Merge pull request #232128 from batamig/air-gapped-ent-tutorials

Deployment guide release: air-gapped, enterprise, and tutorials

Author: JamesJBarnett

articles/defender-for-iot/organizations/TOC.yml

@@ -23,20 +23,46 @@
   - name: Enable Enterprise IoT security
     href: eiot-defender-for-endpoint.md
     displayName: onboard
+- name: Deploy
+  items:
+  - name: Deploy air-gapped OT sensor management
+    items:
+    - name: Air-gapped management deployment path
+      href: ot-deploy/air-gapped-deploy.md
+    - name: Install an on-premises management console
+      href: ot-deploy/install-software-on-premises-management-console.md
+    - name: Activate and set up an on-premises management console
+      href: ot-deploy/activate-deploy-management.md
+    - name: Connect OT sensors to an on-premises management console
+      href: ot-deploy/connect-sensors-to-management.md
+    - name: Configure on-premises sites and zones
+      href: ot-deploy/sites-and-zones-on-premises.md
+      displayName: site, zone, Zero Trust
+  - name: Deploy Enterprise IoT monitoring
+    items:
+    - name: Enable Enterprise IoT security
+      href: eiot-defender-for-endpoint.md
+      displayName: onboard
+    - name: Discover Enterprise IoT devices
+      href: eiot-sensor.md
+      displayName: Enterprise IoT sensor
+    - name: Extra deployment steps and samples
+      href: extra-deploy-enterprise-iot.md
+      displayName: Enterprise IoT sensor
 - name: Tutorials
   expanded: false
   items:
   - name: Onboard and activate a virtual OT sensor
     href: tutorial-onboarding.md
+  - name: Investigate an OT network alert
+    href: respond-ot-alert.md
   - name: Integrate with Microsoft Sentinel
     items:
     - name: Connect Defender for IoT cloud data to Microsoft Sentinel
       href: iot-solution.md
     - name: Investigate Defender for IoT incidents with Microsoft Sentinel
       href: iot-advanced-threat-monitoring.md
-  - name: Investigate an OT network alert
-    href: respond-ot-alert.md
-  - name: Monitor with Zero Trust
+  - name: Monitor with Zero Trust principles
     href: monitor-zero-trust.md
 - name: Concepts
   items:

articles/defender-for-iot/organizations/eiot-defender-for-endpoint.md

@@ -69,13 +69,11 @@ This procedure describes how to view related alerts, recommendations, and vulner
 
     - On the **Discovered vulnerabilities** tab, check for any known CVEs associated with the device. Known CVEs can help decide whether to patch, remove, or contain the device and mitigate risk to your network.
 
-
-
 ## Next steps
 
 Learn how to set up an Enterprise IoT network sensor (Public preview) and gain more visibility into more IoT segments of your corporate network that aren't otherwise covered by Defender for Endpoint.
 
 Customers that have set up an Enterprise IoT network sensor will be able to see all discovered devices in the **Device inventory** in either Microsoft 365 Defender, or Defender for IoT in the Azure portal.
 
 > [!div class="nextstepaction"]
-> [Enhance device discovery with an Enterprise IoT network sensor](eiot-sensor.md)
+> [Enhance device discovery with an Enterprise IoT network sensor](eiot-sensor.md)

articles/defender-for-iot/organizations/eiot-sensor.md

@@ -25,27 +25,38 @@ For more information, see [Securing IoT devices in the enterprise](concept-enter
 
 ## Prerequisites
 
-Before you start registering an Enterprise IoT sensor:
+This section describes the prerequisites required before deploying an Enterprise IoT network sensor.
 
-- To view Defender for IoT data in Microsoft 365 Defender, including devices, alerts, recommendations, and vulnerabilities, you must have an Enterprise IoT plan, [onboarded from Microsoft 365 Defender](eiot-defender-for-endpoint.md).
+### Azure requirements
+
+- To view Defender for IoT data in Microsoft 365 Defender, including devices, alerts, recommendations, and vulnerabilities, you must have an Enterprise IoT plan, [onboarded from Microsoft 365 Defender](eiot-defender-for-endpoint.md).  
 
     If you only want to view data in the Azure portal, an Enterprise IoT plan isn't required. You can also onboard your Enterprise IoT plan from Microsoft 365 Defender after registering your network sensor to bring [extra device visibility and security value](concept-enterprise.md#security-value-in-microsoft-365-defender) to your organization.
 
 - Make sure you can access the Azure portal as a [Security admin](../../role-based-access-control/built-in-roles.md#security-admin), [Contributor](../../role-based-access-control/built-in-roles.md#contributor), or [Owner](../../role-based-access-control/built-in-roles.md#owner) user. If you don't already have an Azure account, you can [create your free Azure account today](https://azure.microsoft.com/free/).
 
+### Network requirements
+
+- Identify the devices and subnets you want to monitor so that you understand where to place an Enterprise IoT sensor in your network. You may want to deploy multiple Enterprise IoT sensors.
+
+- Configure traffic mirroring in your network so that the traffic you want to monitor is mirrored to your Enterprise IoT sensor. Supported traffic mirroring methods are the same as for OT monitoring. For more information, see [Choose a traffic mirroring method for traffic monitoring](best-practices/traffic-mirroring-methods.md).
 
-- Allocate a physical appliance or a virtual machine (VM) to use as your network sensor. Make sure that your machine has the following specifications:
+### Physical or virtual machine requirements
 
-    | Tier | Requirements |
-    |--|--|
-    | **Minimum** | To support up to 1 Gbps of data: <br><br>- 4 CPUs, each with 2.4 GHz or more<br>- 16-GB RAM of DDR4 or better<br>- 250 GB HDD |
-    | **Recommended** | To support up to 15 Gbps of data: <br><br>-	8 CPUs, each with 2.4 GHz or more<br>-  32-GB RAM of DDR4 or better<br>- 500 GB HDD |
+Allocate a physical appliance or a virtual machine (VM) to use as your network sensor. Make sure that your machine has the following specifications:
 
-    Your machine must also have:
+| Tier | Requirements |
+|--|--|
+| **Minimum** | To support up to 1 Gbps of data: <br><br>- 4 CPUs, each with 2.4 GHz or more<br>- 16-GB RAM of DDR4 or better<br>- 250 GB HDD |
+| **Recommended** | To support up to 15 Gbps of data: <br><br>-	8 CPUs, each with 2.4 GHz or more<br>-  32-GB RAM of DDR4 or better<br>- 500 GB HDD |
 
-    - The [Ubuntu 18.04 Server](https://releases.ubuntu.com/18.04/) operating system. If you don't yet have Ubuntu installed, download the installation files to an external storage, such as a DVD or disk-on-key, and then install it on your appliance or VM. For more information, see the Ubuntu [Image Burning Guide](https://help.ubuntu.com/community/BurningIsoHowto).
+Your machine must also have:
 
-    - Network adapters, at least one for your switch monitoring (SPAN) port, and one for your management port to access the sensor's user interface
+- The [Ubuntu 18.04 Server](https://releases.ubuntu.com/18.04/) operating system. If you don't yet have Ubuntu installed, download the installation files to an external storage, such as a DVD or disk-on-key, and then install it on your appliance or VM. For more information, see the Ubuntu [Image Burning Guide](https://help.ubuntu.com/community/BurningIsoHowto).
+
+- Network adapters, at least one for your switch monitoring (SPAN) port, and one for your management port to access the sensor's user interface
+
+Your Enterprise IoT sensor must have access to the Azure cloud using a [direct connection](architecture-connections.md#direct-connections). Direct connections are configured for Enterprise IoT sensors using the same procedure as for OT sensors.
 
 ## Prepare a physical appliance or VM
 
@@ -84,7 +95,6 @@ This procedure describes how to prepare your physical appliance or VM to install
     | HTTPS | TCP | In/Out | 443 | Cloud connection |
     | DNS | TCP/UDP | In/Out | 53  | Address resolution |
 
-
 1. Make sure that your physical appliance or VM can access the cloud using HTTPS on port 443 to the following Microsoft endpoints:
 
     - **EventHub**: `*.servicebus.windows.net`
@@ -202,7 +212,7 @@ Delete a sensor if it's no longer in use with Defender for IoT.
 
 1. From the **Sites and sensors** page on the Azure portal, locate your sensor in the grid.
 
-1. In the row for your sensor, select the **...** options menu on the right > **Delete sensor**.
+1. In the row for your sensor, select the **...** options menu > **Delete sensor**.
 
 For more information, see [Manage sensors with Defender for IoT in the Azure portal](how-to-manage-sensors-on-the-cloud.md).
 
@@ -234,7 +244,7 @@ Billing changes will take effect one hour after cancellation of the previous sub
 
 1. Delete the legacy sensor from the previous subscription.  In Defender for IoT, go to the **Sites and sensors** page and locate the legacy sensor on the previous subscription.
 
-1. In the row for your sensor, from the options (**...**) menu on the right, select **Delete** to delete the sensor from the previous subscription.
+1. In the row for your sensor, from the options (**...**) menu, select **Delete** to delete the sensor from the previous subscription.
 
 1. If relevant, cancel the Defender for IoT plan from the previous subscription. For more information, see [Cancel your Enterprise IoT plan](manage-subscriptions-enterprise.md#cancel-your-enterprise-iot-plan).
 
@@ -246,4 +256,4 @@ Billing changes will take effect one hour after cancellation of the previous sub
 
 - [View and manage alerts from the Azure portal](how-to-manage-cloud-alerts.md). For more information, see [Malware engine alerts](alert-engine-messages.md#malware-engine-alerts).
 
-- [Enhance security posture with security recommendations](recommendations.md)
+- [Enhance security posture with security recommendations](recommendations.md)

articles/defender-for-iot/organizations/media/deployment-paths/air-gapped-deploy.png

@@ -237,4 +237,4 @@ For more information, see:
 - [Manage sensors with Defender for IoT in the Azure portal](how-to-manage-sensors-on-the-cloud.md)
 - [Manage on-premises sites and zones](ot-deploy/sites-and-zones-on-premises.md#manage-sites-and-zones)
 - [Manage site-based access control (Public preview)](manage-users-portal.md#manage-site-based-access-control-public-preview)
-- [Visualize Microsoft Defender for IoT data with Azure Monitor workbooks](workbooks.md)
+- [Visualize Microsoft Defender for IoT data with Azure Monitor workbooks](workbooks.md)