Merge pull request #263509 from MicrosoftDocs/main

Merge main to live, 4 AM

Author: v-ccolin

articles/azure-monitor/app/convert-classic-resource.md

@@ -129,7 +129,7 @@ Use the following script to identify your Application Insights resources by inge
 
 #### Example
 
-```azurecli
+```powershell
 Get-AzApplicationInsights -SubscriptionId 'Your Subscription ID' | Format-Table -Property Name, IngestionMode, Id, @{label='Type';expression={
     if ([string]::IsNullOrEmpty($_.IngestionMode)) {
         'Unknown'

articles/defender-for-cloud/recommendations-reference-aws.md

@@ -27,7 +27,7 @@ impact on your secure score.
 
 ### Data plane recommendations
 
-All the data plane recommendations listed [here](kubernetes-workload-protections.md#view-and-configure-the-bundle-of-recommendations) are supported under AWS after [enabling Azure Policy for Kubernetes](kubernetes-workload-protections.md#enable-kubernetes-data-plane-hardening). 
+All the data plane recommendations listed [here](kubernetes-workload-protections.md#view-and-configure-the-bundle-of-recommendations) are supported under AWS after [enabling Azure Policy for Kubernetes](kubernetes-workload-protections.md#enable-kubernetes-data-plane-hardening).
 
 ## <a name='recs-aws-data'></a> AWS Data recommendations
 

articles/defender-for-cloud/sql-information-protection-policy.md

@@ -13,28 +13,23 @@ SQL information protection's [data discovery and classification mechanism](/azur
 
 The classification mechanism is based on the following two elements:
 
-- **Labels** – The main classification attributes, used to define the *sensitivity level of the data* stored in the column. 
+- **Labels** – The main classification attributes, used to define the *sensitivity level of the data* stored in the column.
 - **Information Types** – Provides additional granularity into the *type of data* stored in the column.
 
-The information protection policy options within Defender for Cloud provide a predefined set of labels and information types which serve as the defaults for the classification engine. You can customize the policy, according to your organization's needs, as described below.
+The information protection policy options within Defender for Cloud provide a predefined set of labels and information types that serve as the defaults for the classification engine. You can customize the policy, according to your organization's needs, as described below.
 
 :::image type="content" source="./media/sql-information-protection-policy/sql-information-protection-policy-page.png" alt-text="The page showing your SQL information protection policy.":::
- 
-
-
 
 ## How do I access the SQL information protection policy?
 
 There are three ways to access the information protection policy:
 
 - **(Recommended)** From the **Environment settings** page of Defender for Cloud
-- From the security recommendation "Sensitive data in your SQL databases should be classified"
+- From the security recommendation *Sensitive data in your SQL databases should be classified*
 - From the Azure SQL DB data discovery page
 
 Each of these is shown in the relevant tab below.
 
-
-
 ### [**From Defender for Cloud's settings**](#tab/sqlip-tenant)
 
 <a name="sqlip-tenant"></a>
@@ -48,15 +43,13 @@ From Defender for Cloud's **Environment settings** page, select **SQL informatio
 
 :::image type="content" source="./media/sql-information-protection-policy/environment-settings-link-to-information-protection.png" alt-text="Accessing the SQL Information Protection policy from the environment settings page of Microsoft Defender for Cloud.":::
 
-
-
 ### [**From Defender for Cloud's recommendation**](#tab/sqlip-db)
 
 <a name="sqlip-db"></a>
 
 ### Access the policy from the Defender for Cloud recommendation
 
-Use Defender for Cloud's recommendation, "Sensitive data in your SQL databases should be classified", to view the data discovery and classification page for your database. There, you'll also see the columns discovered to contain information that we recommend you classify.
+Use Defender for Cloud's recommendation, *Sensitive data in your SQL databases should be classified*, to view the data discovery and classification page for your database. There, you'll also see the columns discovered to contain information that we recommend you classify.
 
 1. From Defender for Cloud's **Recommendations** page, search for the recommendation **Sensitive data in your SQL databases should be classified**.
 
@@ -68,8 +61,6 @@ Use Defender for Cloud's recommendation, "Sensitive data in your SQL databases s
 
     :::image type="content" source="./media/sql-information-protection-policy/access-policy-from-security-center-recommendation.png" alt-text="Opening the SQL information protection policy from the relevant recommendation in Microsoft Defender for Cloud's":::
 
-
-
 ### [**From Azure SQL**](#tab/sqlip-azuresql)
 
 <a name="sqlip-azuresql"></a>
@@ -86,7 +77,7 @@ Use Defender for Cloud's recommendation, "Sensitive data in your SQL databases s
 
     :::image type="content" source="./media/sql-information-protection-policy/access-policy-from-azure-sql.png" alt-text="Opening the SQL information protection policy from Azure SQL.":::
 
---- 
+---
 
 ## Customize your information types
 
@@ -97,52 +88,50 @@ To manage and customize information types:
     :::image type="content" source="./media/sql-information-protection-policy/manage-types.png" alt-text="Manage information types for your information protection policy.":::
 
 1. To add a new type, select **Create information type**. You can configure a name, description, and search pattern strings for the information type. Search pattern strings can optionally use keywords with wildcard characters (using the character '%'), which the automated discovery engine uses to identify sensitive data in your databases, based on the columns' metadata.
- 
+
     :::image type="content" source="./media/sql-information-protection-policy/configure-new-type.png" alt-text="Configure a new information type for your information protection policy.":::
 
-1. You can also modify the built-in types by adding additional search pattern strings, disabling some of the existing strings, or by changing the description. 
+1. You can also modify the built-in types by adding additional search pattern strings, disabling some of the existing strings, or by changing the description.
 
     > [!TIP]
-    > You can't delete built-in types or change their names. 
+    > You can't delete built-in types or change their names.
 
-1. **Information types** are listed in order of ascending discovery ranking, meaning that the types higher in the list will attempt to match first. To change the ranking between information types, drag the types to the right spot in the table, or use the **Move up** and **Move down** buttons to change the order. 
+1. **Information types** are listed in order of ascending discovery ranking, meaning that the types higher in the list attempt to match first. To change the ranking between information types, drag the types to the right spot in the table, or use the **Move up** and **Move down** buttons to change the order.
 
-1. Select **OK** when you are done.
+1. Select **OK** when you're done.
 
-1. After you completed managing your information types, be sure to associate the relevant types with the relevant labels, by clicking **Configure** for a particular label, and adding or deleting information types as appropriate.
+1. After you completed managing your information types, be sure to associate the relevant types with the relevant labels, by selecting **Configure** for a particular label, and adding or deleting information types as appropriate.
 
 1. To apply your changes, select **Save** in the main **Labels** page.
- 
 
 ## Exporting and importing a policy
 
-You can download a JSON file with your defined labels and information types, edit the file in the editor of your choice, and then import the updated file. 
+You can download a JSON file with your defined labels and information types, edit the file in the editor of your choice, and then import the updated file.
 
 :::image type="content" source="./media/sql-information-protection-policy/export-import.png" alt-text="Exporting and importing your information protection policy.":::
 
 > [!NOTE]
-> You'll need tenant level permissions to import a policy file. 
-
+> You'll need tenant level permissions to import a policy file.
 
 ## Permissions
 
-To customize the information protection policy for your Azure tenant, you'll need the following actions on the tenant's root management group:
-  - Microsoft.Security/informationProtectionPolicies/read
-  - Microsoft.Security/informationProtectionPolicies/write 
+To customize the information protection policy for your Azure tenant, you need the following actions on the tenant's root management group:
+
+- Microsoft.Security/informationProtectionPolicies/read
+- Microsoft.Security/informationProtectionPolicies/write
 
 Learn more in [Grant and request tenant-wide visibility](tenant-wide-permissions-management.md).
 
 ## Manage SQL information protection using Azure PowerShell
 
 - [Get-AzSqlInformationProtectionPolicy](/powershell/module/az.security/get-azsqlinformationprotectionpolicy): Retrieves the effective tenant SQL information protection policy.
 - [Set-AzSqlInformationProtectionPolicy](/powershell/module/az.security/set-azsqlinformationprotectionpolicy): Sets the effective tenant SQL information protection policy.
- 
 
 ## Next steps
- 
+
 In this article, you learned about defining an information protection policy in Microsoft Defender for Cloud. To learn more about using SQL Information Protection to classify and protect sensitive data in your SQL databases, see [Azure SQL Database Data Discovery and Classification](/azure/azure-sql/database/data-discovery-and-classification-overview).
 
 For more information on security policies and data security in Defender for Cloud, see the following articles:
- 
+
 - [Setting security policies in Microsoft Defender for Cloud](tutorial-security-policy.md): Learn how to configure security policies for your Azure subscriptions and resource groups
 - [Microsoft Defender for Cloud data security](data-security.md): Learn how Defender for Cloud manages and safeguards data

articles/defender-for-iot/organizations/media/update-ot-software/send-package-multiple-versions-400.png

@@ -87,27 +87,31 @@ This procedure describes how to send a software version update to one or more OT
 
     :::image type="content" source="media/update-ot-software/remote-update-step-1.png" alt-text="Screenshot of the Send package option." lightbox="media/update-ot-software/remote-update-step-1.png":::
 
-1. In the **Send package** pane that appears, check to make sure that you're sending the software to the sensor you want to update. To jump to the release notes for the new version, select **Learn more** at the top of the pane.
+1. In the **Send package** pane that appears, under **Available versions**, select the software version from the list. If the version you need doesn't appear, select **Show more** to list all available versions.
+    
+    To jump to the release notes for the new version, select **Learn more** at the top of the pane.
+
+    :::image type="content" source="media/update-ot-software/send-package-multiple-versions-400.png" alt-text="Screenshot of sensor update pane with option to choose sensor update version." lightbox="media/update-ot-software/send-package-multiple-versions.png" border="false":::
 
 1. When you're ready, select **Send package**, and the software transfer to your sensor machine is started. You can see the transfer progress in the **Sensor version** column, with the percentage complete automatically updating in the progress bar, so you can see that the process has started and letting you track its progress until the transfer is complete. For example:
 
     :::image type="content" source="media/update-ot-software/sensor-version-update-bar.png" alt-text="Screenshot of the update bar in the Sensor version column." lightbox="media/update-ot-software/sensor-version-update-bar.png":::
 
-    When the transfer is complete, the **Sensor version** column changes to :::image type="icon" source="media/update-ot-software/ready-to-update.png" border="false" ::: **Ready to update**.
+    When the transfer is complete, the **Sensor version** column changes to :::image type="icon" source="media/update-ot-software/ready-to-update.png" border="true" ::: **Ready to update**.
 
     Hover over the **Sensor version** value to see the source and target version for your update.
 
 ### Run your sensor update from the Azure portal
 
 Run the sensor update only when you see the :::image type="icon" source="media/update-ot-software/ready-to-update.png" border="false"::: **Ready to update** icon in the **Sensor version** column.
 
-1. Select one or more sensors to update, and then select **Sensor update** > **Remote update** > **Step 2: Update sensor** from the toolbar.
+1. Select one or more sensors to update, and then select **Sensor update** > **Remote update** > **Step 2: Update sensor** from the toolbar. The **Update sensor** pane opens in the right side of the screen.
 
     For an individual sensor, the **Step 2: Update sensor** option is also available from the **...** options menu. For example:
 
     :::image type="content" source="media/update-ot-software/remote-update-step-2.png" alt-text="Screenshot of the Update sensor option." lightbox="media/update-ot-software/remote-update-step-2.png":::
 
-1. In the **Update sensor** pane that appears, verify your update details.
+1. In the **Update sensor** pane that appears, verify your update details. 
 
     When you're ready, select **Update now** > **Confirm update**. In the grid, the **Sensor version** value changes to :::image type="icon" source="media/update-ot-software/installing.png" border="false"::: **Installing**, and an update progress bar appears showing you the percentage complete. The bar automatically updates, so that you can track the progress until the installation is complete.
 

articles/defender-for-iot/organizations/media/update-ot-software/send-package-multiple-versions.png

@@ -16,6 +16,22 @@ Features released earlier than nine months ago are described in the [What's new
 > Noted features listed below are in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 
+## January 2024
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [Sensor update in Azure portal now supports selecting a specific version](#sensor-update-in-azure-portal-now-supports-selecting-a-specific-version) <br> |
+
+### Sensor update in Azure portal now supports selecting a specific version
+
+When you update the sensor in the Azure portal, you can now choose to update to any of the supported, previous versions (versions other than the latest version). Previously, sensors onboarded to Microsoft Defender for IoT on the Azure portal were automatically updated to the latest version.
+
+You might want to update your sensor to a specific version for various reasons, such as for testing purposes, or to align all sensors to the same version.
+
+:::image type="content" source="media/whats-new/send-package-multiple-versions-400.png" alt-text="Screenshot of sensor update pane with option to choose sensor update version." border="false" lightbox="media/whats-new/send-package-multiple-versions.png" :::
+
+For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md#send-the-software-update-to-your-ot-sensor).
+
 ## December 2023
 
 |Service area  |Updates  |

articles/defender-for-iot/organizations/media/whats-new/send-package-multiple-versions-400.png

@@ -22,10 +22,10 @@ This article provides details about the features and enhancements made to Azure
 
 ## January 2024
 
-### FHIR Service
+### FHIR service
 **Storage size support in FHIR service beyond 4TB** 
 
-By default each FHIR instance is limited to storage capacity of 4TB. To provision a FHIR instance with storage capacity beyond 4TB, create support request with Issue type 'Service and Subscription limit (quotas)'.
+By default each FHIR instance is limited to storage capacity of 4TB. To provision a FHIR instance with storage capacity beyond 4TB, [create support request](https://portal.azure.com/#blade/Microsoft_Azure_Support/HelpAndSupportBlade/overview) with Issue type 'Service and Subscription limit (quotas)'.
 > [!NOTE]
 > Due to issue in billing metrics for storage. Customers opting for more than 4TB storage capacity will not be billed for storage till the issue is addressed.