Merge pull request #203453 from batamig/sensor-health

Cloud release post 22.2.3: Sensor health - sanity

Author: liljack17

articles/defender-for-iot/organizations/TOC.yml

@@ -215,8 +215,6 @@
         href: how-to-troubleshoot-the-sensor-and-on-premises-management-console.md
 - name: Reference
   items:
-  - name: Alert reference
-    href: alert-engine-messages.md
   - name: OT monitoring appliances
     items:
     - name: Overview
@@ -255,6 +253,10 @@
         href: appliance-catalog/hpe-edgeline-el300.md
       - name: Neousys Nuvo-500LP (SMB rugged)
         href: appliance-catalog/neousys-nuvo-5006lp.md
+  - name: Alert reference
+    href: alert-engine-messages.md
+  - name: Sensor health message reference
+    href: sensor-health-messages.md
   - name: Defender for IoT APIs
     href: references-work-with-defender-for-iot-apis.md
   - name: Defender for IoT CLI commands

articles/defender-for-iot/organizations/how-to-manage-sensors-on-the-cloud.md

@@ -1,7 +1,7 @@
 ---
 title: Manage sensors with Defender for IoT in the Azure portal
-description: Learn how to view, and manage sensors with Defender for IoT in the Azure portal.
-ms.date: 06/02/2022
+description: Learn how to onboard, view, and manage sensors with Defender for IoT in the Azure portal.
+ms.date: 08/08/2022
 ms.topic: how-to
 ---
 
@@ -11,10 +11,10 @@ This article describes how to view and manage sensors with [Defender for IoT in
 
 ## Purchase sensors or download software for sensors
 
-This procedure describes how to use the Azure portal to contact vendors for pre-configured appliances, or how to download software for you to install on your own appliances. 
+This procedure describes how to use the Azure portal to contact vendors for pre-configured appliances, or how to download software for you to install on your own appliances.
 
 1. In the Azure portal, go to **Defender for IoT** > **Getting started** > **Sensor**.
-
+ 
 1. Do one of the following:
 
     - To buy a pre-configured appliance, select **Contact** under **Buy preconfigured appliance**. This opens an email to [[email protected]](mailto:[email protected]) with a template request for Defender for IoT appliances. For more information, see [Pre-configured physical appliances for OT monitoring](ot-pre-configured-appliances.md).
@@ -29,15 +29,15 @@ This procedure describes how to use the Azure portal to contact vendors for pre-
 
         1. Install your software. For more information, see [Defender for IoT installation](how-to-install-software.md).
 
-
 ## Onboard sensors
 
 Onboard a sensor by registering it with Microsoft Defender for IoT. For OT sensors, you'll also need to download a sensor activation file.
 
 Select one of the following tabs, depending on the type of network you're working with.
+
 # [OT sensors](#tab/ot)
 
-**Prerequisites**: Make sure that you've set up your sensor and configured your SPAN port or TAP. 
+**Prerequisites**: Make sure that you've set up your sensor and configured your SPAN port or TAP.
 
 For more information, see [Activate and set up your sensor](how-to-activate-and-set-up-your-sensor.md) and [Defender for IoT installation](how-to-install-software.md), or our [Tutorial: Get started with Microsoft Defender for IoT for OT security](tutorial-onboarding.md).
 
@@ -104,22 +104,28 @@ Make the downloaded activation file accessible to the sensor console admin so th
 
 ## Sensor management options from the Azure portal
 
-Sensors that you've on-boarded to Defender for IoT are listed on the Defender for IoT **Sites and sensors** page. From the **Sites and sensors** page, do any of the following:
+Sensors that you've on-boarded to Defender for IoT are listed on the Defender for IoT **Sites and sensors** page. Select a specific sensor name to drill down to more details for that sensor.
 
-|Task  |Steps  |
-|---------|---------|
-| **Push threat intelligence updates** | Select your sensor in the grid > **Push Threat Intelligence update**. For more information, see [Threat intelligence research and packages](how-to-work-with-threat-intelligence-packages.md). |
-|**Prepare an OT sensor to update to software version 22.x or higher**     | Select your sensor in the grid > **Prepare to update to 22.X**. For more information, see: <br><br>-[Reactivate a sensor for upgrades to version 22.x from a legacy version](how-to-manage-sensors-on-the-cloud.md#reactivate-an-ot-sensor-for-upgrades-to-version-22x-from-a-legacy-version)<br>-  [Update Defender for IoT OT monitoring software](update-ot-software.md#download-and-apply-a-new-activation-file)   |
-|**Export sensor data**     |Select **Export** at the top of the page.  A CSV file is downloaded with details about all sensors listed.       |
-|**Download an activation file**     |   From the **...** options menu at the right of a sensor row. For more information, see [Reactivate a sensor](#reactivate-a-sensor).      |
-|**Edit a sensor zone**    | From the **...** options menu at the right of a sensor row, select **Edit**.  From the **Zone** menu, select a zone, or **Create new zone**. Select **Submit** to save your changes.     |
-|**Edit automatic threat intelligence updates**     | From the **...** options menu at the right of a sensor row, select **Edit**. Toggle the **Automatic Threat Intelligence Updates (Preview)** option on or off as needed. Select **Submit** to save your changes.       |
-|**Delete a sensor**     |  Delete sensors only if you're no longer working with them.  From the **...** options menu at the right of a sensor row, select **Delete sensor**.      |
+Use the options on the **Sites and sensor** page and a sensor details page to do any of the following tasks. If you're on the **Sites and sensors** page, select multiple sensors to apply your actions in bulk using toolbar options. For individual sensors, use the **Sites and sensors** toolbar options, the **...** options menu at the right of a sensor row, or the options on a sensor details page.
 
-
-## Reactivate a sensor
-
-You may need to reactivate your sensor because you want to:
+|Task |Description  |
+|---------|---------|
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-threat-intelligence.png" border="false"::: **Push threat intelligence updates**     | OT sensors only. <br><br>Available for bulk actions from the **Sites and sensors** toolbar, for individual sensors from the **...** options menu, or from a sensor details page.     <br><br>For more information, see [Threat intelligence research and packages](how-to-work-with-threat-intelligence-packages.md).   |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-prepare-to-update.png" border="false"::: **Prepare an OT sensor to update to software version 22.x or higher**     |   Individual, OT sensors only. <br><br>Available from the **Sites and sensors** toolbar, the **...** options menu, or a sensor details page. <br><br>For more information, see: <br>- [Reactivate a sensor for upgrades to version 22.x from a legacy version](how-to-manage-sensors-on-the-cloud.md#reactivate-an-ot-sensor-for-upgrades-to-version-22x-from-a-legacy-version)<br>-  [Update Defender for IoT OT monitoring software](update-ot-software.md#download-and-apply-a-new-activation-file)   |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-recover.png" border="false"::: **Recover a password**     | Individual, OT sensors only. <br><br>Available from the **...** options menu or a sensor details page. Enter the secret identifier obtained on the sensor's sign-in screen.      |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-export.png" border="false"::: **Export sensor data**     |  Available from the **Sites and sensors** toolbar only, to download a CSV file with details about all the sensors listed.       |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-export.png" border="false"::: **Download an activation file**     |   Individual, OT sensors only. <br><br>Available from the **...** options menu or a sensor details page.      |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false"::: **Edit a sensor zone**     |    For individual sensors only, from the **...** options menu or a sensor details page.  <br><br>Select **Edit**, and then elect a new zone from the **Zone** menu or select **Create new zone**. Select **Submit** to save your changes.    |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false":::  **Create an activation command**     | Individual, Enterprise IoT sensors only. <br><br>Available from the **...** options menu or a sensor details page.  Select **Edit** and   then select **Create activation command**. <br><br>For more information, see [Install an Enterprise IoT sensor](tutorial-getting-started-eiot-sensor.md#install-the-sensor).        |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-edit.png" border="false":::  **Edit automatic threat intelligence updates**     | Individual, OT sensors only. <br><br>Available from the **...** options menu or a sensor details page.  <br><br>Select **Edit** and then toggle the **Automatic Threat Intelligence Updates (Preview)** option on or off as needed. Select **Submit** to save your changes. |
+|:::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-delete.png" border="false"::: **Delete a sensor**    |   For individual sensors only, from the **...** options menu or a sensor details page.      |
+| **Download SNMP MIB file** | Available from the **Sites and sensors** toolbar **More actions** menu. <br><br>For more information, see [Set up SNMP MIB monitoring](how-to-set-up-snmp-mib-monitoring.md).|
+| **Recover an on-premises management console password** | Available from the **Sites and sensors** toolbar **More actions** menu. <br><br>For more information, see [Manage the on-premises management console](how-to-manage-the-on-premises-management-console.md). |
+| :::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/icon-diagnostics.png" border="false"::: **Send diagnostic files to support** | Individual, locally managed OT sensors only. <br><br>Available from the **...** options menu. <br><br>For more information, see [Upload a diagnostics log for support (Public preview)](#upload-a-diagnostics-log-for-support-public-preview).|
+
+## Reactivate an OT sensor
+
+You may need to reactivate an OT sensor because you want to:
 
 - **Work in cloud-connected mode instead of locally managed mode**: After reactivation, existing sensor detections are displayed in the sensor console, and newly detected alert information is delivered through Defender for IoT in the Azure portal. This information can be shared with other Azure services, such as Microsoft Sentinel.
 
@@ -143,6 +149,45 @@ Make sure that you've started with the relevant updates steps for this update. F
 > After upgrading to version 22.1.x, the new upgrade log can be found at the following path, accessed via SSH and the *cyberx_host* user: `/opt/sensor/logs/legacy-upgrade.log`.
 >
 
+## Understand sensor health (Public preview)
+
+This procedure describes how to view sensor health data from the Azure portal. Sensor health includes data such as whether traffic is stable, the sensor is overloaded, notifications about sensor software versions, and more.
+
+**To view overall sensor health**:
+
+1. From Defender for IoT in the Azure portal, select **Sites and sensors** and then check the overall health score in the widget above the grid. For example:
+
+    :::image type="content" source="media/how-to-manage-sensors-on-the-cloud/sensor-widgets.png" alt-text="Screenshot showing the sensor health widgets." lightbox="media/how-to-manage-sensors-on-the-cloud/sensor-widgets.png":::
+
+    - **Unhealthy** indicates one of the following scenarios:
+
+        - Sensor traffic to Azure isn't stable
+        - Sensor fails regular sanity tests
+        - No traffic detected by the sensor
+        - Sensor software version is no longer supported
+        - A [remote sensor upgrade from the Azure portal](update-ot-software.md#update-your-sensors) fails
+
+        For more information, see our [Sensor health message reference](sensor-health-messages.md).
+
+    - **Updatable** means that the sensor has an older version, and there are software updates available to install
+    - **Unsupported** means that the sensor has a software version install that is no longer supported.
+
+1. To check on specific sensor issues, filter the grid by sensor health, and select one or more issues to verify. For example:
+
+    :::image type="content" source="media/how-to-manage-sensors-on-the-cloud/sensor-health-filter.png" alt-text="Screenshot of the sensor health filter." lightbox="media/how-to-manage-sensors-on-the-cloud/sensor-health-filter.png":::
+
+1. Expand the filtered sites and sensors now displayed in the grid, and use the **Sensor health** column to learn more at a high level.
+
+1. To drill down further and understand recommended actions, select a sensor name to open the sensor details page.
+
+    For example:
+
+    :::image type="content" source="media/how-to-manage-sensors-on-the-cloud/sensor-details-health.png" alt-text="Screenshot of the sensor details page showing health information." lightbox="media/how-to-manage-sensors-on-the-cloud/sensor-details-health.png":::
+
+    On the sensor details **Overview** page, expand the **Health** section and any messages listed there to learn more. The **Recommendation** column on the right lists recommended actions for handling the health issue.
+
+For more information, see our [Sensor health message reference](sensor-health-messages.md).
+
 ## Upload a diagnostics log for support (Public preview)
 
 If you need to open a support ticket for a locally managed sensor, upload a diagnostics log to the Azure portal for the support team.
@@ -161,7 +206,6 @@ If you need to open a support ticket for a locally managed sensor, upload a diag
 
     :::image type="content" source="media/how-to-manage-sensors-on-the-cloud/upload-diagnostics-log.png" alt-text="Screenshot of the send diagnostic files to support option." lightbox="media/how-to-manage-sensors-on-the-cloud/upload-diagnostics-log.png":::
 
-
 ## Next steps
 
 [View and manage alerts on the Defender for IoT portal (Preview)](how-to-manage-cloud-alerts.md)