Merge pull request #285689 from tarTech23/pubad

Public addresses

Author: v-dirichards

articles/defender-for-iot/organizations/configure-sensor-settings-portal.md

@@ -43,8 +43,8 @@ Define a new setting whenever you want to define a specific configuration for on
 
     |Tab name  |Description  |
     |---------|---------|
-    |**Basics**     | Select the subscription where you want to apply your setting, and your [setting type](#sensor-setting-reference). <br><br>Enter a meaningful name and an optional description for your setting.        |
-    |**Setting**     | Define the values for your selected setting type.<br>For details about the options available for each setting type, find your selected setting type in the [Sensor setting reference](#sensor-setting-reference) below.     |
+    |**Basics**     | Select the subscription where you want to apply your setting, and your [setting type](#add-sensor-settings). <br><br>Enter a meaningful name and an optional description for your setting.        |
+    |**Setting**     | Define the values for your selected setting type.<br>For details about the options available for each setting type, find your selected setting type in the [Sensor setting reference](#add-sensor-settings) below.     |
     |**Apply**     | Use the **Select sites**, **Select zones**, and **Select sensors** dropdown menus to define where you want to apply your setting.   <br><br>**Important**:  Selecting a site or zone applies the setting to all connected OT sensors, including any OT sensors added to the site or zone later on. <br>If you select to apply your settings to an entire site, you don't also need to select its zones or sensors. |
     |**Review and create**     | Check the selections made for your setting. <br><br>If your new setting replaces an existing setting, a :::image type="icon" source="media/how-to-manage-individual-sensors/warning-icon.png" border="false"::: warning is shown to indicate the existing setting.<br><br>When you're satisfied with the setting's configuration, select **Create**.     |
 
@@ -108,9 +108,22 @@ If you're in a situation where the OT sensor is disconnected from Azure, and you
 
 Continue by updating the relevant setting directly on the OT network sensor. For more information, see [Manage individual sensors](how-to-manage-individual-sensors.md).
 
-## Sensor setting reference
+## Add sensor settings
 
-Use the following sections to learn more about the individual OT sensor settings available from the Azure portal:
+Use the following sections to learn more about the individual OT sensor settings available from the Azure portal.
+
+The **Type** settings are:
+
+- [Active Directory](#active-directory)
+- [Bandwidth cap](#bandwidth-cap)
+- [NTP](#ntp)
+- [Local subnets](#local-subnets)
+- [VLAN naming](#vlan-naming)
+- [Public addresses](#public-addresses)
+
+To add a new setting **Type**, select **Sites and sensors** > **Sensor settings**. Select the setting from the **Type** drop down, for example:
+
+:::image type="content" source="media/configure-sensor-settings-portal/sensor-settings-type.png" alt-text="The screenshot shows the sensor settings page with the type dropdown list options.":::
 
 ### Active Directory
 
@@ -147,24 +160,22 @@ To configure an NTP server for your sensor from the Azure portal, define an IP/D
 
 ### Local subnets
 
-To focus the Azure device inventory on devices that are in your OT scope, you need to manually edit the subnet list to include only the locally monitored subnets that are in your OT scope. 
+To focus the Azure device inventory on devices that are in your OT scope, you need to manually edit the subnet list to include only the locally monitored subnets that are in your OT scope.
 
 Subnets in the subnet list are automatically configured as ICS subnets, which means that Defender for IoT recognizes these subnets as OT networks. You can edit this setting when you [configure the subnets](#configure-subnets-in-the-azure-portal).
 
 Once the subnets are configured, the network location of the devices is shown in the *Network location* (Public preview) column in the Azure device inventory. All of the devices associated with the listed subnets are displayed as *local*, while devices associated with detected subnets not included in the list are displayed as *routed*.
 
 #### Configure subnets in the Azure portal
 
-1. In the Azure portal, go to **Sites and sensors** > **Sensor settings**.
-
 1. Under **Local subnets**, review the configured subnets. To focus the device inventory and view local devices in the inventory, delete any subnets that are not in your IoT/OT scope by selecting the options menu (...) on any subnet you want to delete.
 
 1. To modify additional settings, select any subnet and then select **Edit** for the following options:
 
     - Select **Import subnets** to import a comma-separated list of subnet IP addresses and masks. Select **Export subnets** to export a list of currently configured data, or **Clear all** to start from scratch.
 
     - Enter values in the **IP Address**, **Mask**, and **Name** fields to add subnet details manually. Select **Add subnet** to add additional subnets as needed.
-    
+
     - **ICS Subnet** is on by default, which means that Defender for IoT recognizes the subnet as an OT network. To mark a subnet as non-ICS, toggle off **ICS Subnet**.
 
 ### VLAN naming
@@ -173,6 +184,20 @@ To define a VLAN for your OT sensor, enter the VLAN ID and a meaningful name.
 
 Select **Add VLAN** to add more VLANs as needed.
 
+### Public addresses
+
+Add public addresses that might have been used for internal use and shouldn't be included as suspicious IP addresses or tracking the data<!-- Theo is this correct? OR-->.
+Excluded public IP addresses that might have been used for internal use and shouldn't be included as suspicious IP addresses or tracking the data.
+
+1. In the **Settings** tab, type the **IP address** and **Mask** address.
+
+    :::image type="content" source="media/configure-sensor-settings-portal/sensor-settings-ip-addresses.png" alt-text="The screenshot shows the Settings tab for adding public addresses to the sensor settings.":::
+
+1. Select **Next**.
+1. In the **Apply** tab, select sites, and toggle the **Add selection by specific zone/sensor** to optionally apply the IP addresses to specific zones and sensors.
+1. Select **Next**.
+1. Review the details and select **Create** to add the address to the public addresses list.
+
 ## Next steps
 
 > [!div class="nextstepaction"]

articles/defender-for-iot/organizations/media/configure-sensor-settings-portal/sensor-settings-ip-addresses.png

@@ -22,7 +22,7 @@ Features released earlier than nine months ago are described in the [What's new
 
 |Service area  |Updates  |
 |---------|---------|
-| **OT networks** | - [Add wildcards to allowlist domain names](#add-wildcards-allowlist-domain-names)<br> - [Added protocol](#added-protocol) <br> - [Improved OT sensor onboarding](#improved-ot-sensor-onboarding) |
+| **OT networks** | - [Add wildcards to allowlist domain names](#add-wildcards-allowlist-domain-names)<br> - [Added protocol](#added-protocol) <br> - [New sensor setting type Public addresses](#new-sensor-setting-type-public-addresses) <br>  - [Improved OT sensor onboarding](#improved-ot-sensor-onboarding) |
 
 ### Add wildcards allowlist domain names
 
@@ -32,6 +32,10 @@ When adding domain names to the FQDN allowlist use the `*` wildcard to include a
 
 We now support the OCPI protocol. See [the updated protocol list](concept-supported-protocols.md#supported-protocols-for-ot-device-discovery).
 
+### New sensor setting type Public addresses
+
+We're adding the **Public addresses** type to the sensor settings, that allows you to exclude public IP addresses that might have been used for internal use and shouldn't be tracked. For more information, see [add sensor settings](configure-sensor-settings-portal.md#add-sensor-settings).
+
 ### Improved OT sensor onboarding
 
 If there are connection problems, during sensor onboarding, between the OT sensor and the Azure portal at the configuration stage, the process can't be completed until the connection problem is solved.
@@ -480,7 +484,7 @@ For more information, see:
 
 Now you can configure Active Directory and NTP settings for your OT sensors remotely from the **Sites and sensors** page in the Azure portal. These settings are available for OT sensor versions 22.3.x and higher.
 
-For more information, see [Sensor setting reference](configure-sensor-settings-portal.md#sensor-setting-reference).
+For more information, see [Sensor setting reference](configure-sensor-settings-portal.md#add-sensor-settings).
 
 ## April 2023