Merge pull request #292060 from limwainstein/cm-deprecation-whats-new

Court72 · web-flow · commit e7d659b290d5 · 2024-12-18T09:37:27.000-07:00
Cm deprecation whats new
diff --git a/articles/defender-for-iot/organizations/TOC.yml b/articles/defender-for-iot/organizations/TOC.yml
@@ -56,7 +56,7 @@
 - name: Deploy OT monitoring
   items:
   - name: OT deployment path
-    href: ot-deploy/ot-deploy-path.md
+    href: ot-deploy/ot-deploy-path.md  
   - name: Plan and prepare for an OT deployment
     items:
     - name: Plan your OT monitoring system
@@ -130,8 +130,17 @@
       href: ot-deploy/update-device-inventory.md
     - name: Create a learned baseline of OT alerts
       href: ot-deploy/create-learned-baseline.md
-  - name: Deploy in hybrid or air-gapped environments
-    href: ot-deploy/air-gapped-deploy.md
+  - name: Hybrid or air-gapped environments
+    items:
+    - name: Deploy hybrid or air-gapped
+      href: ot-deploy/air-gapped-deploy.md   
+    - name: On-premises management console
+      items:
+      - name: On-premises management console retirement
+        href: ot-deploy/on-premises-management-console-retirement.md
+      - name: Transition to the cloud
+        href: ot-deploy/transition-on-premises-management-console-to-cloud.md
+        
 - name: Tutorials
   items:
   - name: Onboard and activate a virtual OT sensor
diff --git a/articles/defender-for-iot/organizations/media/on-premises-architecture/transition-new.png b/articles/defender-for-iot/organizations/media/on-premises-architecture/transition-new.png
diff --git a/articles/defender-for-iot/organizations/media/on-premises-architecture/transition.png b/articles/defender-for-iot/organizations/media/on-premises-architecture/transition.png
diff --git a/articles/defender-for-iot/organizations/ot-deploy/air-gapped-deploy.md b/articles/defender-for-iot/organizations/ot-deploy/air-gapped-deploy.md
@@ -9,9 +9,13 @@ ms.date: 09/19/2023
 
 Microsoft Defender for IoT helps organizations achieve and maintain compliance of their OT environment by providing a comprehensive solution for threat detection and management, including coverage across parallel networks. Defender for IoT supports organizations across the industrial, energy, and utility fields, and compliance organizations like NERC CIP or IEC62443.
 
+> [!IMPORTANT]
+> The legacy on-premises management console won't be supported or available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see [On-premises management console retirement](on-premises-management-console-retirement.md).
+>
+
 Certain industries, such as governmental organizations, financial services, nuclear power operators, and industrial manufacturing, maintain air-gapped networks. Air-gapped networks are physically separated from other, unsecured networks like enterprise networks, guest networks, or the internet. Defender for IoT helps these organizations comply with global standards for threat detection and management, network segmentation, and more.
 
-While digital transformation has helped businesses to streamline their operations and improve their bottom lines, they often face friction with air-gapped networks. The isolation in air-gapped networks provides security but also complicates digital transformation. For example, architectural designs such as Zero Trust, which include the use of multi-factor authentication, are challenging to apply across air-gapped networks.
+While digital transformation has helped businesses to streamline their operations and improve their bottom lines, they often face friction with air-gapped networks. The isolation in air-gapped networks provides security but also complicates digital transformation. For example, architectural designs such as Zero Trust, which include the use of multifactor authentication, are challenging to apply across air-gapped networks.
 
 Air-gapped networks are often used to store sensitive data or control cyber physical systems that are not connected to any external network, making them less vulnerable to cyberattacks. However, air-gapped networks are not completely secure and can still be breached. It's therefore imperative to monitor air-gapped networks to detect and respond to any potential threats.
 
@@ -61,52 +65,8 @@ Use the following steps to deploy a Defender for IoT system in an air-gapped or
 
     - **Configure a backup server**, including configurations to save your backup to an external server. For more information, see [Back up and restore OT network sensors from the sensor console](../back-up-restore-sensor.md).
 
-## Transitioning from a legacy on-premises management console
-
-> [!IMPORTANT]
-> The [legacy on-premises management console](../legacy-central-management/legacy-air-gapped-deploy.md) won't be supported or available for download after January 1st, 2025. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date.
->
-
-Our [current architecture guidance](#architecture-recommendations) is designed to be more efficient, secure, and reliable than using the legacy on-premises management console. The updated guidance has fewer components, which makes it easier to maintain and troubleshoot. The smart sensor technology used in the new architecture allows for on-premises processing, reducing the need for cloud resources and improving performance. The updated guidance keeps your data within your own network, providing better security than cloud computing.
-
-If you're an existing customer using an on-premises management console to manage your OT sensors, we recommend transitioning to the updated architecture guidance. The following image shows a graphical representation of the transition steps to the new recommendations:
-
-:::image type="content" source="../media/on-premises-architecture/transition.png" alt-text="Diagram of the transition from a legacy on-premises management console to the newer recommendations." border="false" lightbox="../media/on-premises-architecture/transition.png":::
-
-- **In your legacy configuration**, all sensors are connected to the on-premises management console.
-- **During the transition period**, your sensors remain connected to the on-premises management console while you connect any sensors possible to the cloud.
-- **After fully transitioning**, you'll remove the connection to the on-premises management console, keeping cloud connections where possible. Any sensors that must remain air-gapped are accessible directly from the sensor UI.
-
-**Use the following steps to transition your architecture:**
-
-1. For each of your OT sensors, identify the legacy integrations in use and the permissions currently configured for on-premises security teams. For example, what backup systems are in place? Which user groups access the sensor data?
-
-1. Connect your sensors to on-premises, Azure, and other cloud resources, as needed for each site. For example, connect to an on-premises SIEM, proxy servers, backup storage, and other partner systems. You may have multiple sites and adopt a hybrid approach, where only specific sites are kept completely air-gapped or isolated using data-diodes.
-
-    For more information, see the information linked in the [air-gapped deployment procedure](#deployment-steps), as well as the following cloud resources:
-
-    - [Provision sensors for cloud management](provision-cloud-management.md)
-    - [OT threat monitoring in enterprise SOCs](../concept-sentinel-integration.md)
-    - [Securing IoT devices in the enterprise](../concept-enterprise.md)
-
-1. Set up permissions and update procedures for accessing your sensors to match the new deployment architecture.
-
-1. Review and validate that all security use cases and procedures have transitioned to the new architecture.
-
-1. After your transition is complete, decommission the on-premises management console.
-
-### Retirement timeline of the Central Manager
-
-The on-premises management console will be retired on **January 1, 2025** with the following updates/changes:
-
-- Sensor versions released after **January 1, 2025** won't be managed by an on-premises management console.
-- Air-gapped sensor support isn't affected by these changes to the on-premises management console support. We continue to support air-gapped deployments and assist with the transition to the cloud. The sensors retain a full user interface so that they can be used in "lights out" scenarios and continue to analyze and secure the network in the event of an outage.
-- Air-gapped sensors that can't <!-- or don't / aren't connected to-->connect to the cloud can be managed directly via the sensor console GUI, CLI, or API.
-- Sensor software versions released between **January 1st, 2024 – January 1st, 2025** still support the on-premises management console.
-
-For more information, see [OT monitoring software versions](../release-notes.md).
 
 ## Next steps
 
 > [!div class="step-by-step"]
-> [Maintain OT network sensors from the sensor console](../how-to-manage-individual-sensors.md)
+> [Transition from a legacy on-premises management console to the cloud](transition-on-premises-management-console-to-cloud.md)
diff --git a/articles/defender-for-iot/organizations/ot-deploy/on-premises-management-console-retirement.md b/articles/defender-for-iot/organizations/ot-deploy/on-premises-management-console-retirement.md
@@ -0,0 +1,34 @@
+---
+title: On-premises management console retirement - Microsoft Defender for IoT
+description: This article describes the retirement of the on-premises management console from **January 1, 2025**.
+ms.topic: conceptual
+ms.date: 12/17/2024
+---
+
+# On-premises management console retirement
+
+This article describes the retirement of the on-premises management console from **January 1, 2025**.
+
+## Retirement details
+
+The on-premises management console will be retired on **January 1, 2025** with the following updates/changes:
+
+- Sensor versions released after **January 1, 2025** won't connect to the on-premises management console. 
+- For versions released prior to **January 1, 2025**: 
+    - You can still use the on-premises management console. 
+    - Defender for IoT no longer provides support service or maintains the on-premises management console. 
+
+        For a list of supported versions, see [OT monitoring software versions](../release-notes.md)  
+
+## Air-gapped sensor support
+
+Air-gapped sensor support isn't affected by the on-premises management console retirement. We continue to support air-gapped deployments and assist with the [transition to the cloud](transition-on-premises-management-console-to-cloud.md). The sensors retain a full user interface so that they can be used in "lights out" scenarios and continue to analyze and secure the network in the event of an outage.
+
+If your organization enforces a policy where sensors can't access the internet (air-gapped), you can continue to manage sensors using: 
+- [The sensor console UI](../how-to-investigate-sensor-detections-in-a-device-inventory.md) or the [CLI](../cli-ot-sensor.md) to directly manage individual sensors.
+- [APIs](../references-work-with-defender-for-iot-apis.md) to send data to third-party management systems, such as a Security Information and Event Management (SIEM).
+
+## Next steps
+
+> [!div class="step-by-step"]
+> [Transition from a legacy on-premises management console to the cloud](transition-on-premises-management-console-to-cloud.md)
diff --git a/articles/defender-for-iot/organizations/ot-deploy/transition-on-premises-management-console-to-cloud.md b/articles/defender-for-iot/organizations/ot-deploy/transition-on-premises-management-console-to-cloud.md
@@ -0,0 +1,51 @@
+---
+title: Transition from a legacy on-premises management console to the cloud
+description: This article describes how to transition from the on-premises management console to the cloud.
+ms.topic: how-to
+ms.date: 12/17/2024
+---
+
+# Transition from a legacy on-premises management console to the cloud
+
+This article describes how to transition from the on-premises management console to the cloud.
+
+> [!IMPORTANT]
+> The on-premises management console won't be supported or available for download after January 1st, 2025. For more information, see [on-premises management console retirement](on-premises-management-console-retirement.md).
+>
+
+Our [current architecture guidance](#architecture-guidance) is designed to be more efficient, secure, and reliable than using the legacy on-premises management console. The updated guidance has fewer components, which makes it easier to maintain and troubleshoot. The smart sensor technology used in the new architecture allows for on-premises processing, reducing the need for cloud resources and improving performance. The updated guidance keeps your data within your own network, providing better security than cloud computing.
+
+## Architecture guidance
+
+If you're an existing customer using an on-premises management console to manage your OT sensors, we recommend transitioning to the updated architecture guidance. The following image shows a graphical representation of the transition steps to the new recommendations:
+
+:::image type="content" source="../media/on-premises-architecture/transition-new.png" alt-text="Diagram of the transition from a legacy on-premises management console to the newer recommendations." border="false":::
+
+## How to manage the transition period
+
+- **In your legacy configuration**, all sensors are connected to the on-premises management console.
+- **During the transition period**, your sensors remain connected to the on-premises management console while you connect any sensors possible to the cloud.
+- **After fully transitioning**, you'll remove the connection to the on-premises management console, keeping cloud connections where possible. Any sensors that must remain air-gapped are accessible directly from the sensor UI.
+
+## Transition your architecture
+
+1. For each of your OT sensors, identify the legacy integrations in use and the permissions currently configured for on-premises security teams. For example, what backup systems are in place? Which user groups access the sensor data?
+
+1. Connect your sensors to on-premises, Azure, and other cloud resources, as needed for each site. For example, connect to an on-premises SIEM, proxy servers, backup storage, and other partner systems. You may have multiple sites and adopt a hybrid approach, where only specific sites are kept completely air-gapped or isolated using data-diodes.
+
+    For more information, see the information linked in the [air-gapped deployment procedure](air-gapped-deploy.md#deployment-steps), as well as the following cloud resources:
+
+    - [Provision sensors for cloud management](provision-cloud-management.md)
+    - [OT threat monitoring in enterprise SOCs](../concept-sentinel-integration.md)
+    - [Securing IoT devices in the enterprise](../concept-enterprise.md)
+
+1. Set up permissions and update procedures for accessing your sensors to match the new deployment architecture.
+
+1. Review and validate that all security use cases and procedures have transitioned to the new architecture.
+
+1. After your transition is complete, decommission the on-premises management console.
+
+## Next steps
+
+> [!div class="step-by-step"]
+> [Maintain OT network sensors from the sensor console](../how-to-manage-individual-sensors.md)
diff --git a/articles/defender-for-iot/organizations/release-notes.md b/articles/defender-for-iot/organizations/release-notes.md
@@ -31,10 +31,14 @@ When updating your on-premises software, we recommend:
 
 For more information, see [Update Defender for IoT OT monitoring software](update-ot-software.md).
 
-### On-premises monitoring software versions
+### OT monitoring software versions (sensor versions)
 
 Cloud features may be dependent on a specific sensor version. Such features are listed below for the relevant software versions, and are only available for data coming from sensors that have the required version installed, or higher.
 
+> [!IMPORTANT]
+> The on-premises management console won't be supported or available for download after January 1st, 2025. For more information, see [on-premises management console retirement](ot-deploy/on-premises-management-console-retirement.md).
+>
+
 | Version / Patch |  Release date | Scope     | Supported until |
 | ------- |  ------------ | ----------- | ------------------- |
 | **24.1** | | | |
@@ -59,24 +63,6 @@ Cloud features may be dependent on a specific sensor version. Such features are
 | 22.3.4 | 01/2023 | Major | 12/2023 |
 | **22.2** | | | |
 | 22.2.9 | 01/2023 | Patch | 12/2023 |
-| 22.2.8 | 11/2022 | Patch | 10/2023 |
-| 22.2.7| 10/2022  | Patch | 09/2023 |
-| 22.2.6|09/2022 |Patch | 04/2023|
-|22.2.5 |08/2022 | Patch| 04/2023 |
-|22.2.4 |07/2022 |Patch |04/2023 |
-| 22.2.3| 07/2022| Major| 04/2023|
-| **22.1** | | | |
-| 22.1.7| 07/2022 |Patch | 06/2023 |
-| 22.1.6| 06/2022 |Patch |10/2022  |
-| 22.1.5| 06/2022 |Patch | 10/2022 |
-| 22.1.4|04/2022 | Patch|10/2022  |
-| 22.1.3|03/2022 |Patch | 10/2022|
-| 22.1.2| 02/2022 | Major|10/2022  |
-| **10.5** | | | |
-|10.5.5 |12/2021 |Patch |  09/2022|
-|10.5.4 |12/2021 |Patch |  09/2022|
-| 10.5.3| 10/2021 |Patch | 07/2022|
-| 10.5.2| 10/2021 | Major| 07/2022|
 
 ### Threat intelligence updates
 
@@ -88,7 +74,7 @@ For more information, see [Threat intelligence research and packages](how-to-wor
 
 Defender for IoT provides **1 year of support** for every new version, starting with versions **22.1.7** and **22.2.7**. For example, version **22.2.7** was released in **October 2022** and is supported through **September 2023**.
 
-Earlier versions use a legacy support model, with support dates [detailed for each version](#on-premises-monitoring-software-versions).
+Earlier versions use a legacy support model, with support dates [detailed for each version](#ot-monitoring-software-versions).
 
 ### On-premises appliance security
 
diff --git a/articles/defender-for-iot/organizations/traffic-mirroring/media/guide/transition.png b/articles/defender-for-iot/organizations/traffic-mirroring/media/guide/transition.png
diff --git a/articles/defender-for-iot/organizations/whats-new.md b/articles/defender-for-iot/organizations/whats-new.md
@@ -18,6 +18,10 @@ Features released earlier than nine months ago are described in the [What's new
 
 [!INCLUDE [defender-iot-defender-reference](../includes/defender-for-iot-defender-reference.md)]
 
+## On-premises management console retirement
+
+The legacy on-premises management console won't be available for download after **January 1st, 2025**. We recommend transitioning to the new architecture using the full spectrum of on-premises and cloud APIs before this date. For more information, see [on-premises management console retirement](ot-deploy/on-premises-management-console-retirement.md).
+
 ## October 2024
 
 |Service area  |Updates  |
@@ -244,7 +248,7 @@ The [legacy on-premises management console](legacy-central-management/legacy-air
 
 For more information, see:
 
-- [Transitioning from a legacy on-premises management console](ot-deploy/air-gapped-deploy.md#transitioning-from-a-legacy-on-premises-management-console).
+- [Transitioning from a legacy on-premises management console](ot-deploy/transition-on-premises-management-console-to-cloud.md)
 - [Versioning and support for on-premises software versions](release-notes.md#versioning-and-support-for-on-premises-software-versions)
 
 ### Live statuses for cloud-based sensor updates
