Merge pull request #89707 from mlottner/iot-security-working

tiburd · web-flow · commit 141339a43add · 2019-09-25T13:27:15.000-07:00
Sept 2019 release candidate
diff --git a/articles/asc-for-iot/TOC.yml b/articles/asc-for-iot/TOC.yml
@@ -21,7 +21,7 @@
 - name: Quickstarts
   expanded: true
   items:
-  - name: Enable Azure Security Center for IoT in IoT Hub
+  - name: Onboard Azure Security Center for IoT in IoT Hub
     href: quickstart-onboard-iot-hub.md
   - name: Configure your solution
     href: quickstart-configure-your-solution.md
@@ -73,6 +73,8 @@
     href: how-to-security-data-access.md
   - name: Investigate a device
     href: how-to-investigate-device.md
+  - name: Customize your solution
+    href: how-to-customize-solution.md
 - name: Resources
   items:
   - name: Frequently asked questions
diff --git a/articles/asc-for-iot/how-to-customize-solution.md b/articles/asc-for-iot/how-to-customize-solution.md
@@ -0,0 +1,57 @@
+---
+title: Azure Security Center for IoT solution customization guide| Microsoft Docs
+description: This how to guide explains how to customize settings in your Azure Security Center for IoT solution.
+services: asc-for-iot
+ms.service: asc-for-iot
+documentationcenter: na
+author: mlottner
+manager: rkarlin
+editor: ''
+
+ms.assetid: b18b48ae-b445-48f8-9ac0-365d6e065b64
+ms.subservice: asc-for-iot
+ms.devlang: na
+ms.topic: conceptual
+ms.tgt_pltfrm: na
+ms.workload: na
+ms.date: 09/25/2019
+ms.author: mlottner
+
+---
+
+# Customize your Azure Security Center for IoT solution 
+
+In this guide, learn how to customize different settings in Azure Security Center for IoT.  
+
+> [!div class="checklist"]
+> * Configure solution recommendations 
+> * Change settings 
+
+## Change settings
+
+"Manage your Azure Security Center for IoT setting:
+
+On your IoT Hub, go to the security overview blade 
+ on the top left corner, see "settings" 
+To configure your Azure Security Center for IoT settings, do the following:
+
+1. Open your **IoT Hub** in Azure portal. 
+1. From the left menu under **Security**, select and open **Overview**.
+1. Under Settings, select the solution setting you'd like to change.   
+1. Remember to always click **Save** at the top of any setting screen to save your setting changes. 
+
+## Configure solution recommendations
+
+To configure your Azure Security Center for IoT solution recommendations, do the following:
+
+1. Open your **IoT Hub** in Azure portal. 
+1. Select and open **Overview** under **Security** in the left menu.
+1. Under Settings, select **Recommended Configuration** from the left menu. 
+1. Disable/enable the solution recommendations relevant for your organization and workflows. 
+1. Select **Save** at the top of the screen to save your selections. 
+
+## Next steps
+
+- Azure Security Center for IoT service [Overview](overview.md)
+- Learn how to [Access your security data](how-to-security-data-access.md)
+- Learn more about [Investigating a device](how-to-investigate-device.md)
diff --git a/articles/asc-for-iot/how-to-deploy-edge.md b/articles/asc-for-iot/how-to-deploy-edge.md
@@ -1,5 +1,5 @@
 ---
-title: Deploy Azure Security Center for IoT Edge module (preview)| Microsoft Docs
+title: Deploy Azure Security Center for IoT Edge module| Microsoft Docs
 description: Learn about how to deploy an Azure Security Center for IoT security agent on IoT Edge.
 services: asc-for-iot
 ms.service: asc-for-iot
@@ -21,10 +21,6 @@ ms.author: mlottner
 
 # Deploy a security module on your IoT Edge device
 
-> [!IMPORTANT]
-> Azure Security Center for IoT IoT Edge device support is currently in public preview.
-> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities. 
-> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
 **Azure Security Center for IoT** module provides a comprehensive security solution for your IoT Edge devices.
 The security module collects, aggregates, and analyzes raw security data from your Operating System and Container system into actionable security recommendations and alerts.
@@ -38,19 +34,19 @@ Use the following steps to deploy an Azure Security Center for IoT security modu
 
 ### Prerequisites
 
-- In your IoT Hub, make sure your device is [registered as an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/how-to-register-device-portal).
+1. In your IoT Hub, make sure your device is [registered as an IoT Edge device](https://docs.microsoft.com/azure/iot-edge/how-to-register-device-portal).
 
-- Azure Security Center for IoT Edge module requires the [AuditD framework](https://linux.die.net/man/8/auditd) be  installed on the IoT Edge device.
+1. Azure Security Center for IoT Edge module requires the [AuditD framework](https://linux.die.net/man/8/auditd) is installed on the IoT Edge device.
 
     - Install the framework by running the following command on your IoT Edge device:
    
-      `sudo apt-get install auditd audispd-plugins`
-   
-    - Verify AuditD is active by running the following command:
+    `sudo apt-get install auditd audispd-plugins`
+
+    - Verify AuditD is active by running the following command: 
    
-      `sudo systemctl status auditd`
-      
-        The expected response is `active (running)`. 
+    `sudo systemctl status auditd`<br>
+    - Expected response is: `active (running)` 
+        
 
 ### Deployment using Azure portal
 
@@ -69,12 +65,12 @@ Use the following steps to deploy an Azure Security Center for IoT security modu
 
 There are three steps to create an IoT Edge deployment for Azure Security Center for IoT. The following sections walk through each one. 
 
-#### Step 1: Add Modules
+#### Step 1: Add modules
 
 1. From the **Add Modules** tab, **Deployment Modules** area, click  **AzureSecurityCenterforIoT**. 
    
 1. Change the **name** to **azureiotsecurity**.
-1. Change the **Image URI** to **mcr.microsoft.com/ascforiot/azureiotsecurity:0.0.3**.
+1. Change the **Image URI** to **mcr.microsoft.com/ascforiot/azureiotsecurity:1.0.0**.
 1. Verify the **Container Create Options** value is set to:      
     ``` json
     {
@@ -96,41 +92,35 @@ There are three steps to create an IoT Edge deployment for Azure Security Center
 1. Verify that **Set module twin's desired properties** is selected, and change the configuration object to:
       
     ``` json
-      "properties.desired": {
-        "azureiot*com^securityAgentConfiguration^1*0*0": {
+    "desired": {
+        "ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
+          } 
         }
-      }
-      ```
+    ```
 
 1. Click **Save**.
-1. Scroll to the bottom of the tab and select **Configure advanced Edge Runtime settings**.
+1. Scroll to the bottom of the tab and select **Configure advanced Edge Runtime settings**. 
    
-   
-1. Change the **Image** under **Edge Hub** to **mcr.microsoft.com/ascforiot/edgehub:1.0.9-preview**.
-
-   >[!Note]
-   > Azure Security Center for IoT module requires a forked version of IoT Edge Hub, based on SDK version 1.20.
-   > By changing IoT Edge Hub image, you are instructing your IoT Edge device to replace the latest stable release with the forked version of IoT Edge Hub, which is not officially supported by the IoT Edge service.
+1. Change the **Image** under **Edge Hub** to **mcr.microsoft.com/azureiotedge-hub:1.0.9-rc2**.
 
 1. Verify **Create Options** is set to: 
          
     ``` json
-    {
-      "HostConfig": {
-        "PortBindings": {
-          "8883/tcp": [{"HostPort": "8883"}],
-          "443/tcp": [{"HostPort": "443"}],
-          "5671/tcp": [{"HostPort": "5671"}]
+    { 
+    "HostConfig":{
+                    "PortBindings":{
+                    "8883/tcp": [{"HostPort": "8883"}],
+                    "443/tcp": [{"HostPort": "443"}],
+                    "5671/tcp": [{"HostPort": "5671"}]
+                    }
         }
-      }
     }
     ```
-      
 1. Click **Save**.
    
 1. Click **Next**.
 
-#### Step 2: Specify Routes 
+#### Step 2: Specify routes 
 
 1. In the **Specify Routes** tab, make sure you have a route (explicit or implicit) that will forward messages from the **azureiotsecurity** module to **$upstream**. 
 1. Click **Next**.
@@ -143,7 +133,7 @@ There are three steps to create an IoT Edge deployment for Azure Security Center
     "ASCForIoTRoute": "FROM /messages/modules/azureiotsecurity/* INTO $upstream"
     ~~~
 
-#### Step 3: Review Deployment
+#### Step 3: Review deployment
 
 - In the **Review Deployment** tab, review your deployment information, then select **Submit** to complete the deployment.
 
@@ -155,14 +145,14 @@ If you encounter an issue, container logs are the best way to learn about the st
 
 1. Run the following command on your IoT Edge device:
     
-     `sudo docker ps`
+    `sudo docker ps`
    
 1. Verify that the following containers are running:
    
    | Name | IMAGE |
    | --- | --- |
-   | azureiotsecurity | mcr.microsoft.com/ascforiot/azureiotsecurity:0.0.3 |
-   | edgeHub | mcr.microsoft.com/ascforiot/edgehub:1.0.9-preview |
+   | azureiotsecurity | mcr.microsoft.com/ascforiot/azureiotsecurity:1.0.0 |
+   | edgeHub | mcr.microsoft.com/azureiotedge-hub:1.0.9-rc2 |
    | edgeAgent | mcr.microsoft.com/azureiotedge-agent:1.0 |
    
    If the minimum required containers are not present, check if your IoT Edge deployment manifest is aligned with the recommended settings. For more information, see [Deploy IoT Edge module](#deployment-using-azure-portal).
diff --git a/articles/asc-for-iot/quickstart-configure-your-solution.md b/articles/asc-for-iot/quickstart-configure-your-solution.md
@@ -14,7 +14,7 @@ ms.devlang: na
 ms.topic: quickstart
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 07/23/2019
+ms.date: 09/25/2019
 ms.author: mlottner
 
 ---
@@ -28,11 +28,11 @@ Azure Security Center for IoT provides comprehensive end-to-end security for Azu
 
 With Azure Security Center for IoT, you can monitor your entire IoT solution in one dashboard, surfacing all of your IoT devices, IoT platforms and back-end resources in Azure.
 
-Once enabled on your IoT Hub, Azure Security Center for IoT automatically identifies other Azure services, also connected to your IoT hub and related to your IoT solution.
+Once enabled on your IoT Hub, Azure Security Center for IoT automatically identifies other Azure services, also connected to your IoT Hub and related to your IoT solution.
 
-In addition to automatic relationship detection, you can also pick and choose which other Azure resource groups to tag as part of your IoT solution.
+In addition to automatic relationship detection, you can also pick and choose which other Azure resource groups to tag as part of your IoT solution. 
 
-Your selections allow you to add entire subscriptions, resource groups, or single resources.
+Your selections allow you to add entire subscriptions, resource groups, or single resources. 
 
 After defining all of the resource relationships, Azure Security Center for IoT leverages Azure Security Center to provide you security recommendations and alerts for these resources.
 
@@ -41,9 +41,9 @@ After defining all of the resource relationships, Azure Security Center for IoT
 To add new resource to your IoT solution, do the following: 
 
 1. Open your **IoT Hub** in Azure portal. 
-2. Select and open **Resources** under **Security** from the left menu. 
-3. Select **Edit** and choose the resources groups that belong to your IoT solution.
-5. Click **Add**. 
+1. Select and open **Resources** from under **Security** in the left menu. 
+1. Select **Edit** and choose the resources groups that belong to your IoT solution.
+1. Click **Add**. 
 
 Congratulations! You've added a new resource group to your IoT solution.
 
diff --git a/articles/asc-for-iot/quickstart-onboard-iot-hub.md b/articles/asc-for-iot/quickstart-onboard-iot-hub.md
@@ -15,7 +15,7 @@ ms.devlang: na
 ms.topic: quickstart
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 05/16/2019
+ms.date: 07/23/2019
 ms.author: mlottner
 
 ---
@@ -36,19 +36,6 @@ This article provides an explanation of how to enable the Azure Security Center
 - IoT Hub (standard tier)
 - Meet all [service prerequisites](service-prerequisites.md) 
 
-|Supported Azure service regions | ||
-|---|---|---|
-| Central US |East US |East US 2 |
-| West Central US |West US |West US2 |
-| Central US South|North Central US | Canada Central|
-| Canada East| North Europe|Brazil South|
-| France Central| UK West|UK South|
-|West Europe|Northern Europe| Japan West|
-|Japan East | Australia Southeast|Australia East|
-|East Asia| Southeast Asia| Korea Central|
-|Korea South| Central India| South India|
-|
-
 ## Enable Azure Security Center for IoT on your IoT Hub 
 
 To enable security on your IoT Hub, do the following: 
diff --git a/articles/asc-for-iot/service-prerequisites.md b/articles/asc-for-iot/service-prerequisites.md
@@ -14,13 +14,13 @@ ms.devlang: na
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: na
-ms.date: 07/28/2019
+ms.date: 09/25/2019
 ms.author: mlottner
 
 ---
 # Azure Security Center for IoT prerequisites
 
-This article provides an explanation of the different building blocks of the Azure Security Center (ASC) for IoT service, what you need to begin, and explains the basic concepts to help understand the service. 
+This article provides an explanation of the different building blocks of the Azure Security Center for IoT service, what you need to begin, and explains the basic concepts to help understand the service. 
 
 ## Minimum requirements
 
@@ -30,13 +30,13 @@ This article provides an explanation of the different building blocks of the Azu
 - Azure Security Center (recommended)
     - Use of Azure Security Center is a recommendation, and not a requirement. Without Azure Security Center, you'll be unable to view your other Azure resources within IoT Hub. 
  
-## Working with ASC for IoT service
+## Working with Azure Security Center for IoT service
 
-ASC for IoT insights and reporting are available using Azure IoT Hub and Azure Security Center. To enable ASC for IoT on your Azure IoT Hub, an account with **Owner** level privileges is required. After enabling ASC for IoT in your IoT Hub, ASC for IoT insights are displayed as the **Security** feature in Azure IoT Hub and as  **IoT** in Azure Security Center. 
+Azure Security Center for IoT insights and reporting are available using Azure IoT Hub and Azure Security Center. To enable Azure Security Center for IoT on your Azure IoT Hub, an account with **Owner** level privileges is required. After enabling ASC for IoT in your IoT Hub, Azure Security Center for IoT insights are displayed as the **Security** feature in Azure IoT Hub and as  **IoT** in Azure Security Center. 
 
 ## Supported service regions 
 
-ASC for IoT is currently supported for IoT Hubs in the following Azure regions:
+Azure Security Center for IoT is currently supported for IoT Hubs in the following Azure regions:
   - Central US	
   - East US	
   - East US 2
@@ -64,6 +64,8 @@ ASC for IoT is currently supported for IoT Hubs in the following Azure regions:
   - Korea South	
   - Central India
   - South India
+
+Azure Security Center for IoT routes all traffic from all European regions to the West Europe regional data center and all remaining regions to the Central US regional data center.  
   
 ## Where's my IoT Hub?
 
@@ -76,7 +78,7 @@ Check your IoT Hub location to verify service availability before you begin.
 
 ## Supported platforms for agents 
 
-ASC for IoT agents supports a growing list of devices and platforms. See the [supported platform list](how-to-deploy-agent.md) to check your existing or planned device library.  
+Azure Security Center for IoT agents supports a growing list of devices and platforms. See the [supported platform list](how-to-deploy-agent.md) to check your existing or planned device library.  
 
 ## Next steps
 - Read the Azure IoT Security [Overview](overview.md)
