Merge pull request #10 from batamig/patch-318

removing transient devices and auto-resolve notifications

Author: Shereen-Bhar

articles/defender-for-iot/organizations/device-inventory.md

@@ -59,8 +59,6 @@ Defender for IoT's device inventory supports device types across a variety of in
 | **Enterprise** | Smart devices, printers,  communication devices, or audio/video devices |
 | **Retail** | Barcode scanners, humidity sensor, punch clocks | 
 
-A *transient* device type indicates a device that was detected for only a short time. We recommend investigating these devices carefully to understand their impact on your network.
-
 *Unclassified* devices are devices that don't otherwise have an out-of-the-box category defined.
 
 

articles/defender-for-iot/organizations/how-to-work-with-the-sensor-device-map.md

@@ -173,9 +173,6 @@ For example, you might receive a notification about an inactive device that need
     - Handle one notification at a time, selecting a specific mitigation action, or selecting **Dismiss** to close the notification with no activity.
     - Select **Select All** to show which notifications can be [handled together](#handling-multiple-notifications-together). Clear selections for specific notifications, and then select **Accept All** or **Dismiss All** to handle any remaining selected notifications together.
 
-> [!NOTE]
-> Selected notifications are automatically resolved if they aren't dismissed or otherwise handled within 14 days. For more information, see the action indicated in the **Auto-resolve** column in the table [below](#device-notification-responses).
->
 
 ### Handling multiple notifications together
 
@@ -192,13 +189,15 @@ When you handle multiple notifications together, you may still have remaining no
 
 The following table lists available responses for each notification, and when we recommend using each one:
 
-| Type | Description | Available responses | Auto-resolve|
-|--|--|--|--|
-| **New IP detected** | A new IP address is associated with the device. This may occur in the following scenarios: <br><br>- A new or additional IP address was associated with a device already detected, with an existing MAC address.<br><br> - A new IP address was detected for a device that's using a NetBIOS name. <br /><br /> - An IP address was detected as the management interface for a device associated with a MAC address. <br /><br /> - A new IP address was detected for a device that's using a virtual IP address. | - **Set Additional IP to Device**: Merge the devices <br />- **Replace Existing IP**: Replaces any existing IP address with the new address <br /> - **Dismiss**: Remove the notification. |**Dismiss** |
-| **No subnets configured** | No subnets are currently configured in your network. <br /><br /> We recommend configuring subnets for the ability to differentiate between OT and IT devices on the map. | - **Open Subnets Configuration** and [configure subnets](how-to-control-what-traffic-is-monitored.md#configure-subnets). <br />- **Dismiss**: Remove the notification. |**Dismiss** |
+| Type | Description | Available responses |
+|--|--|--|
+| **New IP detected** | A new IP address is associated with the device. This may occur in the following scenarios: <br><br>- A new or additional IP address was associated with a device already detected, with an existing MAC address.<br><br> - A new IP address was detected for a device that's using a NetBIOS name. <br /><br /> - An IP address was detected as the management interface for a device associated with a MAC address. <br /><br /> - A new IP address was detected for a device that's using a virtual IP address. | - **Set Additional IP to Device**: Merge the devices <br />- **Replace Existing IP**: Replaces any existing IP address with the new address <br /> - **Dismiss**: Remove the notification. |
+| **Inactive devices** | Traffic wasn't detected on a device for more than 60 days. | - **Delete**: If the device isn't part of your network, remove it from the device inventory. <br><br> - **Dismiss**:  Remove the notification if the device is part of your network.  If the device is inactive, for example, because it's incorrectly disconnected from the network, dismiss the notification and reconnect the device. |
+| **New OT devices** | An OT device was detected on a subnet that's not defined as an ICS subnet. | -   **Set as ICS Subnet**  <br><br> - **Dismiss**:  Remove the notification if the device is part of your subnet.  |
+| **No subnets configured** | No subnets are currently configured in your network. <br /><br /> We recommend configuring subnets for the ability to differentiate between OT and IT devices on the map. | - **Open Subnets Configuration** and [configure subnets](how-to-control-what-traffic-is-monitored.md#configure-subnets). <br />- **Dismiss**: Remove the notification. |
 | **Operating system changes** | One or more new operating systems have been associated with the device. | - Select the name of the new OS that you want to associate with the device.<br /> - **Dismiss**:  Remove the notification. |No automatic handling|
-| **New subnets** | New subnets were discovered. |-  **Learn**: Automatically add the subnet.<br />- **Open Subnet Configuration**: Add all missing subnet information.<br />- **Dismiss**<br />Remove the notification. |**Dismiss** |
-| **Device type changes** | A new device type has been associated with the device. | - **Set as {…}**: Associate the new type with the device.<br />- **Dismiss**: Remove the notification. |No automatic handling|
+| **New subnets** | New subnets were discovered. |-  **Learn**: Automatically add the subnet.<br />- **Open Subnet Configuration**: Add all missing subnet information.<br />- **Dismiss**<br />Remove the notification. |
+| **Device type changes** | A new device type has been associated with the device. | - **Set as {…}**: Associate the new type with the device.<br />- **Dismiss**: Remove the notification. |
 
 ## View a device map for a specific zone