On-premises management console deprecation

Author: limwainstein

articles/defender-for-iot/organizations/TOC.yml

@@ -57,6 +57,12 @@
   items:
   - name: OT deployment path
     href: ot-deploy/ot-deploy-path.md
+  - name: On-premises management console retirement
+    items:
+    - name: On-premises management console retirement
+      href: ot-deploy/on-premises-management-console-retirement.md
+    - name: Transition to the cloud
+      href: ot-deploy/transition-on-premises-management-console-to-cloud.md
   - name: Plan and prepare for an OT deployment
     items:
     - name: Plan your OT monitoring system

articles/defender-for-iot/organizations/ot-deploy/air-gapped-deploy.md

@@ -9,6 +9,10 @@ ms.date: 09/19/2023
 
 Microsoft Defender for IoT helps organizations achieve and maintain compliance of their OT environment by providing a comprehensive solution for threat detection and management, including coverage across parallel networks. Defender for IoT supports organizations across the industrial, energy, and utility fields, and compliance organizations like NERC CIP or IEC62443.
 
+> [!IMPORTANT]
+> The legacy on-premises management console won't be supported or available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see [On-premises management console retirement](on-premises-management-console-retirement).
+>
+
 Certain industries, such as governmental organizations, financial services, nuclear power operators, and industrial manufacturing, maintain air-gapped networks. Air-gapped networks are physically separated from other, unsecured networks like enterprise networks, guest networks, or the internet. Defender for IoT helps these organizations comply with global standards for threat detection and management, network segmentation, and more.
 
 While digital transformation has helped businesses to streamline their operations and improve their bottom lines, they often face friction with air-gapped networks. The isolation in air-gapped networks provides security but also complicates digital transformation. For example, architectural designs such as Zero Trust, which include the use of multi-factor authentication, are challenging to apply across air-gapped networks.
@@ -61,52 +65,8 @@ Use the following steps to deploy a Defender for IoT system in an air-gapped or
 
     - **Configure a backup server**, including configurations to save your backup to an external server. For more information, see [Back up and restore OT network sensors from the sensor console](../back-up-restore-sensor.md).
 
-## Transitioning from a legacy on-premises management console
-
-> [!IMPORTANT]
-> The [legacy on-premises management console](../legacy-central-management/legacy-air-gapped-deploy.md) won't be supported or available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date.
->
-
-Our [current architecture guidance](#architecture-recommendations) is designed to be more efficient, secure, and reliable than using the legacy on-premises management console. The updated guidance has fewer components, which makes it easier to maintain and troubleshoot. The smart sensor technology used in the new architecture allows for on-premises processing, reducing the need for cloud resources and improving performance. The updated guidance keeps your data within your own network, providing better security than cloud computing.
-
-If you're an existing customer using an on-premises management console to manage your OT sensors, we recommend transitioning to the updated architecture guidance. The following image shows a graphical representation of the transition steps to the new recommendations:
-
-:::image type="content" source="../media/on-premises-architecture/transition.png" alt-text="Diagram of the transition from a legacy on-premises management console to the newer recommendations." border="false" lightbox="../media/on-premises-architecture/transition.png":::
-
-- **In your legacy configuration**, all sensors are connected to the on-premises management console.
-- **During the transition period**, your sensors remain connected to the on-premises management console while you connect any sensors possible to the cloud.
-- **After fully transitioning**, you'll remove the connection to the on-premises management console, keeping cloud connections where possible. Any sensors that must remain air-gapped are accessible directly from the sensor UI.
-
-**Use the following steps to transition your architecture:**
-
-1. For each of your OT sensors, identify the legacy integrations in use and the permissions currently configured for on-premises security teams. For example, what backup systems are in place? Which user groups access the sensor data?
-
-1. Connect your sensors to on-premises, Azure, and other cloud resources, as needed for each site. For example, connect to an on-premises SIEM, proxy servers, backup storage, and other partner systems. You may have multiple sites and adopt a hybrid approach, where only specific sites are kept completely air-gapped or isolated using data-diodes.
-
-    For more information, see the information linked in the [air-gapped deployment procedure](#deployment-steps), as well as the following cloud resources:
-
-    - [Provision sensors for cloud management](provision-cloud-management.md)
-    - [OT threat monitoring in enterprise SOCs](../concept-sentinel-integration.md)
-    - [Securing IoT devices in the enterprise](../concept-enterprise.md)
-
-1. Set up permissions and update procedures for accessing your sensors to match the new deployment architecture.
-
-1. Review and validate that all security use cases and procedures have transitioned to the new architecture.
-
-1. After your transition is complete, decommission the on-premises management console.
-
-### Retirement timeline of the Central Manager
-
-The on-premises management console will be retired on **January 1, 2025** with the following updates/changes:
-
-- Sensor versions released after **January 1, 2025** won't be managed by an on-premises management console.
-- Air-gapped sensor support isn't affected by these changes to the on-premises management console support. We continue to support air-gapped deployments and assist with the transition to the cloud. The sensors retain a full user interface so that they can be used in "lights out" scenarios and continue to analyze and secure the network in the event of an outage.
-- Air-gapped sensors that can't <!-- or don't / aren't connected to-->connect to the cloud can be managed directly via the sensor console GUI, CLI, or API.
-- Sensor software versions released between **January 1st, 2024 – January 1st, 2025** still support the on-premises management console.
-
-For more information, see [OT monitoring software versions](../release-notes.md).
 
 ## Next steps
 
 > [!div class="step-by-step"]
-> [Maintain OT network sensors from the sensor console](../how-to-manage-individual-sensors.md)
+> [Transition from a legacy on-premises management console to the cloud](transition-on-premises-management-console-to-cloud.md)

articles/defender-for-iot/organizations/ot-deploy/on-premises-management-console-retirement.md

@@ -0,0 +1,30 @@
+---
+title: On-premises management console retirement - Microsoft Defender for IoT
+description: This article describes the retirement of the on-premises management console from **January 1, 2025**.
+ms.topic: conceptual
+ms.date: 12/17/2024
+---
+
+# On-premises management console retirement
+
+This article describes the retirement of the on-premises management console from **January 1, 2025**.
+
+### Retirement timeline of the Central Manager
+
+The on-premises management console will be retired on **January 1, 2025** with the following updates/changes:
+
+- Sensor versions released after **January 1, 2025** won't be managed by an on-premises management console. 
+- For versions released prior to **January 1, 2025**: 
+    - You can still use the on-premises management console. 
+    - In these versions, Defender for IoT no longer provides support service or maintains the on-premises management console. 
+
+    For a list of supported versions, see [OT monitoring software versions](release-noted.md).    
+
+- Following any version upgrade, you will no longer be able to use the on-premises management console. For example, if you're using the on-premises management portal on version 24.1.2, and you upgrade to version 24.1.6, you can no longer use the on-premises management console.
+- Air-gapped sensor support isn't affected by these changes to the on-premises management console support. We continue to support air-gapped deployments and assist with the transition to the cloud. The sensors retain a full user interface so that they can be used in "lights out" scenarios and continue to analyze and secure the network in the event of an outage.
+- Air-gapped sensors that can't connect to the cloud can be managed directly via the sensor console GUI, CLI, or API. For more information, see [Transition from on-premises management console to the cloud](transition-from-on-premises-management-console-to-cloud).
+
+## Next steps
+
+> [!div class="step-by-step"]
+> [Transition from a legacy on-premises management console to the cloud](transition-on-premises-management-console-to-cloud.md)

articles/defender-for-iot/organizations/ot-deploy/transition-on-premises-management-console-to-cloud.md

@@ -0,0 +1,51 @@
+---
+title: Transition from a legacy on-premises management console to the cloud
+description: This article describes how to transition from the on-premises management console to the cloud.
+ms.topic: how-to
+ms.date: 12/17/2024
+---
+
+# Transition from a legacy on-premises management console to the cloud
+
+This article describes how to transition from the on-premises management console to the cloud.
+
+> [!IMPORTANT]
+> The [legacy on-premises management console](../legacy-central-management/legacy-air-gapped-deploy.md) won't be supported or available for download after January 1st, 2025. For more information, see [On-premises management console retirement](on-premises-management-console-retirement).
+>
+
+Our [current architecture guidance](#architecture-recommendations) is designed to be more efficient, secure, and reliable than using the legacy on-premises management console. The updated guidance has fewer components, which makes it easier to maintain and troubleshoot. The smart sensor technology used in the new architecture allows for on-premises processing, reducing the need for cloud resources and improving performance. The updated guidance keeps your data within your own network, providing better security than cloud computing.
+
+## Architecture guidance
+
+If you're an existing customer using an on-premises management console to manage your OT sensors, we recommend transitioning to the updated architecture guidance. The following image shows a graphical representation of the transition steps to the new recommendations:
+
+:::image type="content" source="../media/on-premises-architecture/transition.png" alt-text="Diagram of the transition from a legacy on-premises management console to the newer recommendations." border="false" lightbox="../media/on-premises-architecture/transition.png":::
+
+## How to manage the transition period
+
+- **In your legacy configuration**, all sensors are connected to the on-premises management console.
+- **During the transition period**, your sensors remain connected to the on-premises management console while you connect any sensors possible to the cloud.
+- **After fully transitioning**, you'll remove the connection to the on-premises management console, keeping cloud connections where possible. Any sensors that must remain air-gapped are accessible directly from the sensor UI.
+
+## Transition your architecture
+
+1. For each of your OT sensors, identify the legacy integrations in use and the permissions currently configured for on-premises security teams. For example, what backup systems are in place? Which user groups access the sensor data?
+
+1. Connect your sensors to on-premises, Azure, and other cloud resources, as needed for each site. For example, connect to an on-premises SIEM, proxy servers, backup storage, and other partner systems. You may have multiple sites and adopt a hybrid approach, where only specific sites are kept completely air-gapped or isolated using data-diodes.
+
+    For more information, see the information linked in the [air-gapped deployment procedure](#deployment-steps), as well as the following cloud resources:
+
+    - [Provision sensors for cloud management](provision-cloud-management.md)
+    - [OT threat monitoring in enterprise SOCs](../concept-sentinel-integration.md)
+    - [Securing IoT devices in the enterprise](../concept-enterprise.md)
+
+1. Set up permissions and update procedures for accessing your sensors to match the new deployment architecture.
+
+1. Review and validate that all security use cases and procedures have transitioned to the new architecture.
+
+1. After your transition is complete, decommission the on-premises management console.
+
+## Next steps
+
+> [!div class="step-by-step"]
+> [Maintain OT network sensors from the sensor console](../how-to-manage-individual-sensors.md)

articles/defender-for-iot/organizations/release-notes.md

@@ -31,52 +31,59 @@ When updating your on-premises software, we recommend:
 
 For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md).
 
-### On-premises monitoring software versions
+### OT monitoring software versions (sensor versions)
 
 Cloud features may be dependent on a specific sensor version. Such features are listed below for the relevant software versions, and are only available for data coming from sensors that have the required version installed, or higher.
 
-| Version / Patch |  Release date | Scope     | Supported until |
-| ------- |  ------------ | ----------- | ------------------- |
-| **24.1** | | | |
-| 24.1.7  |12/2024 | Minor |12/2025 |
-| 24.1.6  |11/2024 | Minor |12/2025 |
-| 24.1.5  |09/2024 | Minor |09/2025 |
-| 24.1.4  |07/2024 | Minor |07/2025 |
-| 24.1.3  |06/2024 | Minor |06/2025 |
-| 24.1.2  |04/2024 | Minor |04/2025 |
-| **23.2** | | | |
-| 23.2.0 | 12/2023 | Major | 12/2024 |
-| **23.1** | | | |
-| 23.1.3 | 09/2023 | Patch | 08/2024 |
-| 23.1.2 | 07/2023 | Major | 06/2024 |
-| **22.3** | | | |
-|22.3.10 | 07/2023 | Patch | 06/2024 |
-| 22.3.9 | 05/2023 | Patch | 04/2024 |
-| 22.3.8 | 04/2023 | Patch | 03/2024 |
-| 22.3.7 | 03/2023 | Patch | 02/2024 |
-| 22.3.6 | 03/2023 | Patch | 02/2024 |
-| 22.3.5 | 01/2023 | Patch | 12/2023 |
-| 22.3.4 | 01/2023 | Major | 12/2023 |
-| **22.2** | | | |
-| 22.2.9 | 01/2023 | Patch | 12/2023 |
-| 22.2.8 | 11/2022 | Patch | 10/2023 |
-| 22.2.7| 10/2022  | Patch | 09/2023 |
-| 22.2.6|09/2022 |Patch | 04/2023|
-|22.2.5 |08/2022 | Patch| 04/2023 |
-|22.2.4 |07/2022 |Patch |04/2023 |
-| 22.2.3| 07/2022| Major| 04/2023|
-| **22.1** | | | |
-| 22.1.7| 07/2022 |Patch | 06/2023 |
-| 22.1.6| 06/2022 |Patch |10/2022  |
-| 22.1.5| 06/2022 |Patch | 10/2022 |
-| 22.1.4|04/2022 | Patch|10/2022  |
-| 22.1.3|03/2022 |Patch | 10/2022|
-| 22.1.2| 02/2022 | Major|10/2022  |
-| **10.5** | | | |
-|10.5.5 |12/2021 |Patch |  09/2022|
-|10.5.4 |12/2021 |Patch |  09/2022|
-| 10.5.3| 10/2021 |Patch | 07/2022|
-| 10.5.2| 10/2021 | Major| 07/2022|
+> [!NOTE]
+> The on-premises management console is being retired on **January 1, 2025**. The table below specifies whether each version includes the on-premises management console. 
+> - For versions where the management console is specified as included, you can use the on-premises management console, but no support service or maintenance is available. 
+> - For versions where the management console is specified as not included, you can't use or access the management console.
+> 
+> For more information, see [On-premises management console retirement](on-premises-management-console-retirement).
+
+| Version / Patch |  Release date | Scope     | Supported until |Management console |
+| ------- |  ------------ | ----------- | ------------------- | ------------------- |
+| **24.1** | | | | |
+| 24.1.7  |12/2024 | Minor |12/2025 |Included |
+| 24.1.6  |11/2024 | Minor |12/2025 |Included |
+| 24.1.5  |09/2024 | Minor |09/2025 |Included |
+| 24.1.4  |07/2024 | Minor |07/2025 |Included |
+| 24.1.3  |06/2024 | Minor |06/2025 |Included |
+| 24.1.2  |04/2024 | Minor |04/2025 |Included |
+| **23.2** | | | | |
+| 23.2.0 | 12/2023 | Major | 12/2024 |Included |
+| **23.1** | | | | |
+| 23.1.3 | 09/2023 | Patch | 08/2024 |Not included |
+| 23.1.2 | 07/2023 | Major | 06/2024 |Not included |
+| **22.3** | | | | |
+|22.3.10 | 07/2023 | Patch | 06/2024 |Not included |
+| 22.3.9 | 05/2023 | Patch | 04/2024 |Not included |
+| 22.3.8 | 04/2023 | Patch | 03/2024 |Not included |
+| 22.3.7 | 03/2023 | Patch | 02/2024 |Not included |
+| 22.3.6 | 03/2023 | Patch | 02/2024 |Not included |
+| 22.3.5 | 01/2023 | Patch | 12/2023 |Not included |
+| 22.3.4 | 01/2023 | Major | 12/2023 |Not included |
+| **22.2** | | | | |
+| 22.2.9 | 01/2023 | Patch | 12/2023 |Not included |
+| 22.2.8 | 11/2022 | Patch | 10/2023 |Not included |
+| 22.2.7| 10/2022  | Patch | 09/2023 |Not included |
+| 22.2.6|09/2022 |Patch | 04/2023|Not included |
+|22.2.5 |08/2022 | Patch| 04/2023 |Not included |
+|22.2.4 |07/2022 |Patch |04/2023 |Not included |
+| 22.2.3| 07/2022| Major| 04/2023|Not included |
+| **22.1** | | | | |
+| 22.1.7| 07/2022 |Patch | 06/2023 |Not included |
+| 22.1.6| 06/2022 |Patch |10/2022  |Not included |
+| 22.1.5| 06/2022 |Patch | 10/2022 |Not included |
+| 22.1.4|04/2022 | Patch|10/2022  |Not included |
+| 22.1.3|03/2022 |Patch | 10/2022|Not included |
+| 22.1.2| 02/2022 | Major|10/2022  |Not included |
+| **10.5** | | | | |
+|10.5.5 |12/2021 |Patch |  09/2022|Not included |
+|10.5.4 |12/2021 |Patch |  09/2022|Not included |
+| 10.5.3| 10/2021 |Patch | 07/2022|Not included |
+| 10.5.2| 10/2021 | Major| 07/2022|Not included |
 
 ### Threat intelligence updates
 

articles/defender-for-iot/organizations/whats-new.md

@@ -18,6 +18,10 @@ Features released earlier than nine months ago are described in the [What's new
 
 [!INCLUDE [defender-iot-defender-reference](../includes/defender-for-iot-defender-reference.md)]
 
+## On-premises management console retirement
+
+The legacy on-premises management console won't be available for download after **January 1st, 2025**. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see [On-premises management console retirement](on-premises-management-console-retirement).
+
 ## October 2024
 
 |Service area  |Updates  |