry for batch processing. - Azure Functions: Triggered by IoT Hub events to process messages serverlessly. - Azure Time Series Insights: Connects to IoT Hub for real-time visualization of telemetry streams. - Azure Event Grid: Can publish device lifecycle events (registered, deleted) to trigger workflows.
For the DP-900 exam, you need to know that IoT Hub is the preferred ingestion service for device telemetry because it offers device management and bidirectional communication, unlike Event Hubs which is more generic.
Message Routing and Endpoints
IoT Hub supports up to 10 custom endpoints in the standard tier. Routes can filter messages based on message properties (system or application) and body content using a routing query language similar to SQL. For example:
temperature > 30 AND humidity < 20Messages that do not match any route are sent to the fallback route, which is disabled by default. If enabled, unmatched messages go to the built-in endpoint.
Security and Authentication
IoT Hub supports three authentication mechanisms: - Symmetric key: Shared access signature (SAS) tokens generated from device keys. - X.509 certificates: Self-signed or CA-signed certificates for per-device or group enrollment. - Azure AD integration: For service-level operations (not device-level).
Device Provisioning Service (DPS)
DPS is a helper service that automates device registration to IoT Hub. It is not covered heavily in DP-900 but is often mentioned in the context of zero-touch provisioning.
Telemetry Ingestion Flow
Device connects to IoT Hub using a supported protocol.
Device sends a message to /devices/{deviceId}/messages/events.
IoT Hub authenticates the device (validates SAS token or certificate).
Message is placed into the device-specific queue.
Routing rules are evaluated; message is forwarded to matching endpoints.
If no route matches and fallback is enabled, message goes to built-in endpoint.
If acknowledgment is requested, IoT Hub sends a confirmation back to the device.
Failures and Dead-Lettering
If a message cannot be delivered to a custom endpoint (e.g., storage account is full), IoT Hub will retry up to 10 times, then move the message to a dead-letter queue. The dead-letter queue stores the original message and error details.
Scaling and Performance
IoT Hub units determine throughput. Each unit of S1 allows 1.1 million messages/day, S2 allows 11 million messages/day. You can add multiple units to increase capacity. The free tier (F1) allows 8,000 messages/day but is not recommended for production.
Exam-Relevant Details
IoT Hub is not a data storage service; it is a message broker. Telemetry must be routed to a storage service for persistence.
The built-in endpoint is Event Hub-compatible, meaning you can use Event Hubs SDKs to read messages.
IoT Hub supports file upload from devices: devices can upload files to Azure Storage via IoT Hub, which provides a SAS URI.
Device twins are JSON documents that store device state and metadata. They are used for configuration and condition monitoring.
Direct methods allow cloud applications to invoke commands on devices (e.g., restart).
Common Mistakes on the Exam
Confusing IoT Hub with Event Hubs: IoT Hub is for device management and bidirectional communication; Event Hubs is for high-throughput event ingestion without device management.
Thinking IoT Hub stores telemetry: It does not; you must route to a storage service.
Assuming all devices use the same endpoint: Each device has a unique endpoint path.
Overlooking the 256 KB message size limit: Larger messages must be uploaded via file upload feature.
Create an IoT Hub instance
Use the Azure portal, CLI, or PowerShell to create an IoT Hub. Choose a globally unique name, select the subscription, resource group, and region. Choose the pricing tier (F1, S1, S2) and unit count. The standard tier is required for advanced features like message routing and device twins. The free tier is limited to 8,000 messages/day and 500 devices. After creation, note the hostname (e.g., MyIoTHub.azure-devices.net) and the connection string for service operations.
Register a device in the identity registry
Each device must be registered before it can connect. Use the Azure portal, CLI, or SDK to add a device. You can choose to auto-generate symmetric keys or provide your own. The device ID is case-sensitive and must be unique. The identity registry stores the device ID, authentication keys, device twin state, and connection status. For production, use the Device Provisioning Service (DPS) for bulk registration.
Configure device to send telemetry
On the device, implement the IoT Hub SDK (available for C, C#, Java, Node.js, Python) to connect to the hub. The device authenticates using the device ID and primary key to generate a SAS token. The token has an expiry (default 1 hour). The device sends telemetry messages to the endpoint `/devices/{deviceId}/messages/events`. Each message can include application properties for routing. The SDK handles reconnection and message retries automatically.
Set up message routing
In the IoT Hub, define routes that send messages to custom endpoints (e.g., Blob Storage, Event Hubs, Service Bus Queues). Each route has a name, an endpoint, a data source (Device Telemetry Messages), and an optional routing query. For example, route messages with `temperature > 30` to a Service Bus queue for alerts. You can also enable the fallback route to send unmatched messages to the built-in endpoint.
Monitor telemetry ingestion
Use Azure Monitor and IoT Hub metrics to track telemetry ingestion. Key metrics include: 'telemetry messages sent', 'telemetry messages delivered', 'routing: messages delivered', and 'connected devices'. You can set alerts for anomalies like sudden drops in message count. Use the 'az iot hub monitor-events' CLI command to view live telemetry from a specific device for debugging.
Enterprise Scenario 1: Smart Building Temperature Monitoring
A large enterprise manages 50,000 sensors across office buildings globally. Each sensor sends temperature and humidity readings every 5 minutes. They deploy Azure IoT Hub (S2 tier with 5 units) to ingest the 10,000 messages per second peak. They configure message routing to send all telemetry to Azure Blob Storage for archival, and a second route for temperature readings above 35°C to Azure Service Bus for immediate alerting. They use device twins to update sensor sampling intervals remotely. A common misconfiguration is forgetting to enable the fallback route, causing messages that don't match any route to be dropped silently. They also set up Azure Stream Analytics to process the telemetry from the built-in endpoint for real-time dashboards.
Enterprise Scenario 2: Predictive Maintenance in Manufacturing
A factory uses 10,000 IoT-enabled machines that send vibration, temperature, and pressure data every second. They need low-latency ingestion and reliable delivery. They choose IoT Hub over Event Hubs because they need bidirectional communication (to send firmware updates) and device management. They use DPS for zero-touch provisioning of new machines. They route telemetry to Azure Event Hubs for high-throughput stream processing with Azure Databricks. They also route failed messages to a dead-letter queue in Azure Storage for analysis. Performance consideration: they ensure the IoT Hub partition count matches the Event Hubs partition count to avoid throttling.
Enterprise Scenario 3: Fleet Management with GPS Tracking
A logistics company tracks 100,000 vehicles with GPS devices sending location every 30 seconds. They need to store all telemetry for 7 days for compliance. They use IoT Hub with message routing to Azure Blob Storage, setting the retention policy to 7 days. They also route high-priority messages (e.g., 'engine fault') to Azure Service Bus Topics for dispatch. They monitor message delivery metrics and set alerts for high latency. A common issue is message size: GPS data with additional sensor readings can exceed 256 KB, so they implement file upload for large payloads. They also use device twins to update GPS reporting intervals based on vehicle status.
DP-900 Objective Coverage
Objective 3.5: Describe analytics and IoT services. This includes identifying the capabilities of Azure IoT Hub, its role in telemetry ingestion, and how it integrates with other Azure data services. The exam expects you to differentiate IoT Hub from Event Hubs and understand the basic flow of device-to-cloud and cloud-to-device messaging.
Common Wrong Answers and Why Candidates Choose Them
'IoT Hub stores telemetry data permanently' – Candidates confuse message retention (1-7 days) with permanent storage. IoT Hub is a message broker, not a database. Telemetry must be routed to Azure Storage or another service for persistence.
'IoT Hub is identical to Event Hubs' – Both ingest events, but IoT Hub adds device identity management, device twins, direct methods, and cloud-to-device messaging. The exam tests this distinction.
'All devices connect to the same endpoint' – Each device has a unique endpoint path containing its device ID. The exam may present a scenario where a candidate assumes a shared endpoint.
'IoT Hub supports unlimited message size' – The maximum message size is 256 KB (standard tier). Larger payloads require file upload.
Specific Numbers and Terms to Memorize
Maximum message size: 256 KB
Default message retention: 1 day (configurable up to 7 days)
Built-in endpoint: Event Hub-compatible
Device-to-cloud endpoint: /devices/{deviceId}/messages/events
Cloud-to-device endpoint: /devices/{deviceId}/messages/devicebound
Protocols: MQTT, AMQP, HTTPS
Free tier limits: 8,000 messages/day, 500 devices
Standard tier S1: 1.1 million messages/day per unit
Edge Cases and Exceptions
The free tier does not support message routing or cloud-to-device messaging.
Message routing queries are case-sensitive for property names.
Device authentication using X.509 certificates does not support renewal via IoT Hub; you must update the device.
IoT Hub does not guarantee message ordering across partitions; within a partition, ordering is preserved.
How to Eliminate Wrong Answers
If the question mentions device management (e.g., updating firmware, device twins), the answer is IoT Hub, not Event Hubs.
If the question asks for permanent storage of telemetry, look for a service like Blob Storage or Data Lake, not IoT Hub.
If the question mentions a need for bidirectional communication, IoT Hub is the correct choice.
If the question talks about high-throughput event ingestion without device management, Event Hubs is more appropriate.
Azure IoT Hub is a managed service for bidirectional communication and device management, not a storage service.
Telemetry messages are limited to 256 KB; larger data must use file upload.
IoT Hub retains messages for 1-7 days; for permanent storage, route to Azure Storage or Event Hubs Capture.
Each device has a unique endpoint: /devices/{deviceId}/messages/events.
IoT Hub supports MQTT, AMQP, and HTTPS protocols.
The free tier (F1) is limited to 8,000 messages/day and 500 devices, and lacks routing and cloud-to-device features.
Message routing can filter based on message properties and body using a SQL-like query language.
IoT Hub provides at-least-once delivery; duplicates are possible.
These come up on the exam all the time. Here's how to tell them apart.
Azure IoT Hub
Provides device identity registry and per-device authentication.
Supports bidirectional communication (cloud-to-device messages).
Includes device management features: device twins, direct methods, jobs.
Supports MQTT protocol natively (port 8883).
Offers message routing with SQL-like queries to multiple endpoints.
Azure Event Hubs
No device identity management; any client with the connection string can send events.
Unidirectional: designed for event ingestion only (no cloud-to-device).
No built-in device management; it is a pure event streaming platform.
Supports AMQP and HTTPS (MQTT not natively supported).
Provides Event Hubs Capture for automatic archiving to Blob Storage.
Mistake
IoT Hub can store telemetry indefinitely.
Correct
IoT Hub retains messages for a maximum of 7 days (default 1 day). For long-term storage, you must route messages to Azure Blob Storage, Data Lake Storage, or another persistent store.
Mistake
All devices share the same endpoint to send telemetry.
Correct
Each device has a unique endpoint path: `/devices/{deviceId}/messages/events`. The device ID is part of the URL, ensuring isolation.
Mistake
IoT Hub and Event Hubs are interchangeable for IoT scenarios.
Correct
IoT Hub provides device identity management, device twins, direct methods, and cloud-to-device messaging, which Event Hubs does not. Event Hubs is a generic event ingestion service without device management.
Mistake
IoT Hub guarantees exactly-once delivery.
Correct
IoT Hub provides at-least-once delivery for device-to-cloud messages. Duplicates can occur; the device or downstream system must handle idempotency.
Mistake
The free tier supports all IoT Hub features.
Correct
The free tier (F1) supports only 8,000 messages/day, 500 devices, and does not support message routing, cloud-to-device messaging, device twins, or direct methods.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
IoT Hub is designed for IoT scenarios requiring device management, bidirectional communication, and per-device authentication. Event Hubs is a generic event ingestion service for high-throughput streaming, without device identity or management features. For DP-900, remember: use IoT Hub when you need to manage devices and send commands to them; use Event Hubs when you only need to ingest events from many sources.
No. IoT Hub retains device-to-cloud messages for a configurable period (1 to 7 days, default 1 day). For permanent storage, you must route messages to a durable storage service like Azure Blob Storage or Azure Data Lake Storage.
IoT Hub supports MQTT (port 8883), MQTT over WebSockets (port 443), AMQP (port 5671), AMQP over WebSockets (port 443), and HTTPS (port 443). The exam may ask which protocol is best for low-bandwidth scenarios (MQTT).
Use cloud-to-device (C2D) messages. You send a message to the device's endpoint `/devices/{deviceId}/messages/devicebound`. The device receives it via its SDK. C2D messages are queued per device (max 50 messages) with a configurable TTL (default 1 hour).
256 KB in the standard tier. This includes the message body and system properties. If you need to send larger data, use the file upload feature where the device uploads a file to Azure Storage via a SAS URI provided by IoT Hub.
The built-in endpoint is an Event Hub-compatible endpoint that receives all device-to-cloud messages. It is used by default if no custom routes are configured. You can read from it using Event Hubs SDKs or consumer groups. The partition count is 4 by default (up to 32 for standard tier).
Yes, there is a free tier (F1) that allows up to 8,000 messages per day and 500 registered devices. However, it lacks many features of the standard tier, such as message routing, cloud-to-device messaging, device twins, and direct methods. It is suitable for small proofs-of-concept.
You've just covered Azure IoT Hub and Telemetry Ingestion — now see how well it sticks with free DP-900 practice questions. Full explanations included, no account needed.
Done with this chapter?