Merge pull request #262087 from batamig/dec-fixes

D4IoT Dec fixes

Author: v-ccolin

articles/defender-for-iot/organizations/getting-started.md

@@ -12,6 +12,8 @@ This article describes how to set up a trial license and create an initial OT pl
 
 A trial supports a **Large** site size with up to 1000 devices, and lasts for 60 days. You might want to use this trial with a [virtual sensor](tutorial-onboarding.md) or on-premises sensors to monitor traffic, analyze data, generate alerts, understand network risks and vulnerabilities, and more.
 
+For more information, see [Free trial](billing.md#free-trial).
+
 ## Prerequisites
 
 Before you start, all you need is an email address that will be used as the contact for your new Microsoft Tenant.
@@ -22,7 +24,11 @@ You'll also need to enter credit card details for your new Azure subscription, a
 
 This procedure describes how to add a trial license for Defender for IoT to your Azure subscription. One trial license is available per tenant.
 
-**To add a trial license**:
+To add a trial license with a new tenant, we recommend that you use the Trial wizard. If you already have a tenant, use the Microsoft 365 Marketplace to add a trial license to your tenant.
+
+# [Add a trial with the Trial wizard](#tab/wizard)
+
+**To add a trial license with a new tenant**:
 
 1. In a browser, open the [Microsoft Defender for IoT - OT Site License (1000 max devices per site) Trial wizard](https://signup.microsoft.com/get-started/signup?OfferId=11c457e2-ac0a-430d-8500-88c99927ff9f&ali=1&products=11c457e2-ac0a-430d-8500-88c99927ff9f).
 
@@ -38,8 +44,24 @@ This procedure describes how to add a trial license for Defender for IoT to your
 
 1. In the **Confirmation details** page, note your order number and username, and then select **Start using Microsoft Defender for IoT - OT Site License (1000 max devices per site) Trial** button to continue. We recommend that you copy your full username to the clipboard as you'll need it to access the Azure portal.
 
+
+# [Add a trial from the Microsoft 365 Marketplace](#tab/marketplace)
+
+**To add a trial license with an existing tenant**:
+
+1. Go to the [Microsoft 365 admin center](https://portal.office.com/AdminPortal/Home#/catalog) **Billing > Purchase services**. If you don't have this option, select **Marketplace** instead.
+
+1. Search for **Microsoft Defender for IoT** and locate the **Microsoft Defender for IoT - OT site license - Trial Trial** item.
+
+1. Select **Details** > **Start free trial** > **Try now** to start the trial.
+
+For more information, see the [Microsoft 365 admin center help](/microsoft-365/admin/).
+
+---
+
 Use the Microsoft 365 admin center manage your users, billing details, and more. For more information, see the [Microsoft 365 admin center help](/microsoft-365/admin/).
 
+
 ## Add an OT plan
 
 This procedure describes how to add an OT plan for Defender for IoT in the Azure portal, based on your [new trial license](#add-a-trial-license).

articles/defender-for-iot/organizations/media/recommendations/recommendations.png

@@ -1,7 +1,7 @@
 ---
 title: Enhance security posture with security recommendations - Microsoft Defender for IoT
 description: Learn about how to find security recommendations for devices detected by Microsoft Defender for IoT.
-ms.date: 12/12/2022
+ms.date: 12/31/2023
 ms.topic: how-to
 ms.custom: enterprise-iot
 ---
@@ -21,6 +21,9 @@ View all current recommendations for your organization on the Defender for IoT *
 
 The **Active recommendations** widget indicates the number of recommendations that represent actionable steps you can currently take on unhealthy devices. We recommend reviewing unhealthy devices regularly, taking recommended actions, and keeping the number of active recommendations as low as possible.
 
+> [!NOTE]
+> Only recommendations that are relevant to your environment are shown in the grid, with at least one healthy or unhealthy device found. You won't see recommendations that aren't related to any devices in your network.
+
 Recommendations are shown in a grid with details in the following columns:
 
 |Column name  |Description  |
@@ -40,7 +43,7 @@ To export a CSV file of all recommendations for your network, select :::image ty
 
 ## View recommendation details
 
-Select a specific recommendation in the grid to drill down for more details. The recommendation name is shown as the page's title, with details with the recommendation's severity, number of unhealthy devices detected, and last update date and time in widgets on the left.
+Select a specific recommendation in the grid to drill down for more details. The recommendation name is shown as the page's title. Details with the recommendation's severity, number of unhealthy devices detected, and last update date and time in widgets on the left.
 
 The left pane also shows the following information:
 
@@ -74,14 +77,15 @@ The following recommendations are displayed for OT devices in the Azure portal:
 | **OT network sensors** | |
 |**Review PLC operating mode**     | Devices with this recommendation are found with PLCs set to unsecure operating mode states. <br><br>We recommend setting PLC operating modes to the **Secure Run** state if access is no longer required to the PLC to reduce the threat of malicious PLC programming.        |
 |**Review unauthorized devices**     | Devices with this recommendation must be identified and authorized as part of the network baseline. <br><br>We recommend taking action to identify any indicated devices. Disconnect any devices from your network that remain unknown even after investigation to reduce the threat of rogue or potentially malicious devices.        |
-| **Secure your vulnerable devices** | Devices with this recommendation are found with one or more vulnerabilities with a critical severity. <br><br> We recommend that you follow the steps listed by the device vendor or CISA (Cybersecurity & Infrastructure Agency). <br><br> To see required remediation steps: <br><br> 1. Choose a device from the list of unhealthy devices to see its full list of vulnerabilities. <br> 2. From the **Vulnerabilities** tab, choose the link in the **Name** column for the critical CVE you are mitigating. Full details are opened in the NVD (National Vulnerability Database). <br> 3. Scroll to the NVD **References to Advisories, Solutions, and Tools** section and choose any of the listed links for more information. An advisory page opens, either from the vendor or from CISA. <br> 4. Find and perform the remediation steps listed for your scenario. Note that some vulnerabilities cannot be remediated with a patch.  |
+| **Secure your vulnerable \<vendor> devices** | Devices with this recommendation are found with one or more vulnerabilities with a critical severity and are organized by vendor. <br><br> We recommend that you follow the steps listed by the device vendor or CISA (Cybersecurity & Infrastructure Agency). <br><br> To see required remediation steps: <br><br> 1. Choose a device from the list of unhealthy devices to see its full list of vulnerabilities. <br> 2. From the **Vulnerabilities** tab, choose the link in the **Name** column for the critical CVE you're mitigating. Full details are opened in the NVD (National Vulnerability Database). <br> 3. Scroll to the NVD **References to Advisories, Solutions, and Tools** section and choose any of the listed links for more information. An advisory page opens, either from the vendor or from CISA. <br> 4. Find and perform the remediation steps listed for your scenario. Some vulnerabilities can't be remediated with a patch.  |
 | **Set a secure password for devices with missing authentication** | Devices with this recommendation are found without authentication based on successful sign-ins. <br><br> We recommend that you enable authentication, and that you set a stronger password with minimum length and complexity. |
-| **Set a stronger password with minimum length and complexity** | Devices with this recommendation are found with weak passwords based on successful sign-ins. <br><br> We recommend that you change the device password to a password that has 8 or more characters and that contains characters from 3 of the following categories: <br><br> - Uppercase letters <br> - Lowercase letters <br> - Special characters <br> - Numbers (0-9) |
+| **Set a stronger password with minimum length and complexity** | Devices with this recommendation are found with weak passwords based on successful sign-ins. <br><br> We recommend that you change the device password to a password that has eight or more characters and that contains characters from 3 of the following categories: <br><br> - Uppercase letters <br> - Lowercase letters <br> - Special characters <br> - Numbers (0-9) |
 | **Disable insecure administration protocol**| Devices with this recommendation are exposed to malicious threats because they use Telnet, which isn't a secured and encrypted communication protocol. <br><br>We recommend that you switch to a more secure protocol, such as SSH, disable the server altogether, or apply network access restrictions.|
 
 Other recommendations you may see in the **Recommendations** page are relevant for the [Defender for IoT micro agent](../device-builders/index.yml).
 
 The following Defender for Endpoint recommendations are relevant for Enterprise IoT customers and are available in Microsoft 365 Defender only:
+
 - **Require authentication for VNC management interface**
 - **Disable insecure administration protocol – Telnet**
 - **Remove insecure administration protocols SNMP V1 and SNMP V2**