Merge pull request #269250 from tarTech23/cloud

v-dirichards · web-flow · commit 108986003e37 · 2024-03-19T10:53:28.000-05:00
reordered Cloud connection
diff --git a/articles/defender-for-iot/organizations/architecture-connections.md b/articles/defender-for-iot/organizations/architecture-connections.md
@@ -33,25 +33,27 @@ Use this section to help determine which connection method is right for your clo
 
 |If ...  |... Then use  |
 |---------|---------|
-|- You require private connectivity between your sensor and Azure,  <br>- Your site is connected to Azure via ExpressRoute, or  <br>- Your site is connected to Azure over a VPN  | **[Proxy connections with an Azure proxy](#proxy-connections-with-an-azure-proxy)**        |
-|- Your sensor needs a proxy to reach from the OT network to the cloud, or <br>- You want multiple sensors to connect to Azure through a single point    | **[Proxy connections with proxy chaining](#proxy-connections-with-proxy-chaining)**        |
 |- You want to connect your sensor to Azure directly    | **[Direct connections](#direct-connections)**        |
+|- Your sensor needs a proxy to reach from the OT network to the cloud, or <br>- You want multiple sensors to connect to Azure through a single point    | **[Proxy connections with proxy chaining](#proxy-connections-with-proxy-chaining)**        |
+|- You require private connectivity between your sensor and Azure,  <br>- Your site is connected to Azure via ExpressRoute, or  <br>- Your site is connected to Azure over a VPN  | **[Proxy connections with an Azure proxy](#proxy-connections-with-an-azure-proxy)**        |
 |- You have sensors hosted in multiple public clouds | **[Multicloud connections](#multicloud-connections)** |
 
 > [!NOTE]
 > While most connection methods are relevant for OT sensors only, [Direct connections](#direct-connections) are also used for [Enterprise IoT sensors](eiot-sensor.md).
 
-## Proxy connections with an Azure proxy
+## Direct connections
 
-The following image shows how you can connect your sensors to the Defender for IoT portal in Azure through a proxy in the Azure VNET. This configuration ensures confidentiality for all communications between your sensor and Azure.
+The following image shows how you can connect your sensors to the Defender for IoT portal in Azure directly over the internet from remote sites, without traversing the enterprise network.
 
-:::image type="content" source="media/architecture-connections/proxy.png" alt-text="Diagram of a proxy connection using an Azure proxy." border="false":::
+:::image type="content" source="media/architecture-connections/direct.png" alt-text="Diagram of a direct connection to Azure." border="false":::
 
-Depending on your network configuration, you can access the VNET via a VPN connection or an ExpressRoute connection.
+With direct connections:
 
-This method uses a proxy server hosted within Azure. To handle load balancing and failover, the proxy is configured to scale automatically behind a load balancer.
+- Any sensors connected to Azure data centers directly over the internet or Azure ExpressRoute have a secure and encrypted connection to the Azure data centers. Transport Layer Security (TLS1.2/AES-256) provides *always-on* communication between the sensor and Azure resources.
 
-For more information, see [Connect via an Azure proxy](connect-sensors.md#set-up-an-azure-proxy).
+- The sensor initiates all connections to the Azure portal. Initiating connections only from the sensor protects internal network devices from unsolicited inbound connections, but also means that you don't need to configure any inbound firewall rules.
+
+For more information, see [Provision sensors for cloud management](ot-deploy/provision-cloud-management.md).
 
 ## Proxy connections with proxy chaining
 
@@ -65,19 +67,17 @@ It is the customer's responsibility to set up and maintain third-party proxy ser
 
 For more information, see [Connect via proxy chaining](connect-sensors.md#connect-via-proxy-chaining).
 
-## Direct connections
-
-The following image shows how you can connect your sensors to the Defender for IoT portal in Azure directly over the internet from remote sites, without traversing the enterprise network.
+## Proxy connections with an Azure proxy
 
-:::image type="content" source="media/architecture-connections/direct.png" alt-text="Diagram of a direct connection to Azure." border="false":::
+The following image shows how you can connect your sensors to the Defender for IoT portal in Azure through a proxy in the Azure VNET. This configuration ensures confidentiality for all communications between your sensor and Azure.
 
-With direct connections:
+:::image type="content" source="media/architecture-connections/proxy.png" alt-text="Diagram of a proxy connection using an Azure proxy." border="false":::
 
-- Any sensors connected to Azure data centers directly over the internet or Azure ExpressRoute have a secure and encrypted connection to the Azure data centers. Transport Layer Security (TLS1.2/AES-256) provides *always-on* communication between the sensor and Azure resources.
+Depending on your network configuration, you can access the VNET via a VPN connection or an ExpressRoute connection.
 
-- The sensor initiates all connections to the Azure portal. Initiating connections only from the sensor protects internal network devices from unsolicited inbound connections, but also means that you don't need to configure any inbound firewall rules.
+This method uses a proxy server hosted within Azure. To handle load balancing and failover, the proxy is configured to scale automatically behind a load balancer.
 
-For more information, see [Provision sensors for cloud management](ot-deploy/provision-cloud-management.md).
+For more information, see [Connect via an Azure proxy](connect-sensors.md#set-up-an-azure-proxy).
 
 ## Multicloud connections
 
