merge blockers and removing commented text

Author: batamig

articles/defender-for-iot/organizations/alerts.md

@@ -111,7 +111,7 @@ Use the following table to learn more about each alert status and triage option.
 |**Active**     |    - Azure portal only     |   Set an alert to *Active* to indicate that an investigation is underway, but that the alert can't yet be closed or otherwise triaged. <br><br>This status has no effect elsewhere in Defender for IoT.      |
 |**Closed**     | - Azure portal <br><br>- OT network sensors <br><br>- On-premises management console        | Close an alert to indicate that it's fully investigated, and you want to be alerted again the next time the same traffic is detected.<br><br>Closing an alert adds it to the sensor event timeline.<br><br>On the on-premises management console, *New* alerts are called *Acknowledged*.   |
 |**Learn**     | - Azure portal <br><br>- OT network sensors <br><br>- On-premises management console <br><br>*Unlearning* an alert is available only on the OT sensor.       |   Learn an alert when you want to close it and add it as allowed traffic, so that you aren't alerted again the next time the same traffic is detected. <br><br>For example, when the sensor detects firmware version changes following standard maintenance procedures, or when a new, expected device is added to the network. <br><br>Learning an alert closes the alert and adds an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when calculating other OT sensor reports. <br><br>Learning alerts is available for selected alerts only, mostly those triggered by *Policy* and *Anomaly* engine alerts. |
-|**Mute**     |  - OT network sensors <br><br>- On-premises management console      <br><br>*Unmuting* an alert is available only on the OT sensor.  |  Mute an alert when you want to close it and not see again for the same traffic, but without adding the alert allowed traffic. <br><br>For example, when the Operational engine triggers an alert indicating that the PLC Mode was changed on a device. The new mode may indicate that the PLC isn't secure, but after investigation, it's determined that the new mode is acceptable. <br><br>Muting an alert closes it, but doesn't add an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when when calculating data for other sensor reports. <br><br>Muting an alert is available for selected alerts only, mostly those triggered by the *Anomaly*, *Protocol Violation*, or *Operational* engines.  |
+|**Mute**     |  - OT network sensors <br><br>- On-premises management console      <br><br>*Unmuting* an alert is available only on the OT sensor.  |  Mute an alert when you want to close it and not see again for the same traffic, but without adding the alert allowed traffic. <br><br>For example, when the Operational engine triggers an alert indicating that the PLC Mode was changed on a device. The new mode may indicate that the PLC isn't secure, but after investigation, it's determined that the new mode is acceptable. <br><br>Muting an alert closes it, but doesn't add an item to the sensor event timeline. Detected traffic is included in data mining reports, but not when calculating data for other sensor reports. <br><br>Muting an alert is available for selected alerts only, mostly those triggered by the *Anomaly*, *Protocol Violation*, or *Operational* engines.  |
 
 > [!TIP]
 > If you know ahead of time which events are irrelevant for you, such as during a maintenance window, or if you don't want to track the event in the event timeline, create an alert exclusion rule on an on-premises management console instead.

articles/defender-for-iot/organizations/architecture-connections.md

@@ -7,7 +7,6 @@ ms.date: 02/23/2023
 
 # Methods for connecting sensors to Azure
 
-<!--fix according to recipes doc-->
 This article is one in a series of articles describing the [deployment path](ot-deploy/ot-deploy-path.md) for OT monitoring with Microsoft Defender for IoT.
 
 Use the content below to learn about the architectures and methods supported for connecting Defender for IoT sensors to the Azure portal in the cloud.

articles/defender-for-iot/organizations/architecture.md

@@ -75,7 +75,7 @@ Defender for IoT network sensors include the following main analytics engines:
 | **Policy Violation** | A policy violation occurs with a deviation from baseline behavior defined in learned or configured settings. | An *"Unauthorized HTTP User Agent"* alert indicates that an application that wasn't learned or approved by policy is used as an HTTP client on a device. This might be a new web browser or application on that device.|
 |**Industrial malware detection engine**     |  Identifies behaviors that indicate the presence of malicious network activity via known malware, such as Conficker, Black Energy, Havex, WannaCry, NotPetya, and Triton. | A *"Suspicion of Malicious Activity (Stuxnet)"* alert indicates that the sensor detected suspicious network activity known to be related to the Stuxnet malware. This malware is an advanced persistent threat aimed at industrial control and SCADA networks.     |
 |**Anomaly detection engine**     | Detects unusual machine-to-machine (M2M) communications and behaviors. <br><br>This engine models ICS networks and therefore requires a shorter learning period than analytics developed for IT. Anomalies are detected faster, with minimal false positives. | A *"Periodic Behavior in Communication Channel"* alert reflects periodic and cyclic behavior of data transmission, which is common in industrial networks.   <br>Other examples include excessive SMB sign-in attempts, and PLC scan detected alerts.    |
-|**Operational incident detection**     |   Detects operational issues such as intermittent connectivity that can indicate early signs of equipment failure.  | A *"Device is Suspected to be Disconnected (Unresponsive)"* alert is triggered when a device isn't responding to any kind of request for a predefined period. This alert might indicate a device shutdown, disconnection, or malfunction.  <br>Another example might be the that Siemens S7 stop PLC command was sent alerts.   |
+|**Operational incident detection**     |   Detects operational issues such as intermittent connectivity that can indicate early signs of equipment failure.  | A *"Device is Suspected to be Disconnected (Unresponsive)"* alert is triggered when a device isn't responding to any kind of request for a predefined period. This alert might indicate a device shutdown, disconnection, or malfunction.  <br>Another example might be if the Siemens S7 stop PLC command was sent alerts.   |
 
 ## Management options
 

articles/defender-for-iot/organizations/connect-sensors.md

@@ -13,12 +13,10 @@ This article is one in a series of articles describing the [deployment path](ot-
 
 You can skip this step in the following cases:
 
-- If you're working in air-gapped environment and locally-managed sensors
+- If you're working in air-gapped environment and locally managed sensors
 
 - If you're using a [direct connection](architecture-connections.md#direct-connections) between your OT sensor and Azure. In this case, you've already performed all required steps when you [provisioned your sensor for cloud management](ot-deploy/provision-cloud-management.md)
 
-<!--we need to redo this according to the recipes doc-->
-
 ## Prerequisites
 
 To perform the steps described in this article, you'll need:

articles/defender-for-iot/organizations/device-inventory.md

@@ -27,7 +27,7 @@ Defender for IoT's device inventory supports the following device classes:
 |Devices  |For example ... |
 |---------|---------|
 |**Manufacturing**| Industrial and operational devices, such as pneumatic devices,  packaging systems, industrial packaging systems, industrial robots        |
-|**Building**     | Access panels,  surveillance devices, HVAC systems, elevators , smart lighting systems    |
+|**Building**     | Access panels,  surveillance devices, HVAC systems, elevators, smart lighting systems    |
 |**Health care**     |  Glucose meters, monitors       |
 |**Transportation / Utilities**     |  Turnstiles, people counters, motion sensors, fire and safety systems, intercoms       |
 |**Energy and resources**     |  DCS controllers, PLCs, historian devices, HMIs      |

articles/defender-for-iot/organizations/how-to-control-what-traffic-is-monitored.md

@@ -27,8 +27,6 @@ This step is performed by your deployment teams.
 
 ## Define OT and IoT subnets
 
-<!--yonina is updating this section separately-->
-
 Subnet configurations affect how devices are displayed in the sensor's [device maps](how-to-work-with-the-sensor-device-map.md). In the device maps, IT devices are automatically aggregated by subnet, where you can expand and collapse each subnet view to drill down as needed.
 
 While the OT network sensor automatically learns the subnets in your network, we recommend confirming the learned settings and updating them as needed to optimize your map views.

articles/defender-for-iot/organizations/how-to-manage-sensors-from-the-on-premises-management-console.md

@@ -48,7 +48,7 @@ The selected settings are applied across all connected OT sensors.
 
 ## Monitor disconnected OT sensors
 
-If you're working with locally-managed OT network sensors and on-premises management console, we recommend that you forward alerts about OT sensors that are disconnected from the on-premises management console to partner services.
+If you're working with locally managed OT network sensors and on-premises management console, we recommend that you forward alerts about OT sensors that are disconnected from the on-premises management console to partner services.
 
 ### View OT sensor connection statuses
 

articles/defender-for-iot/organizations/how-to-work-with-alerts-on-premises-management-console.md

@@ -15,7 +15,7 @@ This article describes how to view Defender for IoT alerts on an on-premises man
 
 Before performing the procedures in this article, make sure that you have:
 
-- An on-premises management console [installed](ot-deploy/install-software-on-premises-management-console.md), [activated, and configured](ot-deploy/activate-deploy-management.md). To view alerts by location or zone, make sure that you've [configured sites and zones](ot-deploy/sites-and-zones-on-premises.md) on on the on-premises management console.
+- An on-premises management console [installed](ot-deploy/install-software-on-premises-management-console.md), [activated, and configured](ot-deploy/activate-deploy-management.md). To view alerts by location or zone, make sure that you've [configured sites and zones](ot-deploy/sites-and-zones-on-premises.md) on the on-premises management console.
 
 - One or more OT sensors [installed](ot-deploy/install-software-ot-sensor.md), [activated, configured](ot-deploy/activate-deploy-sensor.md), and [connected to your on-premises management console](ot-deploy/connect-sensors-to-management.md). To view alerts per zone, make sure that each sensor is assigned to a specific zone.
 
@@ -71,7 +71,7 @@ To view alerts from connected OT sensors across your entire global network, use
 
 1. Select any site that's red or yellow, and then select the :::image type="icon" source="media/how-to-work-with-alerts-on-premises-management-console/alerts-icon.png" border="false"::: alerts button for a specific OT sensor to jump to that sensor's current alerts. For example:
 
-    :::image type="content" source="media/how-to-work-with-alerts-on-premises-management-console/select-alerts-button.png" alt-text="Select the Alerts button to view a list of a yellow OT sensor's alerts.":::
+    :::image type="content" source="media/how-to-work-with-alerts-on-premises-management-console/select-alerts-button.png" alt-text="Screenshot showing the Alerts button.":::
 
     The **Alerts** page opens, automatically filtered to the selected alerts.
 

articles/defender-for-iot/organizations/ot-deploy/install-software-on-premises-management-console.md

@@ -62,7 +62,7 @@ The installation process takes about 20 minutes. After the installation, the sys
 
    :::image type="content" source="../media/tutorial-install-components/on-prem-language-select.png" alt-text="Screenshot of selecting your preferred language for the installation process.":::
 
-1. From the options displayed, select the management release you want to install based on the hardware profile you're using.  <!--need to validate this-->
+1. From the options displayed, select the management release you want to install based on the hardware profile you're using. 
 
 1. Define the following network properties as prompted:
 

articles/defender-for-iot/organizations/roles-on-premises.md

@@ -40,7 +40,7 @@ The following roles are available on OT network sensors and on-premises manageme
 |---------|---------|
 |**Admin**     |  Admin users have access to all tools, including system configurations, creating and managing users, and more.   |
 |**Security Analyst**     |  Security Analysts don't have admin-level permissions for configurations, but can perform actions on devices, acknowledge alerts, and use investigation tools. <br><br>Security Analysts can access options on the sensor displayed in the **Discover** and **Analyze** menus on the sensor, and in the **NAVIGATION** and **ANALYSIS** menus on the on-premises management console.    |
-|**Read Only**     | Read-only users perform tasks such as viewing alerts and devices on the device map. <br><br>Read Only users can access options displayed in the **Discover** and **Analyze** menus on the sensor, in read-only mode, and in the **NAVIGATION** menu on the on-premises management console.        |
+|**Read-Only**     | Read-only users perform tasks such as viewing alerts and devices on the device map. <br><br>Read-Only users can access options displayed in the **Discover** and **Analyze** menus on the sensor, in read-only mode, and in the **NAVIGATION** menu on the on-premises management console.        |
 
 When first deploying an OT monitoring system, sign in to your sensors and on-premises management console with one of the [default, privileged users](#default-privileged-on-premises-users) described above. Create your first **Admin** user, and then use that user to create other users and assign them to roles.