sentinel incident page update

Author: batamig

articles/defender-for-iot/organizations/iot-advanced-threat-monitoring.md

@@ -93,24 +93,23 @@ After you’ve [configured your Defender for IoT data to trigger new incidents i
 
     :::image type="content" source="media/iot-solution/investigate-iot-incidents.png" alt-text="Screenshot of a Microsoft Defender for IoT incident in Microsoft Sentinel.":::
 
-    > [!TIP]
-    > To investigate the incident in Defender for IoT, select the **Investigate in Microsoft Defender for IoT** link at the top of the incident details pane.
+1. Select the incident to open the incident details page, where you can find additional details. For example:
 
-For more information on how to investigate incidents and use the investigation graph, see [Investigate incidents with Microsoft Sentinel](../../sentinel/investigate-cases.md).
-
-### Investigate further with IoT device entities
+    - Understand the incident's business impact and physical location using details like the an IoT device's site, zone, sensor name, and device importance.
+    - Learn about recommended remediation steps by selecting an alert in the incident timeline and viewing the **Remediation steps** area.
 
-When investigating an incident in Microsoft Sentinel, in an incident details pane, select an IoT device entity from the **Entities** list to open its device entity page. You can identify an IoT device by the IoT device icon: :::image type="icon" source="media/iot-solution/iot-device-icon.png" border="false":::
+For more information on how to investigate incidents and use the investigation graph, see [Investigate incidents with Microsoft Sentinel](../../sentinel/investigate-cases.md).
 
-If you don't see your IoT device entity right away, select **View full details** under the entities listed to open the full incident page. In the **Entities** tab, select an IoT device to open its entity page. For example:
+> [!TIP]
+> To investigate the incident in Defender for IoT, select the **Investigate in Microsoft Defender for IoT** link at the top of the incident details pane.
 
- :::image type="content" source="media/iot-solution/incident-full-details-iot-device.png" alt-text="Screenshot of a full detail incident page.":::
+### Investigate further with IoT device entities
 
-The IoT device entity page provides contextual device information, with basic device details and device owner contact information. The device entity page can help prioritize remediation based on device importance and business impact, as per each alert's site, zone, and sensor. For example:
+When investigating an incident in Microsoft Sentinel, in an incident details pane, select an IoT device entity from the **Entities** list to view more details in the entities pane on the right. You can identify an IoT device by the IoT device icon: :::image type="icon" source="media/iot-solution/iot-device-icon.png" border="false":::
 
-:::image type="content" source="media/iot-solution/iot-device-entity-page.png" alt-text="Screenshot of the IoT device entity page.":::
+If you don't see your IoT device entity right away, select **View full details** under the entities listed to open the full incident page, and then check the **Entities** tab. Select an IoT device entity to view entity details on the right, including basic device details, owner contact information, and a timeline of events that occurred on the device.
 
-For more information on entity pages, see [Investigate entities with entity pages in Microsoft Sentinel](../../sentinel/entity-pages.md).
+To drill down even further, select the IoT device entity link and open the device entity details page. For more information, see [Investigate entities with entity pages in Microsoft Sentinel](../../sentinel/entity-pages.md).
 
 You can also hunt for vulnerable devices on the Microsoft Sentinel **Entity behavior** page. For example, view the top five IoT devices with the highest number of alerts, or search for a device by IP address or device name:
 

articles/defender-for-iot/organizations/media/iot-solution/incident-full-details-iot-device.png

@@ -2,7 +2,7 @@
 title: What's new in Microsoft Defender for IoT
 description: This article describes features available in Microsoft Defender for IoT, across both OT and Enterprise IoT networks, and both on-premises and in the Azure portal.
 ms.topic: overview
-ms.date: 01/03/2023
+ms.date: 01/25/2023
 ---
 
 # What's new in Microsoft Defender for IoT?
@@ -20,6 +20,18 @@ Features released earlier than nine months ago are described in the [What's new
 |Service area  |Updates  |
 |---------|---------|
 |**OT networks**     | - **Sensor version 22.3.4**: [Azure connectivity status shown on OT sensors](#azure-connectivity-status-shown-on-ot-sensors)<br>- **Sensor version 22.2.3**: [Update sensor software from the Azure portal](#update-sensor-software-from-the-azure-portal-public-preview)   |
+| **Cloud features** | - [New Microsoft Sentinel incident experience for Defender for IoT](#new-microsoft-sentinel-incident-experience-for-defender-for-iot) |
+
+### New Microsoft Sentinel incident experience for Defender for IoT
+
+Microsoft Sentinel's new [incident experience](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-new-incident-experience-is-here/ba-p/3717042) includes specific features for Defender for IoT customers. SOC analysts can now use the following incident enhancements when investigating OT/IoT-related incidents:
+
+- Better understand an incident's business impact and physical location by viewing the related sites, zones, sensors, and device importance on an incident details page
+- Review a timeline of affected devices and related device details directly on the incident page, instead of investigating on entity details pages for the related devices
+- Review OT alert remediation steps directly on the incident details page
+
+For more information, see [Tutorial: Investigate and detect threats for IoT devices](iot-advanced-threat-monitoring.md) and [Navigate and investigate incidents in Microsoft Sentinel](/azure/sentinel/investigate-incidents).
+
 
 ### Update sensor software from the Azure portal (Public preview)