Merge pull request #287934 from MicrosoftDocs/main

Stacyrch140 · web-flow · commit 7348f4872d45 · 2024-10-06T19:28:29.000-04:00
Publish to live, Sunday 4:00PM PDT, 10/06
diff --git a/articles/defender-for-iot/organizations/concept-enterprise.md b/articles/defender-for-iot/organizations/concept-enterprise.md
@@ -13,27 +13,22 @@ The number of IoT devices continues to grow exponentially across enterprise netw
 
 While the number of IoT devices continues to grow, they often lack the security safeguards that are common on managed endpoints like laptops and mobile phones. To bad actors, these unmanaged devices can be used as a point of entry for lateral movement or evasion, and too often, the use of such tactics leads to the exfiltration of sensitive information.
 
-[Microsoft Defender for IoT](./index.yml) seamlessly integrates with [Microsoft Defender XDR](/microsoft-365/security/defender) and [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) to provide both IoT device discovery and security value for IoT devices, including purpose-built alerts, recommendations, and vulnerability data.
+[Microsoft Defender for IoT](./index.yml) seamlessly integrates with [Microsoft Defender XDR](/microsoft-365/security/defender) and [Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint/) to provide both IoT device discovery and security value for IoT devices, including purpose-built recommendations, and vulnerability data.
 
 ## Enterprise IoT security in Microsoft Defender XDR
 
-Enterprise IoT security in Microsoft Defender XDR provides IoT-specific security value, including alerts, risk and exposure levels, vulnerabilities, and recommendations in Microsoft Defender XDR.
+Enterprise IoT security in Microsoft Defender XDR provides IoT-specific security value, including risk and exposure levels, vulnerabilities, and recommendations in Microsoft Defender XDR.
 
 - If you're a Microsoft 365 E5 (ME5)/ E5 Security and Defender for Endpoint P2 customer, [toggle on support](eiot-defender-for-endpoint.md) for **Enterprise IoT Security** in the Microsoft Defender Portal.
 
 - If you don't have ME5/E5 Security licenses, but you're a Microsoft Defender for Endpoint customer, start with a [free trial](billing.md#free-trial) or purchase standalone, per-device licenses to gain the same IoT-specific security value.
 
 :::image type="content" source="media/enterprise-iot/architecture-endpoint-only.png" alt-text="Diagram of the service architecture when you have an Enterprise IoT plan added to Defender for Endpoint." border="false":::
 
-### Alerts
-
-Most Microsoft Defender for Endpoint network-based detections are also relevant for Enterprise IoT devices. For example, network-based detections include alerts for scans involving managed endpoints.
-
-For more information, see [Alerts queue in Microsoft 365 Defender](/microsoft-365/security/defender-endpoint/alerts-queue-endpoint-detection-response).
-
 ### Recommendations
 
 The following Defender for Endpoint security recommendations are supported for Enterprise IoT devices:
+
 - **Require authentication for Telnet management interface**
 - **Disable insecure administration protocol – Telnet**
 - **Remove insecure administration protocols SNMP V1 and SNMP V2**
diff --git a/articles/defender-for-iot/organizations/media/enterprise-iot/architecture-endpoint-only.png b/articles/defender-for-iot/organizations/media/enterprise-iot/architecture-endpoint-only.png
diff --git a/articles/update-manager/roles-permissions.md b/articles/update-manager/roles-permissions.md
@@ -4,7 +4,7 @@ description: This article explains th roles and permission required to manage Az
 ms.service: azure-update-manager
 author: SnehaSudhirG
 ms.author: sudhirsneha
-ms.date: 07/19/2024
+ms.date: 10/06/2024
 ms.topic: overview
 ---
  
@@ -18,9 +18,10 @@ The built-in roles provide blanket permissions on a virtual machine, which inclu
 
 | **Resource** | **Role** |
 |---|---|
-| **Azure VM** | Azure Virtual Machine Contributor or Azure [Owner](../role-based-access-control/built-in-roles.md)|
+| **Azure VM** | Azure Virtual Machine Contributor or Azure [Owner](../role-based-access-control/built-in-roles/general.md#azure-built-in-roles-for-general).
 | **Azure Arc-enabled server** | [Azure Connected Machine Resource Administrator](/azure/azure-arc/servers/security-overview)|
 
+
 ## Permissions
 
 You need the following permissions to manage update operations. The following table shows the permissions that are needed when you use Update Manager. You can create a custom role and assign only the desired permissions to that role so that only permissions for specific actions are provided as per need.
diff --git a/articles/update-manager/support-matrix.md b/articles/update-manager/support-matrix.md
@@ -316,6 +316,7 @@ Europe | North Europe </br> West Europe
 France | France Central
 Germany | Germany West Central
 India | Central India
+Italy | Italy North
 Japan | Japan East
 Korea | Korea Central
 Norway | Norway East
diff --git a/includes/azure-monitor-limits-workspaces.md b/includes/azure-monitor-limits-workspaces.md
@@ -0,0 +1,96 @@
+---
+title: "include file" 
+description: "include file" 
+services: azure-monitor
+author: rboucher
+ms.topic: "include"
+ms.date: 10/06/2024
+ms.author: robb
+ms.custom: "include file"
+---
+
+
+**Data collection volume and retention**
+
+| Pricing tier | Limit per day | Data retention | Comment |
+|:---|:---|:---|:---|
+| [Pay-as-you-go](../articles/azure-monitor/logs/cost-logs.md#pricing-model)<br>(introduced April 2018) | No limit | Up to 730 days interactive retention/<br> up to 12 years [data archive](../articles/azure-monitor/logs/data-retention-configure.md) | Data retention beyond 31 days is available for extra charges. Learn more about [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor). |
+| [Commitment tiers](../articles/azure-monitor/logs/cost-logs.md#commitment-tiers)<br>(introduced November 2019) | No limit | Up to 730 days interactive retention/<br> up to 12 years [data archive](../articles/azure-monitor/logs/data-retention-configure.md) | Data retention beyond 31 days is available for extra charges. Learn more about [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor). |
+| [Legacy Per Node (OMS)](../articles/azure-monitor/logs/cost-logs.md#per-node-pricing-tier)<br>(introduced April 2016) | No limit | 30 to 730 days | Data retention beyond 31 days is available for extra charges. Learn more about [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor). Access to use tier is limited to subscriptions that contained a Log Analytics workspace or Application Insights resource on April 2, 2018, or are linked to an Enterprise Agreement that started before February 1, 2019 and is still active.  |
+| [Legacy Standalone tier](../articles/azure-monitor/logs/cost-logs.md#standalone-pricing-tier)<br>(introduced April 2016) | No limit | 30 to 730 days | Data retention beyond 31 days is available for extra charges. Learn more about [Azure Monitor pricing](https://azure.microsoft.com/pricing/details/monitor). Access to use tier is limited to subscriptions that contained a Log Analytics workspace or Application Insights resource on April 2, 2018, or are linked to an Enterprise Agreement that started before February 1, 2019 and is still active.|
+| [Legacy Free tier](../articles/azure-monitor/logs/cost-logs.md#free-trial-pricing-tier)<br>(introduced April 2016) | 500 MB | 7 days | When your workspace reaches the 500-MB-per-day limit, data ingestion stops and resumes at the start of the next day. A day is based on UTC. Data collected by Microsoft Defender for Cloud isn't included in this 500-MB-per-day limit and continues to be collected above this limit. Creating new workspaces in, or moving existing workspaces into, the legacy Free Trial pricing tier is possible only until July 1, 2022.  |
+| [Legacy Standard tier](../articles/azure-monitor/logs/cost-logs.md#standard-and-premium-pricing-tiers) | No limit | 30 days  | Retention can't be adjusted. This tier hasn't been available to any new workspaces since October 1, 2016.|
+| [Legacy Premium tier](../articles/azure-monitor/logs/cost-logs.md#standard-and-premium-pricing-tiers) | No limit | 365 days  | Retention can't be adjusted. This tier hasn't been available to any new workspaces since October 1, 2016.|
+
+**Number of workspaces per subscription**
+
+| Pricing tier    | Workspace limit | Comments
+|:---|:---|:---|
+| Legacy Free tier  | 10 | This limit can't be increased. Creating new workspaces in, or moving existing workspaces into, the legacy Free Trial pricing tier is possible only until July 1, 2022. |
+| All other tiers | No limit | You're limited by the number of resources within a resource group and the number of resource groups per subscription. |
+
+<a name="azure-portal"></a>
+
+**Azure portal**
+
+| Category | Limit | Comments |
+|:---|:---|:---|
+| Maximum records returned by a log query | 30,000 | Reduce results by using query scope, time range, and filters in the query. |
+
+**Data Collector API**
+
+| Category | Limit | Comments |
+|:---|:---|:---|
+| Maximum size for a single post | 30 MB | Split larger volumes into multiple posts. |
+| Maximum size for field values  | 32 KB | Fields longer than 32 KB are truncated. |
+
+<a name="la-query-api"></a>
+
+**Query API**
+
+| Category | Limit | Comments |
+|:---|:---|:---|
+| Maximum records returned in a single query | 500,000 | |
+| Maximum size of data returned | ~104 MB (~100 MiB)|The API returns up to 64 MB of compressed data, which translates to up to 100 MB of raw data. |
+| Maximum query running time | 10 minutes | See [Timeouts](../articles/azure-monitor/logs/api/timeouts.md) for details.|
+| Maximum request rate | 200 requests per 30 seconds per Microsoft Entra user or client IP address | See [Log queries and language](../articles/azure-monitor/service-limits.md#log-queries-and-language).|
+
+**Azure Monitor Logs connector**
+
+| Category | Limit | Comments |
+|:---|:---|:---|
+| Maximum size of data | ~16.7 MB (~16 MiB) | The connector infrastructure dictates that limit is set lower than query API limit. |
+| Maximum number of records | 500,000 | |
+| Maximum connector timeout | 110 second | |
+| Maximum query timeout | 100 second | |
+| Charts | | The Logs page and the connector use different charting libraries for visualization. Some functionality isn't currently available in the connector. |
+
+**Summary rules**
+
+| Category | Limit |
+|:---|:---|
+| Maximum number of active rules in a workspace | 30 |
+| Maximum number of results per bin | 500,000 |
+| Maximum results set volume | 100 MB |
+| Query time-out for bin processing | 10 minutes |
+
+**General workspace limits**
+
+| Category | Limit | Comments |
+|:---|:---|:---|
+| Maximum columns in a table         | 500 | **AzureDiagnostics** -- columns above the limit are added to the dynamic 'AdditionalFields' column <br> **Custom log created by Data collector API** -- columns above the limit are added to the dynamic 'AdditionalFields' column <br> **Custom log** -- contact support for more |
+| Maximum number of custom log tables | 500 | Contact support for more |
+| Maximum characters for column name | 45 | |
+
+<b id="data-ingestion-volume-rate">Data ingestion volume rate</b>
+
+Azure Monitor is a high-scale data service that serves thousands of customers sending Terabytes of data daily at a growing pace. To isolate and prevent interruptions in multitenancy service from sudden ingestion bursts, a default ingestion volume rate limit is placed in workspaces and set to 500 MB per minute compressed, which is translated to approximately **6 GB per minute uncompressed**. This limit applies to data ingested from Azure resources via [Diagnostic settings](../articles/azure-monitor/essentials/diagnostic-settings.md). The limit doesn't apply to data ingested from [agents](../articles/azure-monitor/agents/agents-overview.md), or Data Collection Rules.
+
+When the ingested volume rate reaches 80% of the rate limit set in workspace, an event is sent to the `Operation` table in your workspace every 6 hours while the threshold is exceeded. When volume rate limit is reached, a retry mechanism attempts to ingest the data four times in a period of 12 hours and drop it if fails, an event is sent to the `Operation` table in your workspace every 6 hours while the threshold is exceeded. 
+
+If your ingestion volume rate continues to exceed threshold or you're expecting to reach it sometime soon, **you can request to increase this limit by opening a support request**.
+
+It's recommended to create an alert to get notified proactively when nearing or reaching ingestion limits. See [Monitor health of Log Analytics workspace in Azure Monitor](../articles/azure-monitor/logs/monitor-workspace.md).
+
+>[!NOTE]
+>Depending on how long you've been using Log Analytics, you might have access to legacy pricing tiers. Learn more about [Log Analytics legacy pricing tiers](../articles/azure-monitor/logs/cost-logs.md#legacy-pricing-tiers).
