Merge branch 'main'

maud-lv · maud-lv · commit 974afbcddc3d · 2025-02-20T16:01:04.000+01:00
diff --git a/articles/defender-for-iot/organizations/alert-engine-messages.md b/articles/defender-for-iot/organizations/alert-engine-messages.md
@@ -331,5 +331,3 @@ For more information, see:
 - [Work with alerts on the on-premises management console](legacy-central-management/how-to-work-with-alerts-on-premises-management-console.md)
 - [Alert management API reference for on-premises management consoles](api/management-alert-apis.md)
 - [Alert management API reference for OT monitoring sensors](api/sensor-alert-apis.md)
-- [Forward alert information](how-to-forward-alert-information-to-partners.md)
-
diff --git a/articles/defender-for-iot/organizations/appliance-catalog/dell-poweredge-r660.md b/articles/defender-for-iot/organizations/appliance-catalog/dell-poweredge-r660.md
@@ -56,7 +56,7 @@ The following image shows a view of the Dell PowerEdge R660 back panel:
 |1| 780-BCDS | RAID configuration | unconfigured RAID |
 |1| 405-AAZB | RAID controller | PERC H755 SAS Front |
 |1| 750-ACFR | RAID controller | Front PERC Mechanical Parts, front load |
-|6| 161-BCBX | Hard drives | 2.4 TB Hard Drive SAS ISE 12 Gbps 10k 512e 2.5in Hot Plug |
+|8| 161-BCBX | Hard drives | 2.4 TB Hard Drive SAS ISE 12 Gbps 10k 512e 2.5in Hot Plug |
 |1| 384-BBBH | BIOS and Advanced System Configuration Settings | Power Saving BIOS Settings |
 |1| 387-BBEY | Advanced System Configurations | No Energy Star |
 |1| 384-BDJC | Fans | Standard Fan X7 |
diff --git a/articles/defender-for-iot/organizations/appliance-catalog/hpe-proliant-dl360-gen11.md b/articles/defender-for-iot/organizations/appliance-catalog/hpe-proliant-dl360-gen11.md
@@ -29,7 +29,7 @@ The following image displays the hardware elements on the HPE ProLiant DL360 Gen
 |**Processor** | INT Xeon-S 4510 CPU for HPE OEM  |
 |**Chipset** | Intel C262|
 |**Memory** | 4 HPE 32GB (1x32GB) Dual Rank x8 DDR5-5600 CAS-46-45-45 EC8 Registered Smart Memory Kit |
-|**Storage**| 6 HPE 2.4TB SAS 12G Mission Critical 10K SFF BC 3-year Warranty 512e Multi Vendor HDD |
+|**Storage**| 8 HPE 2.4TB SAS 12G Mission Critical 10K SFF BC 3-year Warranty 512e Multi Vendor HDD |
 |**Network controller**| On-board: 8 x 1 Gb |
 |**Management**     | HPE iLO Advanced         |
 |**Power**            |HPE 1000W flex slot power supply with 96% efficiency, 100-240 VAC input, 80 Plus Titanium certified |
@@ -44,7 +44,7 @@ The following image displays the hardware elements on the HPE ProLiant DL360 Gen
 |**P67824-B21** | INT Xeon-S 4510 CPU for HPE OEM |2|
 |**P64706-B21** | HPE 32GB (1x32GB) Dual Rank x8 DDR5-5600 CAS-46-45-45 EC8 Registered Smart Memory Kit |4|
 |**P48896-B21** | HPE ProLiant DL360 Gen11 8SFF x4 U.3 Tri-Mode Backplane Kit |1|
-|**P28352-B21** | HPE 2.4TB SAS 12G Mission Critical 10K SFF BC 3-year Warranty 512e Multi Vendor HDD |6|
+|**P28352-B21** | HPE 2.4TB SAS 12G Mission Critical 10K SFF BC 3-year Warranty 512e Multi Vendor HDD |8|
 |**P48901-B21** | HPE ProLiant DL360 Gen11 x16 Full Height Riser Kit |1|
 |**P51178-B21** | Broadcom BCM5719 Ethernet 1Gb 4-port BASE-T Adapter for HPE |1|
 |**P47789-B21** | HPE MR216i-o Gen11 x16 Lanes without Cache OCP SPDM Storage Controller |1|
diff --git a/articles/defender-for-iot/organizations/iot-solution.md b/articles/defender-for-iot/organizations/iot-solution.md
@@ -32,10 +32,6 @@ Before you start, make sure you have the following requirements on your workspac
 
 - A Defender for IoT plan on your Azure subscription with data streaming into Defender for IoT. For more information, see [Quickstart: Get started with Defender for IoT](getting-started.md).
 
-> [!IMPORTANT]
-> Currently, having both the Microsoft Defender for IoT and the [Microsoft Defender for Cloud](../../sentinel/data-connectors/microsoft-defender-for-cloud.md) data connectors enabled on the same Microsoft Sentinel workspace simultaneously may result in duplicate alerts in Microsoft Sentinel. We recommend that you disconnect the Microsoft Defender for Cloud data connector before connecting to Microsoft Defender for IoT.
->
-
 ## Connect your data from Defender for IoT to Microsoft Sentinel
 
 Start by enabling the [Defender for IoT data connector](../../sentinel/data-connectors/microsoft-defender-for-iot.md) to stream all your Defender for IoT events into Microsoft Sentinel.
@@ -63,54 +59,54 @@ After you've connected a subscription to Microsoft Sentinel, you'll be able to v
     **To see all alerts generated by Defender for IoT**:
 
     ```kusto
-    SecurityAlert | where ProductName == "Azure Security Center for IoT"
+    SecurityAlert | where ProviderName == "IoTSecurity"
     ```
 
     **To see specific sensor alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where tostring(parse_json(ExtendedProperties).SensorId) == “<sensor_name>”
     ```
 
     **To see specific OT engine alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "MALWARE"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "ANOMALY"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "PROTOCOL_VIOLATION"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "POLICY_VIOLATION"
 
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where ProductComponentName == "OPERATIONAL"
     ```
 
     **To see high severity alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where ProviderName == "IoTSecurity"
     | where AlertSeverity == "High"
     ```
 
     **To see specific protocol alerts generated by Defender for IoT**:
 
     ```kusto
     SecurityAlert
-    | where ProductName == "Azure Security Center for IoT"
+    | where PProviderName == "IoTSecurity"
     | where tostring(parse_json(ExtendedProperties).Protocol) == "<protocol_name>"
     ```
 
@@ -138,16 +134,16 @@ For more information, see [View alerts on the Defender for IoT portal](how-to-ma
 
 ### Understand multiple records per alert
 
-Defender for IoT alert data is streamed to the Microsoft Sentinel and stored in your Log Analytics workspace, in the [SecurityAlert]() table.
+Defender for IoT alert data is streamed to the Microsoft Sentinel and stored in your Log Analytics workspace, in the [SecurityAlert](/azure/sentinel/security-alert-schema) table.
 
 Records in the **SecurityAlert** table are created each time an alert is generated or updated in Defender for IoT. Sometimes a single alert will have multiple records, such as when the alert was first created and then again when it was updated.
 
 In Microsoft Sentinel, use the following query to check the records added to the **SecurityAlert** table for a single alert:
 
 ```kql
 SecurityAlert
-|  where ProductName == "Azure Security Center for IoT"
-|  where VendorOriginalId == "Defender for IoT Alert ID"
+|  where ProviderName == "IoTSecurity"
+|  where VendorOriginalId == "<Defender for IoT Alert ID>"
 | sort by TimeGenerated desc
 ```
 
diff --git a/articles/defender-for-iot/organizations/manage-users-portal.md b/articles/defender-for-iot/organizations/manage-users-portal.md
@@ -11,7 +11,7 @@ ms.collection:
 
 Microsoft Defender for IoT provides tools both in the Azure portal and on-premises for managing user access across Defender for IoT resources.
 
-In the Azure portal, user management is managed at the *subscription* level with [Microsoft Entra ID](../../active-directory/index.yml) and [Azure role-based access control (RBAC)](../../role-based-access-control/overview.md). Assign Microsoft Entra users with Azure roles at the subscription level so that they can add or update Defender for IoT pricing plans and access device data, manage sensors, and access device data across Defender for IoT.
+In the Azure portal, user management is managed at the *subscription* level with [Microsoft Entra ID](../../active-directory/index.yml) and [Azure role-based access control (RBAC)](../../role-based-access-control/overview.md). Assign Microsoft Entra users with Azure roles at the subscription level so that they can add or update Defender for IoT pricing plans, access device data, and manage sensors.
 
 For OT network monitoring, Defender for IoT has the extra *site* level, which you can use to add granularity to your user management. For example, assign roles at the site level to apply different permissions for the same users across different sites.
 
