Merge pull request #207680 from batamig/root-trust

v-ccolin · web-flow · commit 1c6eb79d6cfa · 2022-08-14T10:57:05.000+01:00
adding root of trust statement
diff --git a/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-on-premises-management-console.md b/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-on-premises-management-console.md
@@ -44,6 +44,8 @@ After you sign in for the first time, you need to activate the on-premises manag
 
    The on-premises management console can be associated to one or more subscriptions. The activation file is associated with all the selected subscriptions and the number of committed devices at the time of download.
 
+   [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
    :::image type="content" source="media/how-to-manage-sensors-from-the-on-premises-management-console/multiple-subscriptions.png" alt-text="Screenshot that shows selecting multiple subscriptions." lightbox="media/how-to-manage-sensors-from-the-on-premises-management-console/multiple-subscriptions.png":::
 
    If you haven't already onboarded Defender for IoT to a subscription, see [Onboard a Defender for IoT plan for OT networks](how-to-manage-subscriptions.md#onboard-a-defender-for-iot-plan-for-ot-networks).
diff --git a/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md b/articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md
@@ -33,8 +33,11 @@ Before signing in to the sensor console, administrator users should have access
 
 - The activation file associated with this sensor. The file was generated and downloaded during sensor onboarding by Defender for IoT.
 
+
 - An SSL/TLS CA-signed certificate that your company requires.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 ### About activation files
 
 Your sensor was onboarded to Microsoft Defender for IoT in a specific management mode:
diff --git a/articles/defender-for-iot/organizations/how-to-create-and-manage-users.md b/articles/defender-for-iot/organizations/how-to-create-and-manage-users.md
@@ -259,6 +259,8 @@ You can recover the password for the on-premises management console or the senso
 
     :::image type="content" source="media/how-to-create-and-manage-users/enter-identifier.png" alt-text="Screenshot of entering enter the unique identifier and then selecting recover." lightbox="media/how-to-create-and-manage-users/enter-identifier.png":::
 
+   [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 1. On the Password recovery screen, select **Upload**. **The Upload Password Recovery File** window will open.
 
 1. Select **Browse** to locate your `password_recovery.zip` file, or drag the `password_recovery.zip` to the window.
diff --git a/articles/defender-for-iot/organizations/how-to-install-software.md b/articles/defender-for-iot/organizations/how-to-install-software.md
@@ -21,6 +21,7 @@ Mount the ISO file using one of the following options:
 
 - **Virtual mount** – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
 
+
 ## Pre-installation configuration
 
 Each appliance type comes with its own set of instructions that are required before installing Defender for IoT software.
diff --git a/articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md b/articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md
@@ -51,15 +51,17 @@ You might need to upload a new activation file for an onboarded sensor when:
 1. Use the search bar to find the sensor you just added, and select it.
 1. Select the three dots (...) on the row and select **Download activation file**.
 
-6. Save the file.
+    [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
 
-7. Sign in to the Defender for IoT sensor console.
+1. Save the file.
 
-8. Select **System Settings** > **Sensor management** > **Subscription & Activation Mode**.
+1. Sign in to the Defender for IoT sensor console.
+
+1. Select **System Settings** > **Sensor management** > **Subscription & Activation Mode**.
 
-9. Select **Upload** and select the file that you saved.
+1. Select **Upload** and select the file that you saved.
 
-10. Select **Activate**.
+1. Select **Activate**.
 
 ### Troubleshoot activation file upload
 
@@ -355,6 +357,8 @@ This feature is supported for the following sensor versions:
 - **22.1.1** - Download a diagnostic log from the sensor console
 - **22.1.3** - For locally-managed sensors, [upload a diagnostics log](how-to-manage-sensors-on-the-cloud.md#upload-a-diagnostics-log-for-support-public-preview) from the **Sites and sensors** page in the Azure portal. This file is automatically sent to support when you open a ticket on a cloud-connected sensor.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 **To download a diagnostics log**:
 
 1. On the sensor console, select **System settings** > **Backup & Restore** > **Backup**.
diff --git a/articles/defender-for-iot/organizations/how-to-manage-sensors-from-the-on-premises-management-console.md b/articles/defender-for-iot/organizations/how-to-manage-sensors-from-the-on-premises-management-console.md
@@ -57,9 +57,12 @@ You can define the following sensor system settings from the management console:
 
 ## Update threat intelligence packages
 
-The data package for threat intelligence is provided with each new Defender for IoT version, or if needed between releases. The package contains signatures (including malware signatures), CVEs, and other security content. 
+The data package for threat intelligence is provided with each new Defender for IoT version, or if needed between releases. The package contains signatures (including malware signatures), CVEs, and other security content.
+
+You can manually upload this file in the Azure portal and automatically update it to sensors.
+
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
 
-You can manually upload this file in the Azure portal and automatically update it to sensors. 
 
 **To update the threat intelligence data:**
 
diff --git a/articles/defender-for-iot/organizations/how-to-manage-subscriptions.md b/articles/defender-for-iot/organizations/how-to-manage-subscriptions.md
@@ -105,7 +105,11 @@ Once you've onboarded a plan for Enterprise IoT networks from Defender for Endpo
 
 ### About Defender for IoT trials
 
-If you would like to evaluate Defender for IoT, you can use a trial commitment. The trial is valid for 30 days and supports 1000 committed devices. Using the trial lets you deploy one or more Defender for IoT sensors on your network. Use the sensors to monitor traffic, analyze data, generate alerts, learn about network risks and vulnerabilities, and more. The trial also allows you to download an on-premises management console to view aggregated information generated by sensors.
+If you would like to evaluate Defender for IoT, you can use a trial commitment.
+
+The trial is valid for 30 days and supports 1000 committed devices. Using the trial lets you deploy one or more Defender for IoT sensors on your network to monitor traffic, analyze data, generate alerts, learn about network risks and vulnerabilities, and more.
+
+The trial also allows you to install an on-premises management console to view aggregated information generated by sensors.
 
 ## Edit a plan for OT networks
 
diff --git a/articles/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console.md b/articles/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console.md
@@ -23,6 +23,8 @@ You may need to download software for your on-premises management console if you
 
     :::image type="content" source="media/update-ot-software/on-premises-download.png" alt-text="Screenshot of the Download option for the on-premises management console." lightbox="media/update-ot-software/on-premises-download.png":::
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 ## Upload an activation file
 
 When you first sign in, an activation file for the on-premises management console is downloaded. This file contains the aggregate committed devices that are defined during the onboarding process. The list includes sensors associated with multiple subscriptions.
@@ -36,10 +38,13 @@ After initial activation, the number of monitored devices might exceed the numbe
 
    :::image type="content" source="media/how-to-manage-sensors-from-the-on-premises-management-console/cloud_download_opm_activation_file.png" alt-text="Download the activation file.":::
 
+   [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 1. Select **System Settings** from the management console.
 1. Select **Activation**.
 1. Select **Choose a File** and select the file that you saved.
 
+
 ## Manage certificates
 
 Following on-premises management console installation, a local self-signed certificate is generated and used to access the web application. When logging in to the on-premises management console for the first time, Administrator users are prompted to provide an SSL/TLS certificate. 
diff --git a/articles/defender-for-iot/organizations/how-to-set-up-snmp-mib-monitoring.md b/articles/defender-for-iot/organizations/how-to-set-up-snmp-mib-monitoring.md
@@ -15,6 +15,9 @@ Supported SNMP versions are SNMP version 2 and version 3. The SNMP protocol util
 
 Download the SNMP MIB file from Defender for IoT in the Azure portal. Select **Sites and sensors > More actions > Download SNMP MIB file**.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
+
 ## Sensor OIDs
 
 | Management console and sensor | OID | Format | Description |
diff --git a/articles/defender-for-iot/organizations/how-to-view-alerts.md b/articles/defender-for-iot/organizations/how-to-view-alerts.md
@@ -159,7 +159,7 @@ You can generate the following alert reports:
 1. Select **View full details**.
 1. Select **Download Full PCAP** or **Download Filtered PCAP**.
 
-PCAP files provide more detailed information about the network traffic that occurred at the time of the alert event. 
+PCAP files provide more detailed information about the network traffic that occurred at the time of the alert event.
 
 ## View alerts in the Defender for IoT portal
 
diff --git a/articles/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages.md b/articles/defender-for-iot/organizations/how-to-work-with-threat-intelligence-packages.md
@@ -70,6 +70,9 @@ Packages can be downloaded the Azure portal and manually uploaded to individual
 
 This option is available for both *cloud connected* and *locally managed* sensors.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
+
 **To upload to a single sensor:**
 
 1. Go to the Microsoft Defender for IoT **Updates** page.
diff --git a/articles/defender-for-iot/organizations/includes/root-of-trust.md b/articles/defender-for-iot/organizations/includes/root-of-trust.md
@@ -0,0 +1,9 @@
+---
+title: include
+author: batamig
+ms.date: 08/11/2022
+ms.topic: include
+---
+
+<!-- docutune:disable -->
+All files downloaded from the Azure portal are signed by root of trust so that your machines use signed assets only.
diff --git a/articles/defender-for-iot/organizations/onboard-sensors.md b/articles/defender-for-iot/organizations/onboard-sensors.md
@@ -27,6 +27,8 @@ This procedure describes how to use the Azure portal to contact vendors for pre-
 
         1. Select **Download**. Download the sensor software and save it in a location that you can access from your selected appliance.
 
+           [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
         1. Install your software. For more information, see [Defender for IoT installation](how-to-install-software.md).
 
 ## Onboard OT sensors
@@ -69,6 +71,8 @@ However, until you activate your sensor, the sensor's status will show as **Pend
 
 Make the downloaded activation file accessible to the sensor console admin so that they can activate the sensor. For more information, see [Upload new activation files](how-to-manage-individual-sensors.md#upload-new-activation-files).
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 ## Onboard Enterprise IoT sensors
 
 For more information, see [Tutorial: Get started with Enterprise IoT](tutorial-getting-started-eiot-sensor.md).
diff --git a/articles/defender-for-iot/organizations/sensor-health-messages.md b/articles/defender-for-iot/organizations/sensor-health-messages.md
@@ -25,7 +25,7 @@ For more information, see [Understand sensor health (Public preview)](how-to-man
 
 |Title  |Message  |Description  |Recommendation  |
 |---------|---------|---------|---------|
-|**Package upload failed** |There was an error uploading the file to the sensor |Upload error |"Verify the sensor’s ability to communicate with download.microsoft.com and retry. <br><br>If the problem persists,  open a support ticket.|
+|**Package upload failed** |There was an error uploading the file to the sensor |Upload error |Verify the sensor’s ability to communicate with download.microsoft.com and retry. <br><br>If the problem persists,  open a support ticket.|
 |**Sensor update failed** | There was an error installing the update.| Installation error |Open a support ticket. |
 | **Unstable traffic to Azure**|Sensor’s connection to Azure is unstable |Unstable traffic to Azure | We recommend that you check the sensor WAN connection, the BW limit settings, and validate network equipment that might be on the route between the sensor and the cloud.|
 | **Outdated**|Outdated software may result in a non-optimal experience |Sensor version is outdated |Upgrade your sensor software to the latest version to use the most recently available Defender for IoT features.|
diff --git a/articles/defender-for-iot/organizations/tutorial-onboarding.md b/articles/defender-for-iot/organizations/tutorial-onboarding.md
@@ -65,6 +65,8 @@ You can either purchase pre-configured appliances or bring your own appliance an
 
 1. Save the downloaded software in a location that will be accessible from your VM.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 ## Create a VM for your sensor
 
 This procedure describes how to create a VM for your sensor with VMware ESXi. 
@@ -233,6 +235,9 @@ Before you can start using your Defender for IoT sensor, you'll need to onboard
 
 1. Select **Register** to add your sensor to Defender for IoT. A success message is displayed and your activation file is automatically downloaded. The activation file is unique for your sensor and contains instructions about your sensor's management mode.
 
+    [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
+
 1. Save the downloaded activation file in a location that will be accessible to the user signing into the console for the first time.
 
 1. At the bottom left of the page, select **Finish**. You can now see your new sensor listed on the Defender for IoT **Sites and sensors** page.
diff --git a/articles/defender-for-iot/organizations/update-ot-software.md b/articles/defender-for-iot/organizations/update-ot-software.md
@@ -53,6 +53,8 @@ In such cases, make sure to update your on-premises management consoles *before*
 
     Make sure to select the version for the update you're performing. For more information, see [Legacy version updates vs. recent version updates](#legacy-version-updates-vs-recent-version-updates).
 
+    [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 1. On your on-premises management console, select **System Settings** > **Version Update**.
 
 1. In the **Upload File** dialog, select **BROWSE FILE** and then browse to and select the update file you'd downloaded from the Azure portal.
@@ -93,6 +95,8 @@ This procedure describes how to manually download the new sensor software versio
 
     Make sure you're downloading the correct file for the update you're performing. For more information, see [Legacy version updates vs. recent version updates](#legacy-version-updates-vs-recent-version-updates).
 
+    [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 1. On your sensor console, select **System Settings** > **Sensor management** > **Software Update**.
 
 1. On the **Software Update** pane on the right, select **Upload file**, and then navigate to and select your downloaded `legacy-sensor-secured-patcher-<Version number>.tar` file.
@@ -123,6 +127,8 @@ The sensor update process won't succeed if you don't update the on-premises mana
 
     Make sure you're downloading the correct file for the update you're performing. For more information, see [Legacy version updates vs. recent version updates](#legacy-version-updates-vs-recent-version-updates).
 
+    [!INCLUDE [root-of-trust](includes/root-of-trust.md)]
+
 1. On your on-premises management console, select **System Settings**, and identify the sensors that you want to update.
 
 1. For any sensors you want to update, make sure that the **Automatic Version Updates** option is selected.
@@ -175,6 +181,7 @@ This procedure is relevant only if you're updating sensors from software version
 
 1. Verify that the status showing in the new sensor row has switched to **Pending activation**.
 
+[!INCLUDE [root-of-trust](includes/root-of-trust.md)]
 
 > [!NOTE]
 > The previous sensor is not automatically deleted after your update. After you've updated the sensor software, make sure to [remove the previous sensor from Defender for IoT](#remove-your-previous-sensor).
