Merge pull request #200869 from batamig/clarify-pricing

clarify pricing ii

Author: v-regandowner

articles/defender-for-iot/organizations/architecture.md

@@ -52,7 +52,7 @@ In contrast, when working with locally managed sensors:
 
 - Sensor names can be updated in the sensor console.
 
-### Devices monitored by Defender for IoT
+### What is a Defender for IoT committed device?
 
 [!INCLUDE [devices-inventoried](includes/devices-inventoried.md)]
 

articles/defender-for-iot/organizations/getting-started.md

@@ -58,7 +58,7 @@ If you're working with an OT network, we recommend that you identify system requ
 
 - Research your own network architecture and monitor bandwidth. Check requirements for creating certificates and other network details, and clarify the sensor appliances you'll need for your own network load.
 
-   Calculate the approximate number of devices you'll be monitoring. Devices can be added in intervals of **100**, such as **100**, **200**, **300**. The numbers of monitored devices are called *committed devices*.
+   Calculate the approximate number of devices you'll be monitoring. Devices can be added in intervals of **100**, such as **100**, **200**, **300**. The numbers of monitored devices are called *committed devices*. For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
 
 Microsoft Defender for IoT supports both physical and virtual deployments. For physical deployments, you'll be able to purchase certified, preconfigured appliances, or download software to install yourself.
 

articles/defender-for-iot/organizations/how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory.md

@@ -9,7 +9,7 @@ ms.topic: how-to
 
 You can view device information from connected sensors by using the *device inventory* in the on-premises management console. This feature gives you a comprehensive view of all network information. Use import, export, and filtering tools to manage this information. The status information about the connected sensor versions also appears.
 
-For more information, see [Devices monitored by Defender for IoT](architecture.md#devices-monitored-by-defender-for-iot).
+For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
 
 ## View the device inventory from an on-premises management console
 

articles/defender-for-iot/organizations/how-to-investigate-sensor-detections-in-a-device-inventory.md

@@ -21,7 +21,7 @@ Options are available to:
 
  - Create groups for display in the device map.
 
-For more information, see [Devices monitored by Defender for IoT](architecture.md#devices-monitored-by-defender-for-iot).
+For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
 
 ## View device attributes in the inventory
 
@@ -246,6 +246,8 @@ Deleting inactive devices helps:
 - Better evaluate committed devices when managing subscriptions
 - Reduce clutter on your screen
 
+For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
+
 ### View inactive devices
 
 You can filter the inventory to display devices that are inactive:

articles/defender-for-iot/organizations/how-to-manage-subscriptions.md

@@ -1,7 +1,7 @@
 ---
 title: Manage Defender for IoT plans on Azure subscriptions
 description: Manage Defender for IoT plans on your Azure subscriptions.
-ms.date: 11/09/2021
+ms.date: 07/06/2022
 ms.topic: how-to
 ---
 
@@ -27,10 +27,6 @@ Before you add a plan or services, we recommend that you have a sense of how man
 
 Users can also work with a trial commitment, which supports monitoring a limited number of devices for 30 days. For more information, see the [Microsoft Defender for IoT pricing page](https://azure.microsoft.com/pricing/details/iot-defender/).
 
-### What's a device?
-
-[!INCLUDE [devices-inventoried](includes/devices-inventoried.md)]
-
 ## Prerequisites
 
 Before you onboard a plan, verify that:
@@ -50,27 +46,27 @@ If you already have access to an Azure subscription, but it isn't listed when ad
 
 Azure **Security admin**, **Subscription owners** and **Subscription contributors** can onboard, update, and remove Defender for IoT. For more information on user permissions, see [Defender for IoT user permissions](getting-started.md#permissions).
 
-### Calculate the number of devices you need to monitor
+### Defender for IoT committed devices
 
 When onboarding or editing your Defender for IoT plan, you'll need to know how many devices you want to monitor.
 
-**To calculate the number of devices you need to monitor**:
+[!INCLUDE [devices-inventoried](includes/devices-inventoried.md)]
 
-Collect the total number of devices in your network and remove:
+**To calculate the number of devices you need to monitor**:
 
-- **Duplicate devices that have the same IP or MAC address**. When detected, the duplicates are automatically removed by Defender for IoT.
+We recommend making an initial estimate of your committed devices when onboarding your Defender for IoT plan.
 
-- **Duplicate devices that have the same ID**. These are the same devices, seen by the same sensor, with different field values. For such devices, check the last time each device had activity and use the latest device only.
+1. Collect the total number of devices in your network.
 
-- **Inactive devices**, with no traffic for more than 60 days.
+1. Remove any devices that are *not* considered as committed devices by Defender for IoT.
 
-- **Broadcast / multicast devices**. These represent unique addresses but not unique devices.
+    If you are also a Defender for Endpoint customer, you can identify devices managed by Defender for Endpoint in the Defender for Endpoint **Device inventory** page. In the **Endpoints** tab, filter for devices by **Onboarding status**. For more information, see [Defender for Endpoint Device discovery overview](/microsoft-365/security/defender-endpoint/device-discovery).
 
-For more information, see [What's a device?](#whats-a-device)
+After you've set up your network sensor and have full visibility into all devices, you can [edit your plan](#edit-a-plan) to update the number of committed devices as needed.
 
 ## Onboard a Defender for IoT plan to a subscription
 
-This procedure describes how to add a Defender for IoT plan to an Azure subscription. 
+This procedure describes how to add a Defender for IoT plan to an Azure subscription.
 
 **To onboard a Defender for IoT plan to a subscription:**
 

articles/defender-for-iot/organizations/how-to-work-with-device-notifications.md

@@ -16,7 +16,7 @@ The following table describes the notification event types you might receive, al
 | Type | Description | Responses |
 |--|--|--|
 | New IP detected | A new IP address is associated with the device. Five scenarios might be detected: <br /><br /> An additional IP address was associated with a device. This device is also associated with an existing MAC address.<br /><br /> A new IP address was detected for a device that's using an existing MAC address. Currently the device does not communicate by using an IP address.<br /> <br /> A new IP address was detected for a device that's using a NetBIOS name. <br /><br /> An IP address was detected as the management interface for a device associated with a MAC address. <br /><br /> A new IP address was detected for a device that's using a virtual IP address. | **Set Additional IP to Device** (merge devices) <br /> <br />**Replace Existing IP** <br /> <br /> **Dismiss**<br /> Remove the notification. |
-| Inactive devices | Traffic wasn't detected on a device for more than 60 days. | **Delete** <br /> If this device isn't part of your network, remove it. <br /><br />**Dismiss** <br /> Remove the notification if the device is part of your network. If the device is inactive (for example, because it's mistakenly disconnected from the network), dismiss the notification and reconnect the device. |
+| Inactive devices | Traffic wasn't detected on a device for more than 60 days. For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device) | **Delete** <br /> If this device isn't part of your network, remove it. <br /><br />**Dismiss** <br /> Remove the notification if the device is part of your network. If the device is inactive (for example, because it's mistakenly disconnected from the network), dismiss the notification and reconnect the device. |
 | New OT devices | A subnet includes an OT device that's not defined in an ICS subnet. <br /><br /> Each subnet that contains at least one OT device can be defined as an ICS subnet. This helps differentiate between OT and IT devices on the map. | **Set as ICS Subnet** <br /> <br /> **Dismiss** <br />Remove the notification if the device isn't part of the subnet. |
 | No subnets configured | No subnets are currently configured in your network. <br /><br /> Configure subnets for better representation in the map and the ability to differentiate between OT and IT devices. | **Open Subnets Configuration** and configure subnets. <br /><br />**Dismiss** <br /> Remove the notification. |
 | Operating system changes | One or more new operating systems have been associated with the device. | Select the name of the new OS that you want to associate with the device.<br /><br /> **Dismiss** <br /> Remove the notification. |

articles/defender-for-iot/organizations/includes/devices-inventoried.md

@@ -1,22 +1,20 @@
 ---
 title: include
 author: batamig
-ms.date: 06/01/2022
+ms.date: 07/06/2022
 ms.topic: include
 ---
 
 <!-- docutune:disable -->
 
-Defender for IoT considers any of the following as single and unique network devices:
+Defender for IoT can discover all devices, of all types, across all environments. Devices are listed in the Defender for IoT **Device inventory** pages based on a unique IP and MAC address coupling.
 
-- Managed or unmanaged standalone IT/OT/IoT devices, with one or more NICs
-- Devices with multiple backplane components, including all racks, slots, or modules
-- Devices that provide network infrastructure, such as switches or routers with multiple NICs
+Defender for IoT identifies single and unique committed devices as follows:
 
-The following items aren't monitored as devices, and don't appear in the Defender for IoT device inventories:
+|Committed / Not committed  |Description  |
+|---------|---------|
+|**Committed devices**     |    Committed devices include:<br>**IT, OT, or IoT devices with one or more NICs**, including network infrastructure devices such as switches and routers<br><br>**Note**: A device with modules or backplane components, such as racks or slots, is counted as a single device, including all modules or backplane components.|
+|**Not committed devices**     | The following items *aren't* considered as committed devices:<br><br>**Public internet IP addresses**<br>**Multi-cast groups**<br>**Broadcast groups**<br>**Inactive devices**, defined as follows:<br>- OT networks: Devices that have been inactive for more than 60 days<br>- Enterprise IoT networks: Devices that have been inactive for more than 30 days        |
 
-- Public internet IP addresses
-- Multi-cast groups
-- Broadcast groups
-
-Devices that are inactive for more than 60 days are classified as *inactive* inventory devices.
+> [!NOTE]
+> If you are a Microsoft Defender for Endpoint customer, devices (seats) that are managed by Defender for Endpoint are not counted as Defender for IoT *committed devices*.

articles/defender-for-iot/organizations/pre-deployment-checklist.md

@@ -46,9 +46,9 @@ Review your industrial network architecture to define the proper location for th
     :::image type="content" source="media/how-to-set-up-your-network/backbone-switch.png" alt-text="Diagram of the industrial OT environment for the global network.":::
 
     > [!NOTE]
-    > The Defender for IoT appliance should be connected to a lower-level switch that sees the traffic between the ports on the switch.  
+    > The Defender for IoT appliance should be connected to a lower-level switch that sees the traffic between the ports on the switch.
 
-1. **Committed devices** - Provide the approximate number of network devices that will be monitored. You'll need this information when onboarding your subscription to Defender for IoT in the Azure portal. During the onboarding process, you'll be prompted to enter the number of devices in increments of 1000.
+1. **Committed devices** - Provide the approximate number of network devices that will be monitored. You'll need this information when onboarding your subscription to Defender for IoT in the Azure portal. During the onboarding process, you'll be prompted to enter the number of devices in increments of 1000. For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
 
 1. **(Optional) Subnet list** - Provide a subnet list for the production networks and a description (optional).
 
@@ -185,4 +185,4 @@ For more information, see:
 
 - [Quickstart: Get started with Defender for IoT](getting-started.md)
 - [Best practices for planning your OT network monitoring](best-practices/plan-network-monitoring.md)
-- [Prepare your network for Microsoft Defender for IoT](how-to-set-up-your-network.md)
+- [Prepare your network for Microsoft Defender for IoT](how-to-set-up-your-network.md)

articles/defender-for-iot/organizations/references-defender-for-iot-glossary.md

@@ -44,7 +44,7 @@ This glossary provides a brief description of important terms and concepts for t
 |--|--|--|
 | **Data mining** | Generate comprehensive and granular reports about your network devices:<br /><br />- **SOC incident response**: Reports in real time to help deal with immediate incident response. For example, a report can list devices that might need patching.<br /><br />- **Forensics**: Reports based on historical data for investigative reports.<br /><br />- **IT network integrity**: Reports that help improve overall network security. For example, a report can list devices with weak authentication credentials.<br /><br />- **visibility**: Reports that cover all query items to view all baseline parameters of your network.<br /><br />Save data-mining reports for read-only users to view. | **[Baseline](#b)<br /><br />[Reports](#r)** |
 | **Defender for IoT platform** | The Defender for IoT solution installed on Defender for IoT sensors and the on-premises management console. | **[Sensor](#s)<br /><br />[On-premises management console](#o)** |
-| **Device inventories** | Defender for IoT considers any of the following as single and unique network devices:<br><br>- Managed or un-managed standalone IT/OT/IoT devices, with one or more NICs<br>- Devices with multiple backplane components, including all racks, slots, or modules<br>- Devices that provide network infrastructure, such as switches or routers with multiple NICs<br><br>Monitored devices are listed in the **Device inventory** pages on the Azure portal, sensor console, and the on-premises management console. Data integration features let you enhance device data with details from other enterprise resources, such as CMDBs, DNS, firewalls, and Web APIs. <br><br>The following items are not monitored as devices, and do not appear in the Defender for IoT device inventories: <br>- Public internet IP addresses<br>- Multi-cast groups<br>- Broadcast groups<br><br>Devices that are inactive for more than 60 days are classified as *inactive* inventory devices.<br>The data integration capabilities of the on-premises management console let you enhance the data in the device inventory with information from other enterprise resources. Example resources are CMDBs, DNS, firewalls, and Web APIs.| [**Device map**](#d)|
+| **Device inventories** | Device inventory data is available from Defender for IoT in the Azure portal, the OT sensor, and the on-premises management console. For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)| [**Device map**](#d)|
 | **Device map** | A graphical representation of network devices that Defender for IoT detects. It shows the connections between devices and information about each device. Use the map to:<br /><br />- Retrieve and control critical device information.<br /><br />- Analyze network slices.<br /><br />- Export device details and summaries. | **[Purdue layer group](#p)** |
 
 ## E