Just read this thread
What I am still asking myself though is whether the IoT Hub does detect that there are multiple active connections that use the same deviceid and credentials?
This could be the case if an attacker would steal the device auth key or the SAS token.
The anti-spoofing property ConnectionDeviceGenerationId does not seem to be used for this since:
generationId - An IoT hub-generated, case-sensitive string up to 128 characters long. This value is used to distinguish devices with the same deviceId, when they have been deleted and re-created.