Merge pull request #232346 from batamig/post-deploy-sanity

post deploy sanity

Author: v-ccolin

articles/defender-for-iot/organizations/alerts.md

@@ -32,7 +32,11 @@ While you can view alert details, investigate alert context, and triage and mana
 |**OT network sensor consoles**     |   Alerts generated by that OT sensor      |    - View the alert's source and destination in the **Device map** <br>- View related events on the **Event timeline**  <br>- Forward alerts directly to partner vendors  <br>- Create alert comments <br> - Create custom alert rules <br>- Unlearn alerts    |
 |**An on-premises management console**     |  Alerts generated by connected OT sensors          |  - Forward alerts directly to partner vendors <br> - Create alert exclusion rules      |
 
-For more information, see [Accelerating OT alert workflows](#accelerating-ot-alert-workflows) and [Alert statuses and triaging options](alerts.md#alert-statuses-and-triaging-options) below.
+For more information, see:
+
+- [Alert data retention](references-data-retention.md#alert-data-retention)
+- [Accelerating OT alert workflows](#accelerating-ot-alert-workflows)
+- [Alert statuses and triaging options](alerts.md#alert-statuses-and-triaging-options)
 
 Alert options also differ depending on your location and user role. For more information, see [Azure user roles and permissions](roles-azure.md) and [On-premises users and roles](roles-on-premises.md).
 

articles/defender-for-iot/organizations/best-practices/sample-connectivity-models.md

@@ -17,22 +17,16 @@ The following diagram shows an example of a ring network topology, in which each
 
 ## Sample: Linear bus and star topology
 
-In a star network, every host is connected to a central hub. In its simplest form, one central hub acts as a conduit to transmit messages. In the following example, lower switches aren't monitored, and traffic that remains local to these switches won't be seen. Devices might be identified based on ARP messages, but connection information will be missing.
+In a star network such as the one shown in the diagram below, every host is connected to a central hub. In its simplest form, one central hub acts as a conduit to transmit messages. In the following example, lower switches aren't monitored, and traffic that remains local to these switches won't be seen. Devices might be identified based on ARP messages, but connection information will be missing.
 
 :::image type="content" source="../media/how-to-set-up-your-network/linear-bus-star-topology.png" alt-text="Diagram of the linear bus and star topology." border="false" lightbox="../media/how-to-set-up-your-network/linear-bus-star-topology.png":::
 
 ## Sample: Multi-layer, multi-tenant network
 
-The following diagram is a general abstraction of a multilayer, multitenant network, with an expansive cybersecurity ecosystem typically operated by an SOC and MSSP.
-
-Typically, NTA sensors are deployed in layers 0 to 3 of the OSI model.
+The following diagram is a general abstraction of a multilayer, multi-tenant network, with an expansive cybersecurity ecosystem typically operated by an security operations center (SOC) and managed security service provider (MSSP). Defender for IoT sensors are typically deployed in layers 0 to 3 of the OSI model.
 
 :::image type="content" source="../media/how-to-set-up-your-network/osi-model.png" alt-text="Diagram of the OSI model." lightbox="../media/how-to-set-up-your-network/osi-model.png" border="false":::
 
 ## Next steps
 
-After you've [understood your own network's OT architecture](understand-network-architecture.md) and [planned out your deployment](plan-network-monitoring.md), learn more about methods for traffic mirroring and passive or active monitoring.
-
-For more information, see:
-
-- [Traffic mirroring methods for OT monitoring](traffic-mirroring-methods.md)
+For more information, see [Traffic mirroring methods for OT monitoring](traffic-mirroring-methods.md).

articles/defender-for-iot/organizations/how-to-accelerate-alert-incident-response.md

@@ -159,20 +159,5 @@ For more information, see
 
 ## Next steps
 
-> [!div class="nextstepaction"]
-> [View and manage alerts from the Azure portal](how-to-manage-cloud-alerts.md)
-
-> [!div class="nextstepaction"]
-> [View and manage alerts on your OT sensor](how-to-view-alerts.md)
-
-> [!div class="nextstepaction"]
-> [Forward alert information](how-to-forward-alert-information-to-partners.md)
-
-> [!div class="nextstepaction"]
-> [OT monitoring alert types and descriptions](alert-engine-messages.md)
-
-> [!div class="nextstepaction"]
-> [View and manage alerts on the the on-premises management console](how-to-work-with-alerts-on-premises-management-console.md)
-
 > [!div class="nextstepaction"]
 > [Microsoft Defender for IoT alerts](alerts.md)

articles/defender-for-iot/organizations/how-to-forward-alert-information-to-partners.md

@@ -310,18 +310,5 @@ If your forwarding alert rules aren't working as expected, check the following d
 
 ## Next steps
 
-> [!div class="nextstepaction"]
-> [Microsoft Defender for IoT alerts](alerts.md)
-
-> [!div class="nextstepaction"]
-> [View and manage alerts on your OT sensor](how-to-view-alerts.md)
-
-> [!div class="nextstepaction"]
-> [View and manage alerts from the Azure portal](how-to-manage-cloud-alerts.md)
-
-> [!div class="nextstepaction"]
-> [OT monitoring alert types and descriptions](alert-engine-messages.md)
-
-
 > [!div class="nextstepaction"]
 > [Microsoft Defender for IoT alerts](alerts.md)

articles/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory.md

@@ -166,6 +166,7 @@ For more information, see [Defender for IoT sensor and management console APIs](
 
 For more information, see:
 
+- [Defender for IoT device inventory](device-inventory.md)
 - [Control what traffic is monitored](how-to-control-what-traffic-is-monitored.md)
 - [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md)
 - [Device data retention periods](references-data-retention.md#device-data-retention-periods).

articles/defender-for-iot/organizations/how-to-investigate-sensor-detections-in-a-device-inventory.md

@@ -152,6 +152,7 @@ All devices detected within the range of the filter will be deleted. If you dele
 
 For more information, see:
 
+- [Defender for IoT device inventory](device-inventory.md)
 - [Control what traffic is monitored](how-to-control-what-traffic-is-monitored.md)
 - [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md)
 - [Device data retention periods](references-data-retention.md#device-data-retention-periods)

articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md

@@ -147,14 +147,5 @@ The file is generated, and you're prompted to save it locally.
 
 ## Next steps
 
-> [!div class="nextstepaction"]
-> [Forward alert information](how-to-forward-alert-information-to-partners.md)
-
-> [!div class="nextstepaction"]
-> [OT monitoring alert types and descriptions](alert-engine-messages.md)
-
 > [!div class="nextstepaction"]
 > [Microsoft Defender for IoT alerts](alerts.md)
-
-> [!div class="nextstepaction"]
-> [Data retention across Microsoft Defender for IoT](references-data-retention.md)

articles/defender-for-iot/organizations/how-to-manage-device-inventory-for-organizations.md

@@ -174,6 +174,7 @@ The merged device that is now listed in the grid retains the details of the devi
 
 For more information, see:
 
+- [Defender for IoT device inventory](device-inventory.md)
 - [Control what traffic is monitored](how-to-control-what-traffic-is-monitored.md)
 - [Detect Windows workstations and servers with a local script](detect-windows-endpoints-script.md)
 - [Device data retention periods](references-data-retention.md#device-data-retention-periods).

articles/defender-for-iot/organizations/how-to-manage-sensors-on-the-cloud.md

@@ -191,11 +191,8 @@ If you need to open a support ticket for a locally managed sensor, upload a diag
 
 ## Next steps
 
-> [!div class="nextstepaction"]
-> [Manage OT sensors from the sensor console](how-to-manage-individual-sensors.md)
-
 > [!div class="nextstepaction"]
 > [Define and view OT sensor settings from the Azure portal (Public preview)](configure-sensor-settings-portal.md)
 
 > [!div class="nextstepaction"]
-> [View and manage alerts on the Defender for IoT portal (Preview)](how-to-manage-cloud-alerts.md)
+> [Manage OT sensors from the sensor console](how-to-manage-individual-sensors.md)

articles/defender-for-iot/organizations/how-to-track-sensor-activity.md

@@ -9,23 +9,20 @@ ms.topic: how-to
 
 Activity detected by your Microsoft Defender for IoT sensors is recorded in the event timeline. Activity includes alerts and alert management actions, network events, and user operations such as user sign-in or user deletion.
 
-The event timeline provides a chronological view and context of all network activity, to help determine the cause and effect of incidents. The timeline view makes it easy to extract information from network events, and more efficiently analyze alerts and events observed on the network. With the ability to store vast amounts of data, the event timeline view can be a valuable resource for security teams to perform investigations and gain a deeper understanding of network activity.
+The OT sensor's event timeline provides a chronological view and context of all network activity, to help determine the cause and effect of incidents. The timeline view makes it easy to extract information from network events, and more efficiently analyze alerts and events observed on the network. With the ability to store vast amounts of data, the event timeline view can be a valuable resource for security teams to perform investigations and gain a deeper understanding of network activity.
 
 Use the event timeline during investigations, to understand and analyze the chain of events that preceded and followed an attack or incident. The centralized view of multiple security-related events on the same timeline helps to identify patterns and correlations, and enable security teams to quickly assess the impact of incidents and respond accordingly.
 
-Enhance your security analysis and incident investigations with the event timeline, with the following options:
+For more information, see:
 
 - [View events on the timeline](#view-the-event-timeline)
-
 - [Audit user activity](track-user-activity.md)
-
 - [View and manage alerts](how-to-view-alerts.md#view-details-and-remediate-a-specific-alert)
-
 - [Analyze programming details and changes](how-to-analyze-programming-details-changes.md)
 
 ## Permissions
 
-Administrator or Security Analyst permissions are required to perform the procedures described in this article.
+Before you perform the procedures described in this article, make sure that you have access to an OT sensor as an **Admin** or **Security Analyst** role. For more information, see [On-premises users and roles for OT monitoring with Defender for IoT](roles-on-premises.md).
 
 ## View the event timeline
 
@@ -112,8 +109,8 @@ The maximum number of events shown in the event timeline is dependent on [the ha
 
 ## Next steps
 
-[Audit user activity](track-user-activity.md)
+For more information, see:
 
-[View details and remediate a specific alert](how-to-view-alerts.md#view-details-and-remediate-a-specific-alert)
-
-[Analyze programming details and changes](how-to-analyze-programming-details-changes.md)
+- [Audit user activity](track-user-activity.md)
+- [View details and remediate a specific alert](how-to-view-alerts.md#view-details-and-remediate-a-specific-alert)
+- [Analyze programming details and changes](how-to-analyze-programming-details-changes.md)