Merge pull request #88259 from MicrosoftDocs/master

9/12 AM Publish

Author: huypub

articles/asc-for-iot/concept-pricing.md

@@ -63,9 +63,10 @@ The following table provides a summary of associated costs and implications of e
 | **Log Analytics storage** |  |
 | Device recommendation and alerts| Security recommendation and alerts generated by the service | Not optional |
 | Raw security data| Raw security data from IoT devices, collected by security agents | Disable _store raw device security events_ |
+|
 
 >[!Important]
-> Opting out has severe implications to available security features.
+> Opting out has severe implications to Azure Security Center for IoT security feature availability. 
   
 | Opt out | Implications |
 | --- | --- |

articles/asc-for-iot/concept-security-alerts.md

@@ -81,8 +81,8 @@ For more details, see [Create custom alerts](quickstart-create-custom-alerts.md)
 | Medium   | Certificate deleted from an IoT Hub                                    | A certificate named \'%{DescCertificateName}\' was deleted from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate a malicious activity.| 1. Make sure the certificate was removed by an authorized party. <br> 2. If the certificate was not removed by an authorized party, add the certificate back, and escalate the alert to the organizational security team. |
 | Medium   | Unsuccessful attempt detected to add a certificate to an IoT Hub     | There was an unsuccessful attempt to add certificate \'%{DescCertificateName}\' to IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity.|   Make sure permissions to change certificates are only granted to authorized parties.  |
 | Medium   | Unsuccessful attempt detected to delete a certificate from an IoT Hub | There was an unsuccessful attempt to delete certificate \'%{DescCertificateName}\' from IoT Hub \'%{DescIoTHubName}\'. If this action was made by an unauthorized party, it may indicate malicious activity. |Make sure permissions to change certificates are only granted to an authorized party.
-| Low      | Attempt to add or edit a diagnostic setting of an IoT Hub detected    | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity.  |
-| Low      | Attempt to delete a diagnostic setting from an IoT Hub detected       | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
+| Low      | Attempt to add or edit a diagnostic setting of an IoT Hub detected    | Attempt to add or edit the diagnostic settings of an IoT Hub has been detected. Diagnostic settings enable you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate malicious activity.  |1. Make sure the certificate was removed by an authorized party.<br> 2. If the certificate was not removed by an authorized party, add the certificate back and escalate the alert to your information security team.
+| Low      | Attempt to delete a diagnostic setting from an IoT Hub detected       | There was %{DescAttemptStatusMessage}\' attempt to add or edit diagnostic setting \'%{DescDiagnosticSettingName}\' of IoT Hub \'%{DescIoTHubName}\'. Diagnostic setting enables you to recreate activity trails for investigation purposes when a security incident occurs or your network is compromised. If this action was not made by an authorized party, it may indicate a malicious activity. |Make sure permissions to change diagnostics settings are granted only to an authorized party.
 |
 
 ## Next steps

articles/asc-for-iot/event-aggregation.md

@@ -56,6 +56,7 @@ After analysis, Azure Security Center for IoT creates security alerts for suspic
 
 Aggregation start time, end time and hit count for each event are logged in the event **ExtraDetails** field within Log Analytics for use during investigations. 
 
+Each aggregated event represents a 24 hour period of collected alerts. Using the event options menu on the upper left of each event, you can **dismiss** each individual aggregated event.    
 
 ## Event aggregation twin configuration
 Make changes to the configuration of Azure Security Center for IoT event aggregation inside the [agent configuration object](how-to-agent-configuration.md) of the module twin identity of the **azureiotsecurity** module.

articles/asc-for-iot/how-to-agent-configuration.md

@@ -84,28 +84,28 @@ To use a default property value, remove the property from the configuration obje
 
 1. In your IoT Hub, locate and select the device you wish to change.
 
-2. Click on your device, and then on **azureiotsecurity** module.
+1. Click on your device, and then on **azureiotsecurity** module.
 
-3. Click on **Module Identity Twin**.
+1. Click on **Module Identity Twin**.
 
-4. Edit the properties you wish to change in the security module.
+1. Edit the properties you wish to change in the security module.
 
    For example, to configure connection events as high priority and collect high priority events every 7 minutes, use the following configuration.
 
-   ```json
+    ```json
     "desired": {
-      "ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
-        "highPriorityMessageFrequency": {
-          "value" : "PT7M"
-        },    
-        "eventPriorityConnectionCreate": {
-          "value" : "High" 
-        }
-      } 
-    }, 
+    	"ms_iotn:urn_azureiot_Security_SecurityAgentConfiguration": {
+    		"highPriorityMessageFrequency": {
+    			"value": "PT7M"
+    		},
+    		"eventPriorityConnectionCreate": {
+    			"value": "High"
+    		}
+    	}
+    }
     ```
 
-5. Click **Save**.
+1. Click **Save**.
 
 ### Using a default value
 

articles/asc-for-iot/how-to-deploy-agent.md

@@ -77,7 +77,7 @@ Answer the following questions about your IoT devices to select the correct agen
 
 - Are you using a Linux distribution with x64 architecture?
 
-    You can use either agent flavor. <br>
+    Both agent flavors can be used. <br>
     [Deploy a C-based security agent for Linux](how-to-deploy-linux-c.md) and/or 
     [Deploy a C#-based security agent for Linux](how-to-deploy-linux-cs.md).
 
@@ -97,7 +97,7 @@ The following list includes all currently supported platforms.
 |C#|Ubuntu 18.04	|x64|
 |C#|Debian 9	|x64|
 |C#|Windows Server 2016|	X64|
-|C#|Windows 10 IoT Core build 17763	|x64|
+|C#|Windows 10 IoT Core, build 17763	|x64|
 |
 
 ## Next steps

articles/asc-for-iot/index.yml

@@ -61,6 +61,11 @@ sections:
       image: 
         src: https://docs.microsoft.com/media/common/i_video.svg
         href: https://youtu.be/pq5uSp9u_x0
+    - title: Microsoft Azure Security Center for IoT - Solution
+      href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
+      image: 
+        src: https://docs.microsoft.com/media/common/i_video.svg
+        href: https://www.youtube.com/watch?time_continue=5&v=YOqkahQsKek
 - title: Reference
   items:
   - type: list

articles/azure-monitor/app/cloudservices.md

@@ -79,8 +79,9 @@ If you've decided to create a separate resource for each role, and perhaps a sep
 
     ![Application Insights pane](./media/cloudservices/01-new.png)
 
-1. In the **Application Type** drop-down list, select **ASP.NET web application**.  
-    Each resource is identified by an instrumentation key. You might need this key later if you want to manually configure or verify the configuration of the SDK.
+1. In the **Application Type** drop-down list, select **ASP.NET web application**.
+
+Each resource is identified by an instrumentation key. You might need this key later if you want to manually configure or verify the configuration of the SDK.
 
 
 ## Set up Azure Diagnostics for each role
@@ -128,8 +129,9 @@ In Visual Studio, configure the Application Insights SDK for each cloud app proj
     * [Worker role](https://github.com/Microsoft/ApplicationInsights-Home/blob/master/Samples/AzureEmailService/WorkerRoleA/WorkerRoleA.cs#L232)
     * [For webpages](https://github.com/Microsoft/ApplicationInsights-Home/blob/master/Samples/AzureEmailService/MvcWebRole/Views/Shared/_Layout.cshtml#L13) 
 
-1. Set the *ApplicationInsights.config* file to be copied always to the output directory.  
-    A message in the *.config* file asks you to place the instrumentation key there. However, for cloud apps, it's better to set it from the *.cscfg* file. This approach ensures that the role is correctly identified in the portal.
+1. Set the *ApplicationInsights.config* file to be copied always to the output directory.
+
+   A message in the *.config* file asks you to place the instrumentation key there. However, for cloud apps, it's better to set it from the *.cscfg* file. This approach ensures that the role is correctly identified in the portal.
 
 ## Set up Status Monitor to collect full SQL Queries (optional)
 
@@ -166,16 +168,19 @@ This step is only needed if you want to capture full SQL queries on .NET Framewo
 
 1. Run your app, and sign in to Azure. 
 
-1. Open the Application Insights resources that you created.  
-    Individual data points are displayed in [Search](../../azure-monitor/app/diagnostic-search.md), and aggregated data is displayed in [Metric Explorer](../../azure-monitor/app/metrics-explorer.md). 
+1. Open the Application Insights resources that you created.
+
+   Individual data points are displayed in [Search][diagnostic], and aggregated data is displayed in [Metric Explorer](../../azure-monitor/app/metrics-explorer.md).
 
 1. Add more telemetry (see the next sections) and then publish your app to get live diagnostics and usage feedback. 
 
 If there is no data, do the following:
+
 1. To view individual events, open the [Search][diagnostic] tile.
 1. In the app, open various pages so that it generates some telemetry.
 1. Wait a few seconds, and then click **Refresh**.  
-    For more information, see [Troubleshooting][qna].
+
+For more information, see [Troubleshooting][qna].
 
 ## View Azure Diagnostics events
 You can find the [Azure Diagnostics](https://docs.microsoft.com/azure/monitoring-and-diagnostics/azure-diagnostics) information in Application Insights in the following locations:

articles/azure-monitor/app/javascript.md

@@ -10,7 +10,7 @@ ms.service: application-insights
 ms.workload: tbd
 ms.tgt_pltfrm: ibiza
 ms.topic: conceptual
-ms.date: 08/15/2019
+ms.date: 09/12/2019
 ms.author: mbullwin
 ---
 # Application Insights for web pages
@@ -137,14 +137,14 @@ Most configuration fields are named such that they can be defaulted to false. Al
 
 By default, this SDK will **not** handle state-based route changing that occurs in single page applications. To enable automatic route change tracking for your single page application, you can add `enableAutoRouteTracking: true` to your setup configuration.
 
-Currently, we offer a separate [React plugin](#react-extensions) which you can initialize with this SDK. It will also accomplish route change tracking for you, as well as collect [other React specific telemetry](https://github.com/microsoft/ApplicationInsights-JS/tree/master/vNext/extensions/applicationinsights-react-js).
+Currently, we offer a separate [React plugin](#react-extensions) which you can initialize with this SDK. It will also accomplish route change tracking for you, as well as collect [other React specific telemetry](https://github.com/microsoft/ApplicationInsights-JS/blob/17ef50442f73fd02a758fbd74134933d92607ecf/extensions/applicationinsights-react-js/README.md).
 
 ## React extensions
 
 | Extensions |
 |---------------|
-| [React](https://github.com/microsoft/ApplicationInsights-JS/tree/master/vNext/extensions/applicationinsights-react-js)|
-| [React Native](https://github.com/microsoft/ApplicationInsights-JS/tree/master/vNext/extensions/applicationinsights-react-native)|
+| [React](https://github.com/microsoft/ApplicationInsights-JS/blob/17ef50442f73fd02a758fbd74134933d92607ecf/extensions/applicationinsights-react-js/README.md)|
+| [React Native](https://github.com/microsoft/ApplicationInsights-JS/blob/17ef50442f73fd02a758fbd74134933d92607ecf/extensions/applicationinsights-react-native/README.md)|
 
 ## Explore browser/client-side data
 

articles/azure-monitor/insights/vminsights-health.md

@@ -11,7 +11,7 @@ ms.service: azure-monitor
 ms.topic: conceptual
 ms.tgt_pltfrm: na
 ms.workload: infrastructure-services
-ms.date: 07/24/2019
+ms.date: 09/12/2019
 ms.author: magoedte
 ---
 
@@ -31,49 +31,52 @@ For information about configuring Azure Monitor for VMs, see [Enable Azure Monit
 
 This section outlines the default health criteria to monitor Azure Windows and Linux VMs. All health criteria are pre-configured to send an alert when they detect an unhealthy condition.
 
-### Windows VMs
-
-- Available Megabytes of Memory
-- Average Disk Seconds Per Write (Logical Disk)
-- Average Disk Seconds Per Write (Disk)
-- Average Logical Disk Seconds Per Read
-- Average Logical Disk Seconds Per Transfer
-- Average Disk Seconds Per Read
-- Average Disk Seconds Per Transfer
-- Current Disk Queue Length (Logical Disk)
-- Current Disk Queue Length (Disk)
-- Disk Percent Idle Time
-- File system error or corruption
-- Logical Disk Free Space (%) Low
-- Logical Disk Free Space (MB) Low
-- Logical Disk Percent Idle Time
-- Memory Pages Per Second
-- Percent Bandwidth Used Read
-- Percent Bandwidth Used Total
-- Percent Bandwidth Used Write
-- Percentage of Committed Memory in Use
-- Disk Percent Idle Time
-- DHCP Client Service Health
-- DNS Client Service Health
-- RPC Service Health
-- Server Service Health
-- Total CPU Utilization Percentage
-- Windows Event Log Service Health
-- Windows Firewall Service Health
-- Windows Remote Management Service Health
-
-### Linux VMs
-
-- Disk Avg. Disk sec/Transfer
-- Disk Avg. Disk sec/Read
-- Disk Avg. Disk sec/Write
-- Disk Health
-- Logical Disk Free Space
-- Logical Disk % Free Space
-- Logical Disk % Free Inodes
-- Network Adapter Health
-- Total Percent Processor Time
-- Operating System Available Megabytes of Memory
+| Monitor name | Frequency (min) | Lookback Duration (min) | Operator | Threshold | Alert on state | Severity | Workload category | 
+|--------------|-----------|----------|----------|-----------|----------------|----------|-------------------|
+| Logical Disk Online | 5 | 15 | <> | 1 (true) | Critical | Sev1 | Linux | 
+| Logical Disk Free Space | 5 | 15 | < | 200 MB (warning)<br> 100 MB (critical) | Warning | Sev1<br> Sev2 | Linux | 
+| Logical Disk % Free Inodes | 5 | 15 | < | 5% | Critical | Sev1 | Linux | 
+| Logical Disk % Free Space | 5 | 15 | < | 5% | Critical | Sev1 | Linux | 
+| Network Adapter Status | 5 | 15 | <> | 1 (true) | Warning | Sev2 | Linux | 
+| Operating System Available Megabytes Memory | 5 | 10 | < | 2.5 MB | Critical | Sev1 | Linux | 
+| Disk Avg. Disk sec/Read | 5 | 25 | > | 0.05s | Critical | Sev1 | Linux | 
+| Disk Avg. Disk sec/Transfer | 5 | 25 | > | 0.05s | Critical | Sev1 | Linux | 
+| Disk Avg. Disk sec/Write | 5 | 25 | > | 0.05s | Critical | Sev1 | Linux | 
+| Disk Status | 5 | 25 | <> | 1 (true) | Critical | Sev1 | Linux | 
+| Operating System Total Percent Processor Time | 5 | 10 | >= | 95% | Critical | Sev1 | Linux | 
+| Total CPU Utilization Percentage | 5 | 10 | >= | 95% | Critical | Sev1 | Windows | 
+| File system error or corruption | 60 | 60 | <> | 4 | Critical | Sev1 | Windows | 
+| Average Logical Disk Seconds Per Read | 1 | 15 | > | 0.04s | Warning | Sev2 | Windows | 
+| Average Logical Disk Seconds Per Transfer | 1 | 15 | > | 0.04s | Warning | Sev2 | Windows | 
+| Average Logical Disk Seconds Per Write (Logical Disk) | 1 | 15 | > | 0.04s | Warning | Sev2 | Windows | 
+| Current Disk Queue Length (Logical Disk) | 5 | 60 | >= | 32 | Warning | Sev2 | Windows | 
+| Logical Disk Free Space (MB) | 15 | 60 | > | 500 MB warning<br> 300 MB critical | Critical | Sev1<br> Sev2 | Windows | 
+| Logical Disk Free Space (%) | 15 | 60 | > | 10% warning<br> 5% critical | Critical | Sev1<br> Sev2 | Windows |
+| Logical Disk Percent Idle Time | 15 | 360 | <= | 20% | Warning | Sev2 | Windows | 
+| Percent Bandwidth Used Read | 5 | 60 | >= | 60% | Warning | Sev2 | Windows | 
+| Percent Bandwidth Used Total | 5 | 60 | >= | 75% | Warning | Sev2 | Windows | 
+| Percent Bandwidth Used Write | 5 | 60 | >= | 60% | Warning | Sev2 | Windows | 
+| DHCP Client Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| DNS Client Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| Windows Event Log Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| Windows Firewall Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| RPC Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| Server Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| Windows Remote Management Service Health | 5 | 12 | <> | 4 (running) | Critical | Sev1 | Windows | 
+| Available Megabytes of Memory | 5 | 10 | < | 100 MB | Critical | Sev1 | Windows | 
+| Free System Page Table Entries | 5 | 10 | <= | 5000 | Critical | Sev1 | Windows | 
+| Memory Pages Per Second | 5 | 10 | >= | 5000/s | Warning | Sev1 | Windows | 
+| Percentage of Committed Memory in Use | 5 | 10 | > | 80% | Critical | Sev1 | Windows | 
+| Average Disk Seconds Per Transfer | 1 | 15 | > | 0.04s | Warning | Sev2 | Windows | 
+| Average Disk Seconds Per Write | 1 | 15 | > | 0.04s | Warning | Sev2 | Windows | 
+| Current Disk Queue Length | 5 | 60 | >= | 32 | Warning | Sev2 | Windows | 
+| Disk Percent Idle Time | 5 | 60 | >= | 20% | Warning | Sev2 | Windows | 
+
+>[!NOTE]
+>Lookback Duration represents how often the look back window checks the metric values, such as over the last five minutes.  
+
+>[!NOTE]
+>Frequency represents how often the metric alert checks if the conditions are met, such as every one minute.  It is the rate at which health criterion is executed, and lookback is the duration over which health criterion is evaluated. For example, health criterion is evaluating if the condition **CPU utilization** is greater than 95 percent with a frequency of 5 minutes and remains greater than 95% for 15 minutes (3 consecutive evaluation cycles), then the state is updated to critical severity if it wasn't already.
 
 ## Sign in to the Azure portal