Merge pull request #237426 from Shereen-Bhar/NTP-Active-Directory-features

NTP and Active Directory remote config

Author: prmerger-automator[bot]

articles/defender-for-iot/organizations/configure-sensor-settings-portal.md

@@ -112,6 +112,27 @@ Continue by updating the relevant setting directly on the OT network sensor. For
 
 Use the following sections to learn more about the individual OT sensor settings available from the Azure portal:
 
+### Active Directory
+
+To configure Active Directory settings from the Azure portal, define values for the following options:
+
+|Name  |Description  |
+|---------|---------|
+|**Domain Controller FQDN**     | The fully qualified domain name (FQDN), exactly as it appears on your LDAP server. For example, enter `host1.subdomain.contoso.com`. <br><br> If you encounter an issue with the integration using the FQDN, check your DNS configuration. You can also enter the explicit IP of the LDAP server instead of the FQDN when setting up the integration.        |
+|**Domain Controller Port**     | The port where your LDAP is configured. For example, use port 636 for LDAPS (SSL) connections.        |
+|**Primary Domain**     | The domain name, such as `subdomain.contoso.com`, and then select the connection type for your LDAP configuration. <br><br>Supported connection types include: **LDAPS/NTLMv3** (recommended), **LDAP/NTLMv3**, or **LDAP/SASL-MD5**        |
+|**Active Directory Groups**     | Select **+ Add** to add an Active Directory group to each permission level listed, as needed. <br><br>        When you enter a group name, make sure that you enter the group name exactly as it's defined in your Active Directory configuration on the LDAP server. You'll use these group names when adding new sensor users with Active Directory.<br><br>        Supported permission levels include **Read-only**, **Security Analyst**, **Admin**, and **Trusted Domains**.        |
+
+> [!IMPORTANT]
+> When entering LDAP parameters:
+>
+> - Define values exactly as they appear in Active Directory, except for the case.
+> - User lowercase characters only, even if the configuration in Active Directory uses uppercase.
+> - LDAP and LDAPS can't be configured for the same domain. However, you can configure each in different domains and then use them at the same time.
+>
+
+To add another Active Directory server, select **+ Add Server** and define those server values.
+
 ### Bandwidth cap
 
 For a bandwidth cap, define the maximum bandwidth you want the sensor to use for outgoing communication from the sensor to the cloud, either in Kbps or Mbps.
@@ -120,6 +141,10 @@ For a bandwidth cap, define the maximum bandwidth you want the sensor to use for
 
 **Minimum required for a stable connection to Azure**: 350 Kbps. At this minimum setting, connections to the sensor console may be slower than usual.
 
+### NTP
+
+To configure an NTP server for your sensor from the Azure portal, define an IP/Domain address of a valid IPv4 NTP server using port 123.
+
 ### Subnet
 
 To focus the Azure device inventory on devices that are in your IoT/OT scope, you will need to manually edit the subnet list to include only the locally monitored subnets that are in your IoT/OT scope. Once the subnets have been configured, the network location of the devices is shown in the *Network location* (Public preview) column in the Azure device inventory. All of the devices associated with the listed subnets will be displayed as *local*, while devices associated with detected subnets not included in the list will be displayed as *routed*.

articles/defender-for-iot/organizations/how-to-troubleshoot-sensor.md

@@ -263,6 +263,9 @@ For more information, see:
 
 You can configure a standalone sensor and a management console, with the sensors related to it, to connect to NTP.
 
+> [!TIP]
+> When you're ready to start managing your OT sensor settings at scale, define NTP settings from the Azure portal. Once you apply settings from the Azure portal, settings on the sensor console are read-only. For more information, see [Configure OT sensor settings from the Azure portal (Public preview)](configure-sensor-settings-portal.md).
+
 To connect a standalone sensor to NTP:
 
 - [See the CLI documentation](./references-work-with-defender-for-iot-cli-commands.md).

articles/defender-for-iot/organizations/manage-users-sensor.md

@@ -26,6 +26,9 @@ We recommend configuring on-premises users on your OT sensor with Active Directo
 
 For example, use Active Directory when you have a large number of users that you want to assign Read Only access to, and you want to manage those permissions at the group level.
 
+> [!TIP]
+> When you're ready to start managing your OT sensor settings at scale, define Active Directory settings from the Azure portal. Once you apply settings from the Azure portal, settings on the sensor console are read-only. For more information, see [Configure OT sensor settings from the Azure portal (Public preview)](configure-sensor-settings-portal.md).
+
 **To integrate with Active Directory**:
 
 1. Sign in to your OT sensor and select **System Settings** > **Integrations** > **Active Directory**.

articles/defender-for-iot/organizations/release-notes.md

@@ -142,6 +142,7 @@ This version includes bug fixes for stability improvements.
 **Supported until**: 12/2023
 
 - [Azure connectivity status shown on OT sensors](how-to-manage-individual-sensors.md#validate-connectivity-status)
+- [Configure Active Directory and NTP settings in the Azure portal](configure-sensor-settings-portal.md#active-directory)
 
 ## Versions 22.2.x
 

articles/defender-for-iot/organizations/whats-new.md

@@ -16,6 +16,18 @@ Features released earlier than nine months ago are described in the [What's new
 > Noted features listed below are in PREVIEW. The [Azure Preview Supplemental Terms](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) include other legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
 >
 
+## May 2023
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | **Sensor versions 22.3.x and higher**: <br>- [Configure Active Directory and NTP settings in the Azure portal](#configure-active-directory-and-ntp-settings-in-the-azure-portal) |
+
+### Configure Active Directory and NTP settings in the Azure portal
+
+Now you can configure Active Directory and NTP settings for your OT sensors remotely from the **Sites and sensors** page in the Azure portal. These settings are available for OT sensor versions 22.3.x and higher.
+
+For more information, see [Sensor setting reference](configure-sensor-settings-portal.md#sensor-setting-reference)
+
 ## April 2023
 
 |Service area  |Updates  |