MicrosoftDocs
diff --git a/‎articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md
Lines changed: 1 addition & 1 deletion b/‎articles/defender-for-iot/organizations/how-to-activate-and-set-up-your-sensor.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/defender-for-iot/organizations/how-to-deploy-certificates.md
Lines changed: 175 additions & 137 deletions b/‎articles/defender-for-iot/organizations/how-to-deploy-certificates.md
Lines changed: 175 additions & 137 deletions
diff --git a/‎articles/defender-for-iot/organizations/how-to-forward-alert-information-to-partners.md
Lines changed: 5 additions & 6 deletions b/‎articles/defender-for-iot/organizations/how-to-forward-alert-information-to-partners.md
Lines changed: 5 additions & 6 deletions
diff --git a/‎articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md
Lines changed: 2 additions & 2 deletions b/‎articles/defender-for-iot/organizations/how-to-manage-individual-sensors.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎articles/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console.md
Lines changed: 34 additions & 31 deletions b/‎articles/defender-for-iot/organizations/how-to-manage-the-on-premises-management-console.md
Lines changed: 34 additions & 31 deletions
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/certificate-store-trusted-root.png
428 KB b/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/certificate-store-trusted-root.png
428 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/connection-is-not-private-subject.png
586 KB b/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/connection-is-not-private-subject.png
586 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/connection-is-not-secure.png
341 KB b/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/connection-is-not-secure.png
341 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/hosts-file.png
63.4 KB b/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/hosts-file.png
63.4 KB
diff --git a/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/show-certificate-icon.png
1.01 KB b/‎articles/defender-for-iot/organizations/media/how-to-deploy-certificates/show-certificate-icon.png
1.01 KB
@@ -111,7 +111,7 @@ For more information about working with certificates, see [Manage certificates](
 
 1. Approve the terms and conditions.
 
-1. Select **Activate**. The SSL/TLS certificate tab opens. Before defining certificates, see [About certificates](#about-certificates). 
+1. Select **Activate**. The SSL/TLS certificate tab opens. Before defining certificates, see [Deploy SSL/TLS certificates on OT appliances](how-to-deploy-certificates.md).
 
     It is **not recommended** to use a locally generated certificate in a production environment.
 
 
@@ -29,14 +29,13 @@ This article describes how to configure your OT sensor or on-premises management
 > [!NOTE]
 > Forwarding alert rules run only on alerts triggered after the forwarding rule is created. Alerts already in the system from before the forwarding rule was created are not affected by the rule.
 
-
 ## Prerequisites
 
 - Depending on where you want to create your forwarding alert rules, you'll need to have either an [OT network sensor or on-premises management console installed](how-to-install-software.md), with access as an **Admin** user.
 
     For more information, see [Install OT agentless monitoring software](how-to-install-software.md) and [On-premises users and roles for OT monitoring with Defender for IoT](roles-on-premises.md).
 
-- You'll also need to define SMTP settings on the OT sensor or on-premises management console. 
+- You'll also need to define SMTP settings on the OT sensor or on-premises management console.
 
     For more information, see [Configure SMTP settings on an OT sensor](how-to-manage-individual-sensors.md#configure-smtp-settings) and [Configure SMTP settings on an on-premises management console](how-to-manage-the-on-premises-management-console.md#mail-server-settings).
 
@@ -93,7 +92,6 @@ To edit or delete an existing rule:
 
 1. When you're done configuring the rule, select **SAVE**. The rule is listed on the **Forwarding** page.
 
-
 1. Test the rule you've created:
 
     1. On the row for your rule, select the :::image type="icon" source="media/how-to-forward-alert-information-to-partners/run-button.png" border="false"::: **test this forwarding rule** button. A success notification is shown if the message sent successfully.
@@ -127,7 +125,6 @@ In the **Actions** area, enter the following details:
 |**Email**     | Enter the email address you want to forward the alerts to. Each rule supports a single email address.        |
 |**Timezone**    |  Select the time zone you want to use for the alert detection in the target system.  |
 
-
 ### Syslog server actions
 
 Configure a Syslog server action to forward alert data to the selected type of Syslog server.
@@ -305,13 +302,12 @@ If your forwarding alert rules aren't working as expected, check the following d
 
 - **Certificate validation**. Forwarding rules for [Syslog CEF](#syslog-server-actions), [Microsoft Sentinel](integrate-overview.md#microsoft-sentinel), and [QRadar](tutorial-qradar.md) support encryption and certificate validation.
 
-    If your OT sensors or on-premises management console are configured to [validate certificates](how-to-deploy-certificates.md#about-certificate-validation) and the certificate can't be verified, the alerts aren't forwarded.
+    If your OT sensors or on-premises management console are configured to [validate certificates](how-to-deploy-certificates.md#verify-crl-server-access) and the certificate can't be verified, the alerts aren't forwarded.
 
     In these cases, the sensor or on-premises management console is the session's client and initiator. Certificates are typically received from the server or use asymmetric encryption, where a specific certificate is provided to set up the integration.
 
 - **Alert exclusion rules**. If you have exclusion rules configured on your on-premises management console, your sensors might be ignoring the alerts you're trying to forward. For more information, see [Create alert exclusion rules on an on-premises management console](how-to-accelerate-alert-incident-response.md#create-alert-exclusion-rules-on-an-on-premises-management-console).
 
-
 ## Next steps
 
 > [!div class="nextstepaction"]
@@ -326,3 +322,6 @@ If your forwarding alert rules aren't working as expected, check the following d
 > [!div class="nextstepaction"]
 > [OT monitoring alert types and descriptions](alert-engine-messages.md)
 
+
+> [!div class="nextstepaction"]
+> [Microsoft Defender for IoT alerts](alerts.md)
@@ -134,11 +134,11 @@ Sensor Administrators may be required to update certificates that were uploaded
     - Upload a CRT file and key file.
     - Upload a PEM file if necessary.
 
-If the upload fails, contact your security or IT administrator, or review the information in [About Certificates](how-to-deploy-certificates.md).
+If the upload fails, contact your security or IT administrator, or review the information in [Deploy SSL/TLS certificates on OT appliances](how-to-deploy-certificates.md).
 
 **To change the certificate validation setting:**
 
-1. Enable or disable the **Enable Certificate Validation** toggle. If the option is enabled and validation fails, communication between relevant components is halted, and a validation error is presented in the console. If disabled, certificate validation is not carried out. See [About certificate validation](how-to-deploy-certificates.md#about-certificate-validation) for more information.
+1. Enable or disable the **Enable Certificate Validation** toggle. If the option is enabled and validation fails, communication between relevant components is halted, and a validation error is presented in the console. If disabled, certificate validation is not carried out. See [Verify CRL server access](how-to-deploy-certificates.md#verify-crl-server-access) for more information.
 
 1. Select **Save**.
 
 
@@ -44,10 +44,15 @@ After initial activation, the number of monitored devices might exceed the numbe
 1. Select **Activation**.
 1. Select **Choose a File** and select the file that you saved.
 
-
 ## Manage certificates
 
-Following on-premises management console installation, a local self-signed certificate is generated and used to access the web application. When logging in to the on-premises management console for the first time, Administrator users are prompted to provide an SSL/TLS certificate. 
+When you first [install an on-premises management console](ot-deploy/install-software-on-premises-management-console.md), a local, self-signed certificate is generated and used to access the on-premises management console's UI. When signing into the on-premises management console for the first time, **Admin** users are prompted to provide an SSL/TLS certificate.
+
+If your certificate has expired, make sure to create a new one and upload it to your on-premises management console.
+
+For more information, see [Deploy SSL/TLS certificates on OT appliances](how-to-deploy-certificates.md).
+
+Following on-premises management console installation, a local self-signed certificate is generated and used to access the web application. When logging in to the on-premises management console for the first time, Administrator users are prompted to provide an SSL/TLS certificate.
 
 Administrators may be required to update certificates that were uploaded after initial login. This may happen for example if a certificate expired.
 
@@ -69,22 +74,22 @@ If the upload fails, contact your security or IT administrator, or review the in
 
 **To change the certificate validation setting:**
 
-1. Enable or disable the **Enable Certificate Validation** toggle. If the option is enabled and validation fails, communication between relevant components is halted and a validation error is presented in the console. If disabled, certificate validation is not carried out. See [About certificate validation](how-to-deploy-certificates.md#about-certificate-validation) for more information.
+1. Enable or disable the **Enable Certificate Validation** toggle. If the option is enabled and validation fails, communication between relevant components is halted and a validation error is presented in the console. If disabled, certificate validation is not carried out. See [Verify CRL server access](how-to-deploy-certificates.md#verify-crl-server-access) for more information.
 
 1. Select **Save**.
 
 For more information about first-time certificate upload, see [First-time sign-in and activation checklist](how-to-activate-and-set-up-your-sensor.md#first-time-sign-in-and-activation-checklist).
 
 ## Define backup and restore settings
 
-The on-premises management console system backup is performed automatically, daily. The data is saved on a different disk. The default location is `/var/cyberx/backups`. 
+The on-premises management console system backup is performed automatically, daily. The data is saved on a different disk. The default location is `/var/cyberx/backups`.
 
-You can automatically transfer this file to the internal network. 
+You can automatically transfer this file to the internal network.
 
 > [!NOTE]
-> You can perform the backup and restore procedure on the same version only. 
+> You can perform the backup and restore procedure on the same version only.
 
-To back up the on-premises management console machine: 
+To back up the on-premises management console machine:
 
 - Sign in to an administrative account and enter `sudo cyberx-management-backup -full`.
 
@@ -96,37 +101,37 @@ To save the backup to an external SMB server:
 
 1. Create a shared folder in the external SMB server.  
 
-   Get the folder path, username, and password required to access the SMB server. 
+   Get the folder path, username, and password required to access the SMB server.
 
 2. In Defender for IoT, make a directory for the backups:
 
-   - `sudo mkdir /<backup_folder_name_on_ server>` 
+   - `sudo mkdir /<backup_folder_name_on_ server>`
 
-   - `sudo chmod 777 /<backup_folder_name_on_c_server>/` 
+   - `sudo chmod 777 /<backup_folder_name_on_c_server>/`
 
 3. Edit fstab:  
 
-   - `sudo nano /etc/fstab` 
+   - `sudo nano /etc/fstab`
 
-   - `add - //<server_IP>/<folder_path> /<backup_folder_name_on_server> cifs rw,credentials=/etc/samba/user,vers=3.0,uid=cyberx,gid=cyberx,file_mode=0777,dir_mode=0777 0 0` 
+   - `add - //<server_IP>/<folder_path> /<backup_folder_name_on_server> cifs rw,credentials=/etc/samba/user,vers=3.0,uid=cyberx,gid=cyberx,file_mode=0777,dir_mode=0777 0 0`
 
-4. Edit or create credentials for the SMB server to share: 
+4. Edit or create credentials for the SMB server to share:
 
-   - `sudo nano /etc/samba/user` 
+   - `sudo nano /etc/samba/user`
 
-5. Add: 
+5. Add:
 
    - `username=<user name>`
 
-   - `password=<password>` 
+   - `password=<password>`
 
-6. Mount the directory: 
+6. Mount the directory:
 
-   - `sudo mount -a` 
+   - `sudo mount -a`
 
 7. Configure a backup directory to the shared folder on the Defender for IoT on-premises management console:  
 
-   - `sudo nano /var/cyberx/properties/backup.properties` 
+   - `sudo nano /var/cyberx/properties/backup.properties`
 
    - `set Backup.shared_location to <backup_folder_name_on_server>`
 
@@ -136,9 +141,9 @@ To edit the management console's host name configured in the organizational DNS
 
 1. In the management console's left pane, select **System Settings**.  
 
-2. In the console's networking section, select **Network**. 
+2. In the console's networking section, select **Network**.
 
-3. Enter the host name configured in the organizational DNS server. 
+3. Enter the host name configured in the organizational DNS server.
 
 4. Select **Save**.
 
@@ -160,21 +165,21 @@ The following procedure connects a sensor to the on-premises management console
 
 1. Sign in to the on-premises management console appliance CLI with administrative credentials.
 
-2. Type `sudo cyberx-management-tunnel-enable` and select **Enter**.
+1. Type `sudo cyberx-management-tunnel-enable` and select **Enter**.
 
-4. Type `--port 10000` and select **Enter**.
+1. Type `--port 10000` and select **Enter**.
 
 ## Adjust system properties
 
 System properties control various operations and settings in the management console. Editing or modifying them might damage the management console's operation. Consult with [Microsoft Support](https://support.microsoft.com) before changing your settings.
 
-To access system properties: 
+To access system properties:
 
 1. Sign in to the on-premises management console or the sensor.
 
-2. Select **System Settings**.
+1. Select **System Settings**.
 
-3. Select **System Properties** from the **General** section.
+1. Select **System Properties** from the **General** section.
 
 ## Change the name of the on-premises management console
 
@@ -186,11 +191,11 @@ To change the name:
 
    :::image type="content" source="media/how-to-change-the-name-of-your-azure-consoles/console-name.png" alt-text="Screenshot of the on-premises management console version.":::
 
-2. In the **Edit management console configuration** dialog box, enter the new name. The name can't be longer than 25 characters.
+1. In the **Edit management console configuration** dialog box, enter the new name. The name can't be longer than 25 characters.
 
    :::image type="content" source="media/how-to-change-the-name-of-your-azure-consoles/edit-management-console-configuration.png" alt-text="Screenshot of editing the Defender for IoT platform configuration.":::
 
-3. Select **Save**. The new name is applied.
+1. Select **Save**. The new name is applied.
 
    :::image type="content" source="media/how-to-change-the-name-of-your-azure-consoles/name-changed.png" alt-text="Screenshot that shows the changed name of the console.":::
 
@@ -207,13 +212,12 @@ To reset your password:
 1. Enter the unique identifier and select **Recover**. The activation file is downloaded.
 1. Go to the **Password Recovery** page and upload the activation file.
 1. Select **Next**.
- 
+
    You're now given your username and a new system-generated password.
 
 > [!NOTE]
 > The sensor is linked to the subscription that it was originally connected to. You can recover the password only by using the same subscription that it's attached to.
 
-
 ## Mail server settings
 
 Define SMTP mail server settings for the on-premises management console.
@@ -228,7 +232,6 @@ To define:
    `mail.sender=`
 1. Enter the SMTP server name  and sender and select enter.
 
-
 ## Next steps
 
 For more information, see: