Trust and security at scale: integrate Azure PKI with
device provisioning service for IoT
Background and goals
In the IoT space, every device must authenticate itself before it can communicate with the cloud. The IoT Hub Device Provisioning Service (DPS) enables organizations to set up large numbers of devices by automatically connecting them to the right IoT Hub. Azure Public Key Infrastructure (PKI) is a cloud-based service in Azure that issues and manages digital certificates to securely identify devices and services.
Previously, many customers struggled with certificate-based authentication because it required manual setup and management at scale. Provisioning devices without automation was time-consuming, error-prone, and created barriers to adopting stronger security practices.
By integrating DPS with PKI, each device can now be automatically issued a trusted certificate during provisioning. This removes a major barrier to X.509 certificate adoption and helps customers and partners strengthen their IoT security foundation.
User pain points
Through user research, market studies, white papers, and surveys, we identified the following two critical challenges users face with device certificates and identities.
Reliance on weak authentication
55% of IoT survey respondents indicated that device certificates and identities were their top security priority. Yet, 47% of DPS users still rely on symmetric keys, which are not an ideal or secure way to connect devices.
Complex and costly certificate management
Many customers depend on third-party tools for certificate issuance and lifecycle management, which increases expenses and requires complex integration with Azure IoT.
Design principles
For this project, I focused on guiding users through the process with clarity, so they could proceed with confidence. These principles shaped my design decisions and reflect how I solve challenges in complex, technical domains.
Set clear expectations
Use plain language, reflect user intent, and show progress along the way.
Just-in-time help
Provide contextual guidance with helper text, tooltips, or inline prompts to support users in the moment and prevent errors.
Don’t overwhelm the users
Guide with a step-by-step wizard and progressive disclosure, keeping the main flow simple while offloading complexity into advanced settings.
Streamline the workflow
Group related steps and break information into digestible sections.
Design process
I approach design as an iterative journey. I start with a hypothesis, explore ideas, and gather feedback to refine them. Through each cycle, I aim to bring clarity and confidence to the solution before launch.
This process below shows how I turn ideas into validated designs - from hypothesis to launch.
Hypothesis
Lo-Fi Exploration
Feedback
Iterate
Hi-Fi Design
Launch & monitor
Prototype in Axure
For the Azure PKI project, I used Axure as the prototype tool. It provides a clear and interactive way to communicate the concept across teams, especially with the Azure PKI team, which sits outside our IoT organization.
The prototype also enables us to gather early user feedback, validate assumptions, and shape the user experience before committing to full development.
Given the security priority, it was also critical to identify potential technical constraints and usability challenges early on.
Hi-fi design screens
Example 1: Used wizard-style flow to break the process and reduce cognitive load.
I integrated the PKI linking steps directly into the flow, connecting previously siloed experiences into a cohesive, end-to-end journey. This design helps users understand the full context of their actions, reduce confusion, and streamlines the process of linking and managing certificates across services.
Example 2: Unified registration records in a single view
Previously, users had to switch between IoT hubs and DPS to check registration details and certificate expiration dates. This design consolidated those records into a single view, helping users see the connection between certificate status and device registration, reducing the likelihood of missed expirations or misconfigurations.
User feedback
User feedback confirmed that the new design addressed key pain points in the previous experience. Users highlighted the value of integrating linked apps into a single flow and reducing the effort to find specific devices.
“This is great! Prior to this, I might have gone to linked IoT Hub, then search a particular hub just to find a device by its ID.”
-Lead Software Developer, Mesh Systems
"I'm really glad the link steps are now part of the main flow. It used to feel so disconnected. Now it feels like one continuous process instead of jumping between siloed experiences."
-System Architect #2, Shell Oil