Merge pull request #232242 from batamig/release-deploy-sanity-xrefs

Release deploy sanity xrefs 1

Author: v-shils

articles/defender-for-iot/organizations/best-practices/certificate-requirements.md

@@ -20,7 +20,7 @@ Defender for IoT uses SSL/TLS certificates to secure communication between the f
 - Between an on-premises management console and a high availability (HA) server, if configured
 - Between OT sensors or on-premises management consoles and partners servers defined in [alert forwarding rules](../how-to-forward-alert-information-to-partners.md)
 
-Some organizations also validate their certificates against a Certificate Revocation List (CRL) and the certificate expiration date, and the certificate trust chain. Invalid certificates can't be uploaded to OT sensors or on-premises management consoles, and block encrypted communication between Defender for IoT components.
+Some organizations also validate their certificates against a Certificate Revocation List (CRL) and the certificate expiration date, and the certificate trust chain. Invalid certificates can't be uploaded to OT sensors or on-premises management consoles, and will block encrypted communication between Defender for IoT components.
 
 > [!IMPORTANT]
 > You must create a unique certificate for each OT sensor, on-premises management console, and high availability server, where each certificate meets required criteria.

articles/defender-for-iot/organizations/best-practices/plan-corporate-monitoring.md

@@ -74,7 +74,7 @@ For more information, see:
 
 For cloud-connected sensors, determine how you'll be connecting each OT sensor to Defender for IoT in the Azure cloud, such as what sort of proxy you might need.  For more information, see [Methods for connecting sensors to Azure](../architecture-connections.md).
 
-If you're working in an air-gapped or hybrid environment and will have multiple, locally-managed OT network sensors, you may want to plan to deploy an on-premises management console to configure your settings and view data from a central location.
+If you're working in an air-gapped or hybrid environment and will have multiple, locally-managed OT network sensors, you may want to plan to deploy an on-premises management console to configure your settings and view data from a central location. For more information, see the [Air-gapped OT sensor management deployment path](../ot-deploy/air-gapped-deploy.md).
 
 ## Plan on-premises SSL/TLS certifications
 

articles/defender-for-iot/organizations/best-practices/plan-prepare-deploy.md

@@ -183,7 +183,7 @@ Prepare a workstation from where you can run Defender for IoT deployment activit
 
 - A supported browser for connecting to sensor consoles and the Azure portal. For more information, see [recommended browsers for the Azure portal](../../../azure-portal/azure-portal-supported-browsers-devices.md#recommended-browsers).
 
-- Required firewall rules configured, with access open for required interfaces.
+- Required firewall rules configured, with access open for required interfaces. For more information, see [Networking requirements](../networking-requirements.md).
 
 ## Prepare CA-signed certificates
 
@@ -196,6 +196,7 @@ If you decide to deploy with the built-in, self-signed certificate, we recommend
 For more information, see:
 
 - [Create SSL/TLS certificates for OT appliances](../ot-deploy/create-ssl-certificates.md)
+- [Manage SSL/TLS certificates](../how-to-manage-individual-sensors.md#manage-ssltls-certificates)
 
 ## Next steps
 

articles/defender-for-iot/organizations/best-practices/traffic-mirroring-methods.md

@@ -1,5 +1,5 @@
 ---
-title: Choose a traffic mirroring method - Microsoft Defender for IoT
+title: Choose a traffic mirroring methods - Microsoft Defender for IoT
 description: This article describes traffic mirroring methods for OT monitoring with Microsoft Defender for IoT.
 ms.date: 09/20/2022
 ms.topic: install-set-up-deploy

articles/defender-for-iot/organizations/includes/caution-manual-configurations.md

@@ -5,7 +5,5 @@ ms.date: 01/12/2023
 ms.topic: include
 ---
 
-<!-- docutune:disable -->
-
 > [!CAUTION]
-> Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any non-documented configuration parameters, as changes may cause unexpected behavior and system failures.
+> Only documented configuration parameters on the OT network sensor and on-premises management console are supported for customer configuration. Do not change any undocumented configuration parameters or system properties, as changes may cause unexpected behavior and system failures.

articles/defender-for-iot/organizations/includes/troubleshoot-ssl.md

@@ -13,5 +13,5 @@ You won't be able to upload certificates to your OT sensors or on-premises manag
 | **Cannot validate chain of trust. The provided Certificate and Root CA don't match.**  | Make sure a `.pem` file correlates to the  `.crt` file. <br> If the problem continues, try recreating the certificate using the correct chain of trust, as defined by the `.pem` file. |
 | **This SSL certificate has expired and isn't considered valid.**  | Create a new certificate with valid dates.|
 |**This certificate has been revoked by the CRL and can't be trusted for a secure connection** | Create a new unrevoked certificate. |
-|**The CRL (Certificate Revocation List) location is not reachable. Verify the URL can be accessed from this appliance** | Make sure that your network configuration allows the sensor or on-premises management console to reach the CRL server defined in the certificate.  |
+|**The CRL (Certificate Revocation List) location is not reachable. Verify the URL can be accessed from this appliance** | Make sure that your network configuration allows the sensor or on-premises management console to reach the CRL server defined in the certificate. <br> For more information, see [Verify CRL server access](../ot-deploy/create-ssl-certificates.md#verify-crl-server-access). |
 |**Certificate validation failed**  | This indicates a general error in the appliance. <br> Contact [Microsoft Support](https://support.microsoft.com/supportforbusiness/productselection?sapId=82c8f35-1b8e-f274-ec11-c6efdd6dd099).|