changes

Author: tarTech23

articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md

@@ -222,7 +222,7 @@ A Microsoft Defender for IoT OT network sensor starts monitoring your network au
 
 Initially, this activity happens in *learning* mode, which instructs your OT sensor to learn your network's usual activity, including the devices and protocols in your network, and the regular file transfers that occur between specific devices. Any regularly detected activity becomes your network's [baseline traffic](ot-deploy/create-learned-baseline.md).
 
-This procedure describes how to turn off learning mode manually if you feel that the current alerts accurately reflect your network activity.
+This procedure describes how to turn off learning mode manually when the current alerts accurately reflect your network activity.
 
 **To turn off learning mode**:
 

articles/defender-for-iot/organizations/ot-deploy/create-learned-baseline.md

@@ -17,7 +17,6 @@ An OT network sensor starts monitoring your network automatically after it's con
 
 Initially, this activity happens in *learning* mode, which instructs your OT sensor to learn your network's usual activity, including the devices and protocols in your network, and the regular file transfers that occur between specific devices. Any regularly detected activity becomes your network's baseline traffic.
 
-
 > [!TIP]
 > Use your time in learning mode to triage your alerts and *Learn* those that you want to mark as authorized, expected activity. Learned traffic doesn't generate new alerts the next time the same traffic is detected.
 >
@@ -27,7 +26,7 @@ For more information, see [Microsoft Defender for IoT alerts](../alerts.md).
 
 ### Learn mode timeline
 
-Creating your baseline of OT alerts can take anywhere from a few days to several weeks, depending on your network size and complexity. Learning mode automatically turns off when the sensor detects a decrease in newly detected traffic, which is typically between 2-6 weeks after deployment.
+Creating your baseline of OT alerts can take anywhere from a few days to several weeks, depending on your network size and complexity. We recommend that after 2-6 weeks, depending on your network size, you manually change the Learning mode to Dynamic mode when the sensor detects a decrease in newly detected traffic.
 
 [Turn off learning mode manually before then](../how-to-manage-individual-sensors.md#turn-off-learning-mode-manually) if you feel that the current alerts accurately reflect your network activity.
 

articles/defender-for-iot/organizations/ot-deploy/ot-deploy-path.md

@@ -182,7 +182,7 @@ Your OT sensors will remain in *Learning mode* for as long as new traffic is det
 When baseline learning ends, the OT monitoring deployment process is complete, and you'll continue on in operational mode for ongoing monitoring. In operational mode, any activity that differs from your baseline data will trigger an alert.
 
 > [!TIP]
-> [Turn off learning mode manually](../how-to-manage-individual-sensors.md#turn-off-learning-mode-manually) if you feel that the current alerts in Defender for IoT reflect your network traffic accurately, and learning mode hasn't already ended automatically.
+> [Turn off learning mode manually](../how-to-manage-individual-sensors.md#turn-off-learning-mode-manually) when the current alerts in Defender for IoT reflect your network traffic accurately.
 >
 
 ## Connect Defender for IoT data to your SIEM