Merging changes synced from https://github.com/MicrosoftDocs/azure-docs-pr (branch live)

Author: Banani-Rath

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/resources-frequently-asked-questions.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/faqs-general",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md",
             "redirect_url": "/azure/defender-for-iot/organizations/appliance-catalog/index",

articles/active-directory/privileged-identity-management/groups-features.md

@@ -4,15 +4,14 @@ description: How to manage members and owners of privileged access groups in Pri
 services: active-directory
 documentationcenter: ''
 author: amsliu
-manager: karenhoran
-
+manager: amycolannino
 ms.assetid: 
 ms.service: active-directory
 ms.subservice: pim
 ms.topic: overview
 ms.tgt_pltfrm: na
 ms.workload: identity
-ms.date: 06/24/2022
+ms.date: 08/15/2022
 ms.author: amsliu
 ms.custom: pim 
 ms.collection: M365-identity-device-management
@@ -26,7 +25,7 @@ ms.collection: M365-identity-device-management
 In Privileged Identity Management (PIM), you can now assign eligibility for membership or ownership of privileged access groups. Starting with this preview, you can assign built-in roles in Azure Active Directory (Azure AD), part of Microsoft Entra, to cloud groups and use PIM to manage group member and owner eligibility and activation. For more information about role-assignable groups in Azure AD, see [Use Azure AD groups to manage role assignments](../roles/groups-concept.md).
 
 > [!IMPORTANT]
-> To provide a group of users with just-in-time access to roles with permissions in SharePoint, Exchange, or Security & Compliance Center, be sure to make permanent assignments of users to the group, and then assign the group to a role as eligible for activation. If instead you  assign a role permanently to a group and and assign users to be eligible to group membership, it might take significant time to have all permissions of the role activated and ready to use.
+> To provide a group of users with just-in-time access to Azure AD directory roles with permissions in SharePoint, Exchange, or Security & Compliance Center (for example, Exchange Administrator role), be sure to make active assignments of users to the group, and then assign the group to a role as eligible for activation. If instead you make active assignment of a role to a group and assign users to be eligible to group membership, it might take significant time to have all permissions of the role activated and ready to use.
 
 > [!NOTE]
 > For privileged access groups that are used to elevate into Azure AD roles, we recommend that you require an approval process for eligible member assignments. Assignments that can be activated without approval might create a security risk from administrators who have a lower level of permissions. For example, the Helpdesk Administrator has permissions to reset an eligible user's password.

articles/cdn/cdn-overview.md

@@ -46,7 +46,9 @@ For a list of current CDN node locations, see [Azure CDN POP locations](cdn-pop-
 6. If the TTL for the file hasn't expired, the POP edge server returns the file directly from the cache. This process results in a faster, more responsive user experience.
 
 ## Requirements
-To use Azure CDN, you must own at least one Azure subscription. You also need to create at least one CDN profile, which is a collection of CDN endpoints. Every CDN endpoint represents a specific configuration of content deliver behavior and access. To organize your CDN endpoints by internet domain, web application, or some other criteria, you can use multiple profiles. Because [Azure CDN pricing](https://azure.microsoft.com/pricing/details/cdn/) is applied at the CDN profile level, you must create multiple CDN profiles if you want to use a mix of pricing tiers. For information about the Azure CDN billing structure, see [Understanding Azure CDN billing](cdn-billing.md).
+* To use Azure CDN, you must own at least one Azure subscription. 
+* You also need to create a CDN profile, which is a collection of CDN endpoints. Every CDN endpoint is a specific configuration which users can customize with required content delivery behavior and access. To organize your CDN endpoints by internet domain, web application, or some other criteria, you can use multiple profiles. 
+* Since [Azure CDN pricing](https://azure.microsoft.com/pricing/details/cdn/) is applied at the CDN profile level, you must create multiple CDN profiles if you want to use a mix of pricing tiers. For information about the Azure CDN billing structure, see [Understanding Azure CDN billing](cdn-billing.md).
 
 ### Limitations
 Each Azure subscription has default limits for the following resources:

articles/defender-for-cloud/defender-for-resource-manager-introduction.md

@@ -37,7 +37,7 @@ Microsoft Defender for Resource Manager automatically monitors the resource mana
 
 Microsoft Defender for Resource Manager protects against issues including:
 
-- **Suspicious resource management operations**, such as operations from malicious IP addresses, disabling antimalware and suspicious scripts running in VM extensions
+- **Suspicious resource management operations**, such as operations from malicious IP addresses, disabling antimalware, and suspicious scripts running in VM extensions
 - **Use of exploitation toolkits** like Microburst or PowerZure
 - **Lateral movement** from the Azure management layer to the Azure resources data plane
 

articles/defender-for-cloud/defender-for-sql-introduction.md

@@ -8,7 +8,7 @@ ms.custom: references_regions
 
 # Overview of Microsoft Defender for Azure SQL
 
-Microsoft Defender for Azure SQL includes two Microsoft Defender plans that extend Microsoft Defender for Cloud's [data security package](/azure/azure-sql/database/azure-defender-for-sql) to protect your SQL estate regardless of where it is located (Azure, multicloud or hybrid environments). Microsoft Defender for Azure SQL includes functions that can be used to discover and mitigate potential database vulnerabilities. Defender for Azure SQL can also detect anomalous activities that may be an indication of a threat to your databases.
+Microsoft Defender for Azure SQL includes two Microsoft Defender plans that extend Microsoft Defender for Cloud's [data security package](/azure/azure-sql/database/azure-defender-for-sql) to protect your SQL estate regardless of where it is located (Azure, multicloud, or hybrid environments). Microsoft Defender for Azure SQL includes functions that can be used to discover and mitigate potential database vulnerabilities. Defender for Azure SQL can also detect anomalous activities that may be an indication of a threat to your databases.
 
 ## Availability
 

articles/defender-for-iot/organizations/TOC.yml

@@ -265,9 +265,14 @@
     href: references-work-with-defender-for-iot-apis.md
   - name: Defender for IoT CLI commands
     href: references-work-with-defender-for-iot-cli-commands.md
-  - name: Frequently asked questions - service
-    displayName: FAQ, regulation, internet, connection, hardware, appliances, ports, logs 
-    href: resources-frequently-asked-questions.md
+  - name: Frequently asked questions
+    items:
+    - name: General FAQ
+      href: faqs-general.md
+    - name: OT networks FAQ
+      href: faqs-ot.md
+    - name: Enterprise IoT networks FAQ
+      href: faqs-eiot.md
   - name: Defender for IoT glossary
     href: references-defender-for-iot-glossary.md
 - name: Resources

articles/defender-for-iot/organizations/appliance-catalog/dell-edge-5200.md

@@ -11,8 +11,8 @@ This article describes the Dell Edge 5200 appliance for OT sensors.
 
 | Appliance characteristic |Details |
 |---------|---------|
-|**Hardware profile** | L500|
-|**Performance** | Max bandwidth: 60 Mbp/s<br>Max devices: 1,000 |
+|**Hardware profile** | E500|
+|**Performance** | Max bandwidth: 1 Gbp/s<br>Max devices: 10,000 |
 |**Physical specifications** | Mounting: Wall Mount<br>Ports: 3x RJ45 |
 |**Status** | Supported, Not available preconfigured|
 

articles/defender-for-iot/organizations/appliance-catalog/hpe-proliant-dl20-plus-enterprise.md

@@ -14,7 +14,7 @@ The HPE ProLiant DL20 Plus is also available for the on-premises management cons
 
 | Appliance characteristic |Details |
 |---------|---------|
-|**Hardware profile** | E1800, E1000, E500 |
+|**Hardware profile** | E1800 |
 |**Performance** | 	Max bandwidth: 1 Gbp/s <br>Max devices: 10,000 |
 |**Physical specifications** | Mounting: 1U <br> Ports: 8x RJ45 or 6x SFP (OPT)|
 |**Status** | Supported, Available preconfigured |

articles/defender-for-iot/organizations/extra-deploy-enterprise-iot.md

@@ -101,5 +101,3 @@ sudo apt purge -y microsoft-eiot-sensor
 ## Next steps
 
 For more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md) and [Manage sensors with Defender for IoT in the Azure portal](how-to-manage-sensors-on-the-cloud.md).
-
-<!--for example?-->

articles/defender-for-iot/organizations/faqs-eiot.md

@@ -0,0 +1,106 @@
+---
+title: FAQs for Enterprise IoT networks - Microsoft Defender for IoT
+description: Find answers to the most frequently asked questions about Microsoft Defender for IoT Enterprise IoT networks.
+ms.topic: conceptual
+ms.date: 07/07/2022
+---
+
+# Enterprise IoT networks frequently asked questions
+
+This article provides a list of frequently asked questions and answers about Enterprise IoT networks in Defender for IoT.
+
+## What is the difference between OT and Enterprise IoT? 
+
+### OT
+
+OT network sensors use agentless, patented technology to discover, learn, and continuously monitor network devices for a deep visibility into Operational Technology (OT) / Industrial Control System (ICS) risks. Sensors carry out data collection, analysis, and alerting on-site, making them ideal for locations with low bandwidth or high latency.
+
+### Enterprise IoT 
+
+Enterprise IoT provides visibility and security for IoT devices in the corporate environment. 
+
+Enterprise IoT network protection extends agentless features beyond operational environments, providing coverage for all IoT devices in your environment. For example, an enterprise IoT environment may include printers, cameras, and purpose-built, proprietary, devices.
+
+## What additional security value can Enterprise IoT provide Microsoft Defender for Endpoint customers?
+
+Enterprise IoT is designed to help customers secure unmanaged devices throughout the organization and extend IT security to also cover IoT devices. The solution leverages multiple means in order to ensure optimal coverage.
+
+- **In the Microsoft Defender for Endpoint portal**: This is the GA offering for Enterprise IoT. Microsoft 365 P2 customers already have visibility for discovered IoT devices in the **Device inventory** page in Defender for Endpoint. Customers can onboard an Enterprise IoT plan in the same portal and gain security value by viewing alerts, recommendations and vulnerabilities for their discovered IoT devices.
+
+- **In the Azure portal**: Defender for IoT customers can view their discovered IoT devices in the **Device inventory** page in Defender for IoT in the Azure portal. To view Enterprise IoT devices in the Azure portal, you'll need to set up a network sensor (currently in Public Preview). or more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md).
+
+## How can I start using Enterprise IoT?
+
+To get started, Microsoft 365 P2 customers need to [add a Defender for IoT plan with Enterprise IoT](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration#onboard-a-defender-for-iot-plan) to an Azure subscription from the Microsoft Defender for Endpoint portal.
+		
+**Public Preview**: Defender for Endpoint customers can also install a network sensor to gain more visibility into additional IoT segments of the corporate network that weren't previously covered by Defender for Endpoint. Deploying a network sensor is not a prerequisite for onboarding Enterprise IoT. 
+For more information, see [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md)
+
+If you’re a Defender for Endpoint customer, when adding your Defender for IoT plan, take care to exclude any devices already managed by Defender for Endpoint from your count of committed devices.
+
+## How can I use the Enterprise IoT network sensor?
+
+The Enterprise IoT network sensor is currently in Public Preview and can be used by all customers without additional charge. Onboard a Defender for IoT plan with Enterprise IoT, and then set up your Enterprise IoT network sensor.
+
+For more information, see [Tutorial: Get started with Enterprise IoT](tutorial-getting-started-eiot-sensor.md).
+
+## What permissions do I need to add a Defender for IoT plan? Can I use any Azure subscription?
+
+For information on required permissions, see [Prerequisites](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration).
+
+## Which devices are billable?
+
+For more information about billable devices, see [Defender for IoT committed devices](how-to-manage-subscriptions.md#defender-for-iot-committed-devices).
+
+## How should I estimate the number of committed devices?
+
+In the **Device inventory** in Defender for Endpoint:
+
+Add the total number of discovered network devices with the total number of discovered IoT devices. Round that up to a multiple of 100, and that is the number of committed devices to use.
+
+ For more information, see [Defender for IoT committed devices](how-to-manage-subscriptions.md#defender-for-iot-committed-devices).
+
+## How does the integration between Microsoft Defender for Endpoint and Microsoft Defender for IoT work?
+
+Once you've [added a Defender for IoT plan with Enterprise IoT to an Azure subscription in Defender for Endpoint](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration#onboard-a-defender-for-iot-plan), integration between the two products takes place seamlessly.
+
+Discovered IoT devices can be viewed in both Defender for IoT and Defender for Endpoint. For more information, see [Defender for IoT integration](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration).
+
+## Can I change the subscription I’m using for Defender for IoT?
+
+To change the subscription you're using for your Defender for IoT plan, you'll need to cancel your plan on the existing subscription, and then onboard a new plan to a new subscription. Your existing data won't be migrated to the new subscription. For more information, see [Move existing sensors to a different subscription](how-to-manage-subscriptions.md#move-existing-sensors-to-a-different-subscription).
+
+## How can I edit my plan in Defender for Endpoint?
+
+To make any changes to an existing plan, you'll need to cancel your existing plan and onboard a new plan with the new details. Changes might include moving billing charges from one subscription to another, changing the number of committed devices, or changing the plan commitment from a trial to a monthly commitment.
+
+## How can I cancel Enterprise IoT?
+
+To remove only Enterprise IoT from your plan, cancel your plan from Microsoft Defender for Endpoint. For more information, see [Cancel your Defender for IoT plan](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration#cancel-your-defender-for-iot-plan).
+
+To cancel the plan and remove all Defender for IoT services from the associated subscription, cancel the plan in Defender for IoT in the Azure portal. For more information, see [Cancel a Defender for IoT plan from a subscription](how-to-manage-subscriptions.md#cancel-a-defender-for-iot-plan-from-a-subscription).
+
+## What happens when the 30-day trial ends?
+
+If you haven't changed your plan from a trial to a monthly commitment by the time your trial ends, your plan is automatically canceled, and you’ll lose access to Defender for IoT security features. 
+
+To change your plan from a trial to a monthly commitment before the end of the trial, you'll need to cancel your trial plan and onboard a new plan in Defender for Endpoint. For more information, see [Defender for IoT integration](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration).
+
+## How is the Defender for IoT pricing affected now that support for Enterprise IoT networks is in General Availability?
+
+For more information, see the [Microsoft Defender for IoT pricing](https://azure.microsoft.com/pricing/details/iot-defender/) page.
+
+> [!NOTE]
+> The Enterprise IoT network sensor is currently in Public Preview.
+
+## How can I resolve billing issues associated with my Defender for IoT plan?
+
+For any billing or technical issues, create a support request in the Azure portal.
+
+## Next steps
+
+For more information on getting started with Enterprise IoT, see:
+
+- [Tutorial: Get started with Enterprise IoT monitoring](tutorial-getting-started-eiot-sensor.md)
+- [Manage Defender for IoT plans](how-to-manage-subscriptions.md)
+- [Defender for IoT integration](/microsoft-365/security/defender-endpoint/enable-microsoft-defender-for-iot-integration)