MicrosoftDocs
diff --git a/‎articles/defender-for-iot/organizations/device-inventory.md
Lines changed: 18 additions & 99 deletions b/‎articles/defender-for-iot/organizations/device-inventory.md
Lines changed: 18 additions & 99 deletions
diff --git a/‎articles/defender-for-iot/organizations/how-to-work-with-the-sensor-device-map.md
Lines changed: 11 additions & 7 deletions b/‎articles/defender-for-iot/organizations/how-to-work-with-the-sensor-device-map.md
Lines changed: 11 additions & 7 deletions
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-asset-inventory-information/default-region-to-default-business-unit-v2.png
127 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-asset-inventory-information/default-region-to-default-business-unit-v2.png
127 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-work-with-maps/expand-collapse-subnets.png
437 KB b/‎articles/defender-for-iot/organizations/media/how-to-work-with-maps/expand-collapse-subnets.png
437 KB
@@ -48,7 +48,6 @@ For more information, see:
 
 Defender for IoT's device inventory supports the following device classes:
 
-<!--danielle-->
 |Class  |Device type examples  |
 |---------|---------|
 |**Endpoint devices**     |  Workstations, servers, or mobile devices        |
@@ -57,23 +56,6 @@ Defender for IoT's device inventory supports the following device classes:
 |**Network devices**     |  Switches, routers, controllers, or access points        |
 |**OT devices**     | Industrial and operational devices, such as PLCs, historian devices, HMIs, scales, pneumatic devices, or packaging systems        |
 
-<!--from excel sheet
-|Name  |Examples  |
-|---------|---------|
-|**Network devices**     |        |
-|**Endpoint devices**     |  Workstations, servers, or mobile devices       |
-|**OT/IoT devices**     |  |
-|Audio and video devices     |   Smart TVs, speakers, digital signage, or headsets      |
-|Communication devices     |   VoIP phones, intercoms, analog telephone adapters      |
-|Industrial devices     |  PLCs, historian devices, HMIs, robot controllers, slots, programmable boards       |
-|Media and surveillance devices     |    DVRs, cameras, or video encoders / decoders     |
-|Medical devices|  |
-|Miscellaneous devices     | Smart watches, ebook readers, Arduino devices, oscilloscopes     |
-|Operational equipment    | Industrial printers, scales, pneumatic devices, packaging systems        |
-|Printing devices         |   Scanners, all-in-one printers, or printer servers       |
-|Smart appliance devices     |  Smart lights, smart switches, clocks, barcode scanners        |
-|Smart facility devices     |  Doors, fire alarms, elevators, turnstiles, HVAC systems       |
--->
 *Unclassified* devices are devices that don't have an out-of-the-box category defined.
 
 ## Unauthorized devices
@@ -104,7 +86,7 @@ The following table lists the columns available in the Defender for IoT device i
 
 |Name  |Description
 |---------|---------|
-|**Authorization** / **Is Authorized** *   |Editable. Determines whether or not the device is marked as *authorized*. This value may need to change as the device security changes.  |
+|**Authorization** *   |Editable. Determines whether or not the device is marked as *authorized*. This value may need to change as the device security changes.  |
 |**Business Function**     | Editable. Describes the device's business function. |
 | **Class** | Editable. The device's class. <br>Default: `IoT` |
 |**Data source** | The source of the data, such as a micro agent, OT sensor, or Microsoft Defender for Endpoint. <br>Default: `MicroAgent`|
@@ -113,106 +95,43 @@ The following table lists the columns available in the Defender for IoT device i
 |  **Firmware model** |  The device's firmware model.|
 | **Firmware vendor** | Editable. The vendor of the device's firmware. |
 | **Firmware version** * |Editable.  The device's firmware version. |
-|**First seen** / **Discovered** * | The date and time the device was first seen. Shown in `MM/DD/YYYY HH:MM:SS AM/PM` format.|
-|**Hardware Vendor**     | <!--missing from columns--> Editable.  The device's hardware vendor.      |
+|**First seen**  * | The date and time the device was first seen. Shown in `MM/DD/YYYY HH:MM:SS AM/PM` format. On the OT sensor, shown as **Discovered**.|
 |**Importance** | Editable. The device's important level: `Low`, `Medium`, or `High`.   |
 | **IPv4 Address** | The device's IPv4 address. |
 |**IPv6 Address** | The device's IPv6 address.|
 |**Last activity** * | The date and time the device last sent an event through to Azure or to the OT sensor, depending on where you're viewing the device inventory. Shown in `MM/DD/YYYY HH:MM:SS AM/PM` format. |
 |**Location** | Editable. The device's physical location.  |
 | **MAC Address** * | The device's MAC address.  |
-|**Model** / **Hardware model** *| Editable The device's hardware model. |
+|**Model**  *| Editable The device's hardware model. |
 |**Name** * | Mandatory, and editable. The device's name as the sensor discovered it, or as entered by the user. |
 |**OS architecture** | Editable. The device's operating system architecture.  |
 |**OS distribution** | Editable. The device's operating system distribution, such as Android, Linux, and Haiku.   |
-|**OS platform** / **Operating System** * | Editable. The device's operating system, if detected.   |
+|**OS platform** * | Editable. The device's operating system, if detected.  On the OT sensor, shown as **Operating System**. |
 |**OS version** | Editable. The device's operating system version, such as Windows 10 or Ubuntu 20.04.1. |
-|**PLC mode**  *| The device's PLC operating mode, including both the *Key* state (physical / logical) and the *Run* state (logical). If both states are the same, then only one state is listed.<br><br>- Possible *Key* states include: `Run`, `Program`, `Remote`, `Stop`, `Invalid`, and `Programming Disabled`. <br><br>- Possible *Run* states are `Run`, `Program`, `Stop`, `Paused`, `Exception`, `Halted`, `Trapped`, `Idle`, or `Offline`.   |
-|**Programming device** / **Is Programming device**  *   | Editable.  Defines whether the device is defined as a *Programming Device*, performing programming activities for PLCs, RTUs, and controllers, which are relevant to engineering stations. |
+|**PLC mode**  * | The device's PLC operating mode, including both the *Key* state (physical / logical) and the *Run* state (logical). If both states are the same, then only one state is listed.<br><br>- Possible *Key* states include: `Run`, `Program`, `Remote`, `Stop`, `Invalid`, and `Programming Disabled`. <br><br>- Possible *Run* states are `Run`, `Program`, `Stop`, `Paused`, `Exception`, `Halted`, `Trapped`, `Idle`, or `Offline`.   |
+|**Programming device**  *   | Editable.  Defines whether the device is defined as a *Programming Device*, performing programming activities for PLCs, RTUs, and controllers, which are relevant to engineering stations. |
 |**Protocols**  *| The protocols that the device uses.  |
 | **Purdue level** | Editable. The Purdue level in which the device exists.|
-|**Scanner device** / **Is Known as Scanner** * | Editable. Defines whether the device performs scanning-like activities in the network. |
-|**Sensor** / **Appliance** | The sensor the device is connected to. |
-|**Serial number**  / **Serial** *| The device's serial number.  |
+|**Scanner device**  * | Editable. Defines whether the device performs scanning-like activities in the network. |
+|**Sensor**| The sensor the device is connected to. |
+|**Serial number**  *| The device's serial number.  |
 | **Site** | The device's site. <br><br>All Enterprise IoT sensors are automatically added to the **Enterprise network** site.  |
-| **Slots** / **Slot** *| The number of slots the device has.  <!--unclear for slot on sensor/cm--> |
+| **Slots** | The number of slots the device has.  |
 | **Subtype** | Editable. The device's subtype, such as *Speaker* or *Smart TV*. <br>**Default**: `Managed Device` |
 | **Tags** | Editable. The device's tags.  |
 |**Type** * | Editable. The device type, such as *Communication* or *Industrial*. <br>**Default**: `Miscellaneous`  |
 |**Vendor** *| The name of the device's vendor, as defined in the MAC address.  |
-| **VLAN** / **VLAN Ids** * | The device's VLAN.  |
+| **VLAN**  * | The device's VLAN.  |
 |**Zone** | The device's zone.  |
 
-<!--
-
-The following additional columns are available on OT sensors only:
-
-|**DHCP Address** | The device's DHCP address. |
-|**FQDN** |  The device's FQDN value |
-|**FQDN Last Lookup Time** |  The device's FQDN lookup time |
-| **Groups** | The device groups that include the device, as [defined on the OT sensor's device map](how-to-work-with-the-sensor-device-map.md#create-a-custom-device-group-from-an-ot-sensor-device-map). |- | ✔ | ✔ |
-| **IP Address** | The device's IP address. |- | ✔ | ✔ |
-| Module address | - | ✔ |✔ |
-| **Rack** | The number of device racks.  | - | ✔ | ✔|
-| **Unacknowledged Alerts** | The number of unacknowledged alerts associated with the device. |- | ✔ | ✔ |
-
-
-
-|Name  |Description  |Azure portal  | OT sensor | On-premises management console|
-|---------|---------|---------|---------|---------|
-|**Authorization** / **Is Authorized**    |Editable. Determines whether or not the device is marked as *authorized*. This value may need to change as the device security changes.         |✔ | ✔ | ✔ |
-|**Business Function**     | Editable. Describes the device's business function.        |✔ | - | - |
-| **Business Unit** | The device's business unit, as [defined on the on-premises management console](how-to-activate-and-set-up-your-on-premises-management-console.md#create-enterprise-zones). |- | - | ✔ |
-| **Class** | Editable. The device's class. <br>Default: `IoT`|✔ | - | - |
-| **Data source** | The source of the data, such as a micro agent, OT sensor, or Microsoft Defender for Endpoint. <br>Default: `MicroAgent`|✔ | - | - |
-| **DHCP Address** | The device's DHCP address. | - | ✔ | - |
-| **Description** | Editable. The device's description. |✔ | ✔ | - |
-| **Device Id** | The device's Azure-assigned ID number | ✔ | -| -|
-| **Firmware** | The device's firmware description. | - | - | ✔ |
-| **Firmware model** |  The device's firmware model. |✔ | - | - |
-| **Firmware vendor** | Editable. The vendor of the device's firmware. |✔ | - | - |
-| **Firmware version** |Editable.  The device's firmware version. |✔ | ✔ |  ✔ |
-| **First seen** / **Discovered** | The date and time the device was first seen. Shown in `MM/DD/YYYY HH:MM:SS AM/PM` format. | ✔ | ✔ | ✔ |
-| **FQDN** | The device's FQDN value |- | ✔ | - |
-| **FQDN Last Lookup Time** | The device's FQDN lookup time |- | ✔ | - |
-| **Groups** | The device groups that include the device, as [defined on the OT sensor's device map](how-to-work-with-the-sensor-device-map.md#create-a-custom-device-group-from-an-ot-sensor-device-map). |- | ✔ | ✔ |
-|**Hardware Vendor**     |  Editable.  The device's hardware vendor.        |✔ | - | - |
-| **Importance** | Editable. The device's important level: `Low`, `Medium`, or `High`.  |✔ | - | - |
-| **IP Address** | The device's IP address. |- | ✔ | ✔ |
-| **IPv4 Address** | The device's IPv4 address. |✔ | - | - |
-| **IPv6 Address** | The device's IPv6 address. |✔ | - | - |
-| **Last activity** | The date and time the device last sent an event through to Azure or to the OT sensor, depending on where you're viewing the device inventory. Shown in `MM/DD/YYYY HH:MM:SS AM/PM` format. | ✔ | ✔ | ✔ |
-| **Location** | Editable. The device's physical location. |✔ | - | - |
-| **MAC Address** | The device's MAC address. |✔ | ✔ | ✔ |
-| **Model** / **Hardware model**| Editable The device's hardware model. |✔ | ✔ | ✔ |
-| Module address | - | ✔ |✔ |
-| **Name** | Mandatory, and editable. The device's name as the sensor discovered it, or as entered by the user. |✔ | ✔ | ✔ |
-| **OS architecture** | Editable. The device's operating system architecture. |✔ | - | - |
-| **OS distribution** | Editable. The device's operating system distribution, such as Android, Linux, and Haiku. |✔ | - | - |
-| **OS platform** / **Operating System** | Editable. The device's operating system, if detected. |✔ |  ✔ | ✔ |
-| **OS version** | Editable. The device's operating system version, such as Windows 10 or Ubuntu 20.04.1. |✔ | - | - |
-| **PLC mode** | The device's PLC operating mode, including both the *Key* state (physical / logical) and the *Run* state (logical). Possible *Key* states include: `Run`, `Program`, `Remote`, `Stop`, `Invalid`, and `Programming Disabled`. Possible *Run* states are `Run`, `Program`, `Stop`, `Paused`, `Exception`, `Halted`, `Trapped`, `Idle`, or `Offline`. If both states are the same, then only one state is listed. |✔ | ✔ | ✔ |
-|**Programming device** / **Is Programming device**     | Editable.  Defines whether the device is defined as a *Programming Device*, performing programming activities for PLCs, RTUs, and controllers, which are relevant to engineering stations. |✔ | ✔ | ✔ |
-| **Protocols** | The protocols that the device uses. |✔ | ✔ | ✔ |
-| **Purdue level** | Editable. The Purdue level in which the device exists. |✔ | - | - |
-| **Rack** | The number of device racks. | - | ✔ | ✔|
-|**Region**| The device's region, as [defined on the on-premises management console](how-to-activate-and-set-up-your-on-premises-management-console.md#set-up-a-site) |  - | - | ✔ |
-| **Scanner device** / **Is Known as Scanner** | Editable. Defines whether the device performs scanning-like activities in the network. |✔ | ✔ | ✔ |
-| **Sensor** / **Appliance** | The sensor the device is connected to.  |✔ | - | ✔ |
-| **Serial number**  / **Serial**| The device's serial number. | ✔ | ✔|✔ |
-| **Site** | The device's site. <br><br>All Enterprise IoT sensors are automatically added to the **Enterprise network** site.|✔ | - | ✔ |
-| **Slots** / **Slot** | The number of slots the device has. |✔ |✔|✔ |
-| **Subtype** | Editable. The device's subtype, such as *Speaker* or *Smart TV*. <br>**Default**: `Managed Device` |✔ | - | - |
-| **Tags** | Editable. The device's tags. |✔ | - | - |
-| **Type** | Editable. The device type, such as *Communication* or *Industrial*. <br>**Default**: `Miscellaneous` |✔ | ✔ | ✔ |
-| **Unacknowledged Alerts** | The number of unacknowledged alerts associated with the device. |- | ✔ | ✔ |
-| **Vendor** | The name of the device's vendor, as defined in the MAC address. |✔ | ✔ | ✔ |
-| **VLAN** / **VLAN Ids** | The device's VLAN. |✔ | ✔ | ✔ |
-| **Zone** | The device's zone. |✔ | - | ✔ |
-
--->
-
+The following columns are available on OT sensors only:
 
+- The device's **DHCP Address**
+- The device's **FQDN** address and **FQDN Last Lookup Time**
+- The device **Groups** that include the device, as [defined on the OT sensor's device map](how-to-work-with-the-sensor-device-map.md#create-a-custom-device-group-from-an-ot-sensor-device-map)
+- The device's **Module address**
+- The device's **Rack** and **Slot**
+- The number of **Unacknowledged Alerts** alerts associated with the device
 
 > [!NOTE]
 > The additional **Agent type** and **Agent version** columns are used for by device builders. For more information, see [Microsoft Defender for IoT for device builders documentation](/azure/defender-for-iot/device-builders/).
 
@@ -45,15 +45,15 @@ To view devices across multiple sensors in a zone, you'll also need an on-premis
     - The number of devices grouped in a subnet in an IT network, if relevant. This number of devices is shown in a black circle.
     - Whether the device is newly detected or unauthorized.
 
-1. Right-click a specific device and select **View properties** to drill down further to a [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory). <!--validate this step-->
+1. Right-click a specific device and select **View properties** to drill down further to the **Map View** tab on the device's [device details page](how-to-investigate-sensor-detections-in-a-device-inventory.md#view-the-device-inventory). 
 
 ### Modify the OT sensor map display
 
 Use any of the following map tools to modify the data shown and how it's displayed:
 
 |Name  |Description  |
 |---------|---------|
-|**Refresh map**     | Select to refresh the map with updated data. <!--how often does this refresh automatically?-->        |
+|**Refresh map**     | Select to refresh the map with updated data.        |
 | **Notifications** | Select to view [device notifications](#manage-device-notifications). |
 |**Search by IP / MAC**     | Filter the map to display only devices connected to a specific IP or MAC address.       |
 |**Multicast/broadcast**     | Select to edit the filter that shows or hides multicast and broadcast devices.    By default, multicast and broadcast traffic is hidden.      |
@@ -75,15 +75,19 @@ To see device details, select a device and expand the device details pane on the
 
 
 ### View IT subnets from an OT sensor device map
-<!--cant' validate this procedure-->
 
 By default, IT devices are automatically aggregated by [subnet](how-to-control-what-traffic-is-monitored.md#configure-subnets), so that the map focuses on OT and ICS networks.
 
 **To expand an IT subnet**:
 
 1. Sign into your OT sensor and select **Device map**.
-1. Right-click the icon on the map that represents a specific IT network and select **Expand Network**. 
-1. In the confirmation box that appears, select **OK**.
+1. Locate your subnet on the map. You might need to zoom in on the map to view a subnet icon, which looks like several machines inside a box. For example: 
+
+    :::image type="content" source="media/how-to-work-with-maps/expand-collapse-subnets.png" alt-text="Screenshot of a subnet device on the device map.":::
+
+1. Right-click the subnet device on the map and **Expand Network**. 
+
+1. In the confirmation message that appears above the map, select **OK**.
 
 **To collapse an IT subnet:**
 
@@ -108,7 +112,7 @@ In addition to OT sensor's [built-in device groups](#built-in-device-map-groups)
 Use one of the following options to import and export device data:
 
 - **Import Devices**. Select to import devices from a pre-configured .CSV file.
-- **Export Devices**. Select to export all currently displayed devices, with full details, to a .CSV file.<!--is this correct?-->
+- **Export Devices**. Select to export all currently displayed devices, with full details, to a .CSV file.
 - **Export Device Summary**. Select to export a high level summary of all currently displayed devices to a .CSV file. 
 
 
@@ -203,7 +207,7 @@ On the on-premises management console, zone maps show all network elements relat
 
 **To view a zone map**:
 
-1. Sign into an on-premises management console and select **Site Management** > **View Zone Map** for the zone you want to view. For example: <!--fix image-->
+1. Sign into an on-premises management console and select **Site Management** > **View Zone Map** for the zone you want to view. For example:
 
     :::image type="content" source="media/how-to-work-with-asset-inventory-information/default-region-to-default-business-unit-v2.png" alt-text="Default region to default business unit." lightbox="media/how-to-work-with-asset-inventory-information/default-region-to-default-business-unit-v2.png":::