sanity

Author: batamig

articles/defender-for-iot/index.yml

@@ -62,6 +62,9 @@ conceptualContent:
         - url: organizations/how-to-activate-and-set-up-your-sensor.md
           itemType: how-to-guide
           text: Activate and set up your OT network sensor
+        - url: organizations/roles-on-premises.md
+          itemType: concept
+          text: On-premises users and roles for OT monitoring
       footerLink:
         url: organizations/index.yml
         text: See more

articles/defender-for-iot/organizations/architecture.md

@@ -9,7 +9,7 @@ ms.date: 12/25/2022
 
 The Microsoft Defender for IoT system is built to provide broad coverage and visibility from diverse data sources.
 
-The following image shows how data can stream into Defender for IoT from network sensors and partner sources to provide a unified view of IoT/OT security. Defender for IoT in the Azure portal provides asset inventories, vulnerability assessments, and continuous threat monitoring.
+The following image shows how data can stream into Defender for IoT from network sensors and third-party sources to provide a unified view of IoT/OT security. Defender for IoT in the Azure portal provides asset inventories, vulnerability assessments, and continuous threat monitoring.
 
 :::image type="content" source="media/architecture/system-architecture.png" alt-text="Diagram of the Defender for IoT OT system architecture." border="false":::
 
@@ -18,7 +18,7 @@ Defender for IoT connects to both cloud and on-premises components, and is built
 Defender for IoT includes the following OT security monitoring components:
 
 - **The Azure portal**, for cloud management and integration to other Microsoft services, such as Microsoft Sentinel.
-- **OT network sensors**, to detect OT devices across your network. OT network sensors are deployed on either a virtual machine or a physical appliance, and configured as cloud-connected sensors, or fully on-premises sensors.
+- **OT network sensors**, to detect OT devices across your network. OT network sensors are deployed on either a virtual machine or a physical appliance, and configured as cloud-connected sensors, or fully on-premises, locally-managed sensors.
 - **An on-premises management console** for centralized OT site management in local, air-gapped environments.
 
 ## What is a Defender for IoT committed device?
@@ -29,7 +29,7 @@ Defender for IoT includes the following OT security monitoring components:
 
 OT network sensors discover and continuously monitor network traffic across your OT devices.
 
-- Network sensors are purpose-built for OT networks. They connect to a SPAN port or network TAP and can provide visibility into risks within minutes of connecting to the network.
+- Network sensors are purpose-built for OT networks and connect to a SPAN port or network TAP. OT network sensors can provide visibility into risks within minutes of connecting to the network.
 
 - Network sensors use OT-aware analytics engines and Layer-6 Deep Packet Inspection (DPI) to detect threats, such as fileless malware, based on anomalous or unauthorized activity.
 
@@ -51,55 +51,57 @@ When you have a cloud connected OT network sensor:
 
 In contrast, when working with locally managed sensors:
 
-- View any data for a specific sensor from the sensor console. For a unified view of all information detected by several sensors, use an on-premises management console. For more information, see [Manage sensors from the management console](how-to-manage-sensors-from-the-on-premises-management-console.md).
+- View any data for a specific sensor from the sensor console. For a unified view of all information detected by several sensors, use an on-premises management console.
 
 - You must manually upload any threat intelligence packages to locally managed sensors.
 
 - Sensor names can be updated in the sensor console.
 
+For more information, see [Manage OT sensors from the sensor console](how-to-manage-individual-sensors.md) and [Manage OT sensors from the management console](how-to-manage-sensors-from-the-on-premises-management-console.md).
 
 ### Analytics engines on OT network sensors
 
 OT network sensors analyze ingested data using built-in analytics engines, and trigger alerts based on both real-time and pre-recorded traffic.
 
 Analytics engines provide machine learning and profile analytics, risk analysis, a device database and set of insights, threat intelligence, and behavioral analytics.
 
-For example, the **policy violation detection** engine models industry control system (ICS) networks and alerts users of any deviation from baseline behavior. For example, deviations might include unauthorized use of specific function codes, access to specific objects, or changes to device configuration.
+For example, the **policy violation detection** engine models industry control system (ICS) networks and alerts users of any deviation from baseline behavior. Deviations might include unauthorized use of specific function codes, access to specific objects, or changes to device configuration.
 
-Since many detection algorithms were built for IT, rather than OT, networks, the extra baseline for ICS networks helps to shorten the systems learning curve for new detections.
+Since many detection algorithms were built for IT, rather than OT networks, the extra baseline for ICS networks helps to shorten the system's learning curve for new detections.
 
 OT network sensors include the following analytics engines:
 
 |Name  |Description  |
 |---------|---------|
 |**Protocol violation detection engine**     |  Identifies the use of packet structures and field values that violate ICS protocol specifications. <br><br>For example, Modbus exceptions or the initiation of an obsolete function code alerts.       |
 |**Industrial malware detection engine**     |  Identifies behaviors that indicate the presence of known malware, such as Conficker, Black Energy, Havex, WannaCry, NotPetya, and Triton.       |
-|**Anomaly detection engine**     | Detects unusual machine-to-machine (M2M) communications and behaviors. <br><br>This engine models ICS networks and therefore requires a shorter learning period than analytics developed for IT, and detects anomalies faster, with minimal false positives. <br><br>For example, Excessive SMB sign-in attempts, and PLC Scan Detected alerts.        |
+|**Anomaly detection engine**     | Detects unusual machine-to-machine (M2M) communications and behaviors. <br><br>This engine models ICS networks and therefore requires a shorter learning period than analytics developed for IT. Anomalies are detected faster, with minimal false positives. <br><br>For example, Excessive SMB sign-in attempts, and PLC Scan Detected alerts.        |
 |**Operational incident detection**     |   Detects operational issues such as intermittent connectivity that can indicate early signs of equipment failure. <br><br> For example, the device might be disconnected (unresponsive), or the Siemens S7 stop PLC command was sent alerts.      |
 
 
 ## Management options
 
 Defender for IoT provides hybrid network support using the following management options:
 
-- **The Azure portal**. Use the Azure portal as a single pane of glass to view all data ingested from your devices via cloud-connected network sensors. The Azure portal provides extra value, such as [workbooks](workbooks.md), [connections to Microsoft Sentinel](../../sentinel/iot-solution.md?bc=%2fazure%2fdefender-for-iot%2fbreadcrumb%2ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended&toc=%2fazure%2fdefender-for-iot%2forganizations%2ftoc.json), and more.
+- **The Azure portal**. Use the Azure portal as a single pane of glass to view all data ingested from your devices via cloud-connected network sensors. The Azure portal provides extra value, such as [workbooks](workbooks.md), [connections to Microsoft Sentinel](iot-solution.md), [security recommendations](recommendations.md), and more.
 
     Also use the Azure portal to obtain new appliances and software updates, onboard and maintain your sensors in Defender for IoT, and update threat intelligence packages. For example:
 
     :::image type="content" source="media/architecture/portal.png" alt-text="Screenshot of the Defender for I O T default view on the Azure portal."lightbox="media/architecture/portal.png":::
 
-- **The sensor console**. You can also view detections for devices connected to a specific sensor from the sensor's console. Use the sensor console to view a network map for devices detected by that sensor, forward sensor information to partner systems, and more. For example:
+- **The OT sensor console**. View detections for devices connected to a specific OT sensor from the sensor's console. Use the sensor console to view a network map for devices detected by that sensor, a timeline of all events that occur on the sensor, forward sensor information to partner systems, and more. For example:
 
     :::image type="content" source="media/release-notes/new-interface.png" alt-text="Screenshot that shows the updated interface." lightbox="media/release-notes/new-interface.png":::
 
-- **The on-premises management console**. In air-gapped environments, you can get a central view of data from all of your sensors from an on-premises management console. The on-premises management console also provides extra maintenance tools and reporting features.
+- **The on-premises management console**. In air-gapped environments, you can get a central view of data from all of your sensors from an on-premises management console. The on-premises management console also lets you organize your network into separate sites and zones to support a [Zero Trust](/security/zero-trust/) mindset, and provides extra maintenance tools and reporting features.
 
 ## Next steps
 
-For OT environments, understand the supported methods for connecting network sensors to Defender for IoT.
+> [!div class="nextstepaction"]
+> [Understand OT sensor connection methods](architecture-connections.md)
 
-For more information, see:
+> [!div class="nextstepaction"]
+> [Connect OT sensors to Microsoft Defender for IoT](connect-sensors.md)
 
-- [Frequently asked questions](resources-frequently-asked-questions.md)
-- [Sensor connection methods](architecture-connections.md)
-- [Connect your sensors to Microsoft Defender for IoT](connect-sensors.md)
+> [!div class="nextstepaction"]
+> [Frequently asked questions](resources-frequently-asked-questions.md)

articles/defender-for-iot/organizations/getting-started.md

@@ -37,26 +37,26 @@ This procedure describes how to add a trial Defender for IoT plan for OT network
 
 **To add your plan**:
 
-1. In the Azure portal, go to **Defender for IoT** > **Plans and pricing** and select **Add plan**.
+1. In the Azure portal, go to **Defender for IoT** and select **Plans and pricing** > **Add plan**.
 
 1. In the **Plan settings** pane, define the following settings:
 
-   - **Subscription**: Select the Azure subscription where you want to add a plan. You'll need a [Security admin](/azure/role-based-access-control/built-in-roles#security-admin), [Contributor](/azure/role-based-access-control/built-in-roles#contributor), or [Owner](/azure/role-based-access-control/built-in-roles#owner) role for the subscription.
+   - **Subscription**: Select the Azure subscription where you want to add a plan. You'll need a [Security admin](/azure/role-based-access-control/built-in-roles#security-admin), [Contributor](/azure/role-based-access-control/built-in-roles#contributor), or [Owner](/azure/role-based-access-control/built-in-roles#owner) role for the selected subscription.
 
         > [!TIP]
-        > If your subscription isn't listed, check your account details and confirm your permissions with the subscription owner.
+        > If your subscription isn't listed, check your account details and confirm your permissions with the subscription owner. Also make sure that you have the right subscriptions selected in your Azure settings > **Directories + subscriptions** page.
 
    - **Price plan**: For the sake of this quickstart, select **Trial - 30 days - 1000 assets limit**.
 
     For example:
 
     :::image type="content" source="media/getting-started/ot-trial.png" alt-text="Screenshot of adding a plan for OT networks to your subscription.":::
 
-1. Select **Next** to review your selections.
+1. Select **Next** to review your selections on the **Review and purchase** tab.
 
-1. Select the **I accept the terms and conditions** option, and then select **Purchase**.
+1. On the **Review and purchase** tab, select the **I accept the terms and conditions** option > **Purchase**.
 
-Your new plan is listed under the relevant subscription in the **Plans** grid. For more information, see [Manage your subscriptions](how-to-manage-subscriptions.md).
+Your new plan is listed under the relevant subscription in the on the **Plans and pricing** > **Plans** page. For more information, see [Manage your subscriptions](how-to-manage-subscriptions.md).
 
 ## Next steps
 

articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md

@@ -1,6 +1,6 @@
 ---
-title: Manage individual sensors
-description: Learn how to manage individual sensors, including managing activation files, certificates, performing backups, and updating a standalone sensor. 
+title: Manage OT sensors from the sensor console - Microsoft Defender for IoT
+description: Learn how to manage individual Microsoft Defender for IoT OT network sensors directly from the sensor's console.
 ms.date: 11/28/2022
 ms.topic: how-to
 ---

articles/defender-for-iot/organizations/how-to-manage-sensors-from-the-on-premises-management-console.md

@@ -1,11 +1,11 @@
 ---
-title: Manage sensors from the on-premises management console 
-description: Learn how to manage sensors from the management console, including updating sensor versions, pushing system settings to sensors, managing certificates, and enabling and disabling engines on sensors.
+title: Manage OT sensors from the on-premises management console
+description: Learn how to manage OT sensors from the on-premises management console, including updating sensor versions, pushing system settings to sensors, managing certificates, and enabling and disabling engines on sensors.
 ms.date: 06/02/2022
 ms.topic: how-to
 ---
 
-# Manage sensors from the management console
+# Manage sensors from the on-premises management console
 
 This article describes how to manage OT sensors from an on-premises management console, such as pushing system settings to individual sensors, or enabling or disabling specific engines on your sensors.