Merge pull request #197462 from yoninalmsft/top-5-docs-review

top viewed articles review

Author: PRMerger19

articles/defender-for-iot/device-builders/overview.md

@@ -16,15 +16,15 @@ Microsoft Defender for IoT provides lightweight security agents so that you can
 
 - **Security posture management**: You can proactively monitor the security posture of your IoT devices. Defender for IoT provides security posture recommendations based on the CIS benchmark, along with device-specific recommendations. Get visibility into operating system security, including OS configuration, firewall settings, and permissions.
 - **Endpoint threat detection**: Detect threats like botnets, brute force attempts, crypto miners, and suspicious network activity. Create custom alerts to target the most important threats in your organization. 
-- **IoT Hub integration**: Defender for IoT is enabled by default in every new IoT Hub that is created. Defender for IoT provides real-time monitoring, recommendations, and alerts, without requiring agent installation on any devices, and uses advanced analytics on logged IoT Hub meta data to analyze and protect your field devices and IoT hubs
+- **IoT Hub integration**: Defender for IoT is enabled by default in every new IoT Hub that is created. Defender for IoT provides real-time monitoring, recommendations, and alerts, without requiring agent installation on any devices. Defender for IoT uses advanced analytics on logged IoT Hub meta data to analyze and protect your field devices and IoT hubs.
 
 
 ## Security posture management
 
 
 The Defender for IoT micro agent enables you to quickly improve your organization's device security and defense capabilities by offering CIS best practice configurations, along with constant identification of any existing weak links in your OS security posture. CIS benchmark-based OS baseline recommendations help identify issues with device security hygiene, and prioritize changes for security hardening.  
 
-- CIS benchmarks are the best practices for securely configuring a target system. CIS benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world.
+- CIS benchmarks are the best practices for securely configuring a target system. CIS benchmarks are developed through a unique, consensus-based process, comprised of cybersecurity professionals and subject matter experts around the world.
 - CIS benchmarks are the only consensus-based, best-practice security configuration guides that are both developed, and accepted by government, business, industry, and academia.
 
 
@@ -35,7 +35,7 @@ The Defender for IoT micro agent provides deep security protection, and visibili
 
 - The micro agent collects, aggregates, and analyzes raw security events from your devices. Events can include IP connections, process creation, user logons, and other security-relevant information.
 - Defender for IoT device agents handles event aggregation, to help avoid high network throughput.
-- The micro agent has flexible deployment options. The micro agent includes source code, so you can incorporate it into firmware, or customize it to include only what you need. It's also available as a binary package, or integrated directly into other Azure IoT solutions. The micro agent is available for standard IoT operating systems like Linux and Azure RTOS.  
+- The micro agent has flexible deployment options. The micro agent includes source code, so you can incorporate it into firmware, or customize it to include only what you need. It's also available as a binary package, or integrated directly into other Azure IoT solutions. The micro agent is available for standard IoT operating systems, such as Linux and Azure RTOS.  
 - The agents are highly customizable, allowing you to use them for specific tasks, such as sending only important information at the fastest SLA, or for aggregating extensive security information and context into larger segments, avoiding higher service costs.
 
 
@@ -48,7 +48,7 @@ The Defender for IoT micro agent provides deep security protection, and visibili
 
 The Defender for IoT analytics pipeline also receives other threat intelligence streams from various sources within Microsoft and Microsoft partners. The entire analytics pipeline works with every customer configuration made on the service, such as custom alerts and use of the send security message SDK.
 
-Using the analytics pipeline, Defender for IoT combines all streams of information to generate actionable recommendations and alerts. The pipeline contains both custom rules created by security researchers and experts,as well as   machine learning models searching for deviation from standard device behavior, and risk analysis.
+Using the analytics pipeline, Defender for IoT combines all streams of information to generate actionable recommendations and alerts. The pipeline contains both custom rules created by security researchers and experts, as well as   machine learning models searching for deviation from standard device behavior, and risk analysis.
 
 
 :::image type="content" source="media/overview/micro-agent-architecture.png" alt-text="The micro agent architecture.":::

articles/defender-for-iot/device-builders/quickstart-onboard-iot-hub.md

@@ -59,13 +59,13 @@ The **Secure your IoT solution** button will only appear if the IoT Hub has not
 
 1. Navigate to **IoT Hub** > **`Your hub`** > **Defender for IoT** > **Overview**.
 
-1. The Threat prevention, and Threat detection screen will appear.
+    The Threat prevention and Threat detection screen will appear.
 
     :::image type="content" source="media/quickstart-onboard-iot-hub/threat-prevention.png" alt-text="Screenshot showing that Defender for IoT is enabled." lightbox="media/quickstart-onboard-iot-hub/threat-prevention-expanded.png":::
 
 ## Next steps
 
-Advance to the next article to add a resource group to your solution...
+Advance to the next article to add a resource group to your solution.
 
 > [!div class="nextstepaction"]
 > [Add a resource group to your IoT solution](tutorial-configure-your-solution.md)

articles/defender-for-iot/device-builders/tutorial-standalone-agent-binary-installation.md

@@ -30,9 +30,9 @@ In this tutorial you will learn how to:
 
 - You must have [enabled Microsoft Defender for IoT on your Azure IoT Hub](quickstart-onboard-iot-hub.md).
 
-- You must have [added a resource group to your IoT solution](quickstart-configure-your-solution.md)
+- You must have [added a resource group to your IoT solution](quickstart-configure-your-solution.md).
 
-- You must have [Create a Defender for IoT micro agent module twin (Preview)](quickstart-create-micro-agent-module-twin.md).
+- You must have [created a Defender for IoT micro agent module twin (Preview)](quickstart-create-micro-agent-module-twin.md).
 
 ## Download and install the micro agent
 
@@ -143,7 +143,7 @@ You will need to copy the module identity connection string from the DefenderIoT
 
     `HostName=<the host name of the iot hub>;DeviceId=<the id of the device>;ModuleId=<the id of the module>;x509=true`
 
-    This string alerts the Defender for IoT agent, to expect a certificate be provided for authentication.
+    This string alerts the Defender for IoT agent to expect a certificate to be provided for authentication.
 
 1. Restart the service using the following command:  
 
@@ -155,7 +155,7 @@ You will need to copy the module identity connection string from the DefenderIoT
 
 **To validate your installation**:
 
-1. Use the following command to ensure the micro agent is running properly with:  
+1. Use the following command to ensure the micro agent is running properly:  
 
     ```bash
     systemctl status defender-iot-micro-agent.service
@@ -185,7 +185,7 @@ You can test the system by creating a trigger file on the device. The trigger fi
 
 Allow up to one hour for the recommendation to appear in the hub.
 
-A baseline recommendation called 'IoT_CISBenchmarks_DIoTTest' is created. You can query this recommendation fro Log Analytics as follows:
+A baseline recommendation called 'IoT_CISBenchmarks_DIoTTest' is created. You can query this recommendation from Log Analytics as follows:
 
 ```kusto
 SecurityRecommendation

articles/defender-for-iot/organizations/architecture.md

@@ -17,7 +17,7 @@ Defender for IoT connects to both cloud and on-premises components, and is built
 
 Defender for IoT systems include the following components:
 
-- The Azure portal, for cloud management and integration to other Microsoft services, such as Microsoft Sentinel
+- The Azure portal, for cloud management and integration to other Microsoft services, such as Microsoft Sentinel.
 - Network sensors, deployed on either a virtual machine or a physical appliance. You can configure your OT sensors as cloud-connected sensors, or fully on-premises sensors.
 - An on-premises management console for cloud-connected or local, air-gapped site management.
 - An embedded security agent (optional).
@@ -30,9 +30,9 @@ Defender for IoT network sensors discover and continuously monitor network traff
 
 - Sensors use IoT and OT-aware analytics engines and Layer-6 Deep Packet Inspection (DPI) to detect IoT and OT threats, such as fileless malware, based on anomalous or unauthorized activity.
 
-Data collection, processing, analysis, and alerting takes place directly on the sensor, which can be ideal for locations with low bandwidth or high latency connectivity because only metadata is transferred on, either to the Azure portal for cloud management, or an on-premises management console.
+Data collection, processing, analysis, and alerting takes place directly on the sensor. Running processes directly on the sensor can be ideal for locations with low bandwidth or high-latency connectivity because only the metadata is transferred on for management, either to the Azure portal or an on-premises management console.
 
-### Cloud-connected vs local sensors
+### Cloud-connected vs. local sensors
 
 Cloud-connected sensors are sensors that are connected to Defender for IoT in Azure, and differ from locally managed sensors as follows:
 
@@ -58,11 +58,11 @@ Defender for IoT sensors apply analytics engines on ingested data, triggering al
 
 Analytics engines provide machine learning and profile analytics, risk analysis, a device database and set of insights, threat intelligence, and behavioral analytics.
 
-For example, for OT networks, the **policy violation detection** engine alerts users of any deviation from baseline behavior, such as unauthorized use of specific function codes, access to specific objects, or changes to device configuration. The policy violation engine models industry control system (ICS) networks as deterministic sequences of states and transitions—using a patented technique called Industrial Finite State Modeling (IFSM). The policy violation detection engine establishes a baseline of the ICS networks, so that the platform requires a shorter learning period to build a baseline of the network than generic mathematical approaches or analytics, which were originally developed for IT rather than OT networks.
+For example, for OT networks, the **policy violation detection** engine alerts users of any deviation from baseline behavior, such as unauthorized use of specific function codes, access to specific objects, or changes to device configuration. The policy violation engine models industry control system (ICS) networks as deterministic sequences of states and transitions - using a patented technique called Industrial Finite State Modeling (IFSM). The policy violation detection engine creates a baseline for industrial control system (ICS) networks. Since many detection algorithms were build for IT, rather than OT, networks, an extra baseline for ICS networks helps to shorten the systems learning curve for new detections.
 
 Specifically for OT networks, OT network sensors also provide the following analytics engines:
 
-- **Protocol violation detection engine**. Identifies the use of packet structures and field values that violate ICS protocol specifications, for example: Modbus exception, and Initiation of an obsolete function code alerts.
+- **Protocol violation detection engine**. Identifies the use of packet structures and field values that violate ICS protocol specifications, for example: Modbus exception, and initiation of an obsolete function code alerts.
 
 - **Industrial malware detection engine**. Identifies behaviors that indicate the presence of known malware, such as Conficker, Black Energy, Havex, WannaCry, NotPetya, and Triton.
 
@@ -74,7 +74,7 @@ Specifically for OT networks, OT network sensors also provide the following anal
 
 Defender for IoT provides hybrid network support using the following management options:
 
-- **The Azure portal**. Use the Azure portal as a single pane of glass view all data ingested from your devices via network sensors. The Azure portal provides extra value, such as [workbooks](workbooks.md), [connections to Microsoft Sentinel](../../sentinel/iot-solution.md?bc=%2fazure%2fdefender-for-iot%2fbreadcrumb%2ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended&toc=%2fazure%2fdefender-for-iot%2forganizations%2ftoc.json), and more.
+- **The Azure portal**. Use the Azure portal as a single pane of glass to view all data ingested from your devices via network sensors. The Azure portal provides extra value, such as [workbooks](workbooks.md), [connections to Microsoft Sentinel](../../sentinel/iot-solution.md?bc=%2fazure%2fdefender-for-iot%2fbreadcrumb%2ftoc.json&tabs=use-out-of-the-box-analytics-rules-recommended&toc=%2fazure%2fdefender-for-iot%2forganizations%2ftoc.json), and more.
 
     Also use the Azure portal to obtain new appliances and software updates, onboard and maintain your sensors in Defender for IoT, and update threat intelligence packages.