first draft

Author: Shereen-Bhar

articles/defender-for-iot/organizations/how-to-create-data-mining-queries.md

@@ -17,7 +17,7 @@ Data mining query data is continuously saved until a device is deleted, and is a
 
 To create data mining reports, you must be able to access the OT network sensor you want to generate data for as an **Admin** or **Security Analyst** user.
 
-For more information, see [On-premises users and roles for OT monitoring with Defender for IoT](roles-on-premises.md)
+For more information, see [On-premises users and roles for OT monitoring with Defender for IoT](roles-on-premises.md).
 
 ## View an OT sensor predefined data mining report
 
@@ -54,7 +54,7 @@ Create your own custom data mining report if you have reporting needs not covere
     | **Choose category** | Select the categories to include in your report. |
     | **Order by** | Select to sort your data by category or by activity. |
     | **Filter by** | Define a filter for your report using any of the following parameters: <br><br> - **Results within the last**: Enter a number and then select **Minutes**, **Hours**, or **Days** <br> - **IP address / MAC address / Port**: Enter one or more IP addresses, MAC addresses, and ports to filter into your report. Enter a value and then select + to add it to the list.<br> - **Device group**: Select one or mode device groups to filter into your report. |
-    | **Add filter type** | Select to add any of the following filter types into your report. <br><br> - Transport (GENERIC) <br> -	Protocol (GENERIC) <br> - TAG (GENERIC) <br> - Maximum value (GENERIC) <br> - State (GENERIC) <br> - Minimum value (GENERIC) <br><br> Enter a value in the relevant field and then select + to add it to the list. |
+    | **Add filter type** | Select to add any of the following filter types into your report. <br><br> - Transport (GENERIC) <br> - Protocol (GENERIC) <br> - TAG (GENERIC) <br> - Maximum value (GENERIC) <br> - State (GENERIC) <br> - Minimum value (GENERIC) <br><br> Enter a value in the relevant field and then select + to add it to the list. |
 
 1. Select **Save**. Your data mining report is shown in the **My reports** area. For example:
 
@@ -82,9 +82,7 @@ Sign into an on-premises management console to view [out-of-the-box data mining
 
 **To view a data mining report from an on-premises management console**:
 
-Sign into your on-premises management console and select
-
-1. **Reports** on the left.
+1. Sign into your on-premises management console and select **Reports** on the left.
 
 1. From the **Sensors** drop-down list, select the sensor for which you want to generate the report.
 
@@ -98,8 +96,8 @@ The page lists the current report data. Select :::image type="icon" source="medi
 
 - Continue creating other reports for more security data from your OT sensor. For more information, see:
 
-    - [Risk assessment reporting](how-to-create-risk-assessment-reports.md)
-    
-    - [Attack vector reporting](how-to-create-attack-vector-reports.md)
-    
-    - [Create trends and statistics dashboards](how-to-create-trends-and-statistics-reports.md)
+  - [Risk assessment reporting](how-to-create-risk-assessment-reports.md)
+
+  - [Attack vector reporting](how-to-create-attack-vector-reports.md)
+
+  - [Create trends and statistics dashboards](how-to-create-trends-and-statistics-reports.md)

articles/defender-for-iot/organizations/how-to-enhance-port-and-vlan-name-resolution.md

@@ -7,48 +7,70 @@ ms.topic: how-to
 
 # Customize port and VLAN names
 
-You can customize port and VLAN names on your sensors to enrich device resolution.
+Enrich device resolution by customizing port and VLAN names on your sensors.
+
+## Prerequisites
+
+To customize port and VLAN names, you must be able to access the sensor as an **Admin** user.
+
+For more information, see [On-premises users and roles for OT monitoring with Defender for IoT](roles-on-premises.md).
 
 ## Customize a port name
 
-Microsoft Defender for IoT automatically assigns names to most universally reserved ports, such as DHCP or HTTP. You can customize port names for other ports that Defender for IoT detects. For example, you might assign a name to a non-reserved port because that port shows unusually high activity. Names appear when you view device groups from the device map, or when you create reports that provide port information.
+Customize port names for ports that Defender for IoT detects.
+
+Port names appear when you view device groups from the device map, or when you create reports that provide port information. Microsoft Defender for IoT automatically assigns names to most universally reserved ports, such as DHCP or HTTP.
+
+**To customize a port name:**
+
+1. Sign in to your network sensor as an **Admin** user and select **System Settings**.
+
+1. Under **Network monitoring**, select **Port Naming**.
+
+1. In the **Port naming** pane, select **Add port**.
 
-Customize a name as follows:
+1. Enter the port number, select the protocol (**TCP**, **UDP**, or **BOTH**), and type in a name. For example:
 
-1. Select **System Settings**. Under **Network monitoring**, select **Port Naming**.
-2. Select **Add port**.
-3. Enter the port number, select the protocol (TCP, UDP, both) and type in a name.
-4. Select **Save**.
+    :::image type="content" source="media/how-to-enrich-asset-information/edit-port.png" alt-text="Screenshot of the port naming pane.":::
+
+1. Select **Save**.
 
 ## Customize a VLAN name
 
-You can enrich device inventory data with device VLAN numbers and tags. 
+Enrich device inventory data with device VLAN numbers and names.
+
+VLANS are either discovered automatically by the sensor or added manually. When you add a manual VLAN, you must add a unique name. Once named, the name of the VLAN will appear in reports instead of the VLAN number.
+
+Before you start, note that:
+
+- Manual VLANs can be edited and deleted, but automatically discovered VLANs can’t.
 
-- VLANs support is based on 802.1q (up to VLAN ID 4094). VLANS can be discovered automatically by the sensor or added manually.
-- Automatically discovered VLANs can't be edited or deleted. You should add a name to each VLAN, if you don't add a name, the VLAN number will appear when VLAN information is reported.
-- When you add a manual VLN, you must add a unique name. These VLANs can be edited and deleted.
-- VLAN names can contain up to 50 ASCII characters.
+- VLAN names are not synchronized between the sensor and the management console. You need to define the name on the management console as well.
+
+- VLANs support is based on 802.1q (up to VLAN ID 4094).
 
-## Before you start
-> [!NOTE]
-> VLAN names are not synchronized between the sensor and the management console. You need to define the name on the management console as well.  
 For Cisco switches, add the following line to the span configuration: `monitor session 1 destination interface XX/XX encapsulation dot1q`. In that command, *XX/XX* is the name and number of the port.
 
-To configure VLAN names:
+**To configure VLAN names:**
+
+1. Sign in to your network sensor and select **System Settings**.
 
-1. On the side menu, select **System Settings**.
+1. Under **Network monitoring**, select **VLAN Naming**.
 
-2. In the **System Settings** window, select **VLAN**.
+1. In **VLAN naming** pane, select **Add VLAN**.
 
-    :::image type="content" source="media/how-to-enrich-asset-information/edit-vlan.png" alt-text="Use the system settings to edit your VLANs.":::
+1. Add a VLAN ID and unique VLAN name. For example:
 
-3. Add a unique name next to each VLAN ID.
+    :::image type="content" source="media/how-to-enrich-asset-information/edit-vlan.png" alt-text="Screenshot of the VLAN naming pane." lightbox="media/how-to-enrich-asset-information/edit-vlan.png":::
 
+1. Select **Save**.
 
 ## Next steps
 
 View enriched device information in various reports:
 
 - [Investigate sensor detections in a device inventory](how-to-investigate-sensor-detections-in-a-device-inventory.md)
+
 - [Sensor trends and statistics reports](how-to-create-trends-and-statistics-reports.md)
+
 - [Sensor data mining queries](how-to-create-data-mining-queries.md)