Merge pull request #205785 from MicrosoftDocs/main

Merge default branch to live Sunday 4:00 PM

Author: tamarakhader

.openpublishing.redirection.defender-for-iot.json

@@ -1,5 +1,10 @@
 {
     "redirections": [
+        {
+            "source_path_from_root": "/articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md",
+            "redirect_url": "/azure/defender-for-iot/organizations/appliance-catalog/index",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/defender-for-iot/organizations/plan-network-monitoring.md",
             "redirect_url": "/azure/defender-for-iot/organizations/best-practices/plan-network-monitoring",

articles/defender-for-cloud/media/other-threat-protections/permission-creep-index.png

@@ -2,7 +2,7 @@
 title: Additional threat protections from Microsoft Defender for Cloud
 description: Learn about the threat protections available from Microsoft Defender for Cloud
 ms.topic: overview
-ms.date: 11/09/2021
+ms.date: 07/24/2022
 ---
 # Additional threat protections in Microsoft Defender for Cloud
 
@@ -71,6 +71,13 @@ To defend against DDoS attacks, purchase a license for Azure DDoS Protection and
 
 If you have Azure DDoS Protection enabled, your DDoS alerts are streamed to Defender for Cloud with no additional configuration needed. For more information on the alerts generated by DDoS Protection, see [Reference table of alerts](alerts-reference.md#alerts-azureddos).
 
+## Entra Permission Management (formerly Cloudknox)
+
+[Microsoft Entra Permissions Management](../active-directory/cloud-infrastructure-entitlement-management/index.yml) is a cloud infrastructure entitlement management (CIEM) solution that provides comprehensive visibility and control over permissions for any identity and any resource in Azure, AWS, and GCP. 
+ 
+As part of the integration, each onboarded Azure subscription, AWS account, and GCP project give you a view of your [Permission Creep Index (PCI)](../active-directory/cloud-infrastructure-entitlement-management/ui-dashboard.md). The PCI is an aggregated metric that periodically evaluates the level of risk associated with the number of unused or excessive permissions across identities and resources. PCI measures how risky identities can potentially be, based on the permissions available to them.
+
+:::image type="content" source="media/other-threat-protections/permission-creep-index.png" alt-text="Screenshot of the three associated permission creed index recommendations for Azure, AWS and GCP." lightbox="media/other-threat-protections/permission-creep-index.png":::
 
 ## Next steps
 To learn more about the security alerts from these threat protection features, see the following articles:

articles/defender-for-cloud/media/troubleshooting-guide/troubleshooting-guide-fig2.png

@@ -141,7 +141,7 @@ If you experience issues loading the workload protection dashboard, make sure th
 
 You can also find troubleshooting information for Defender for Cloud at the [Defender for Cloud Q&A page](/answers/topics/azure-security-center.html). If you need further troubleshooting, you can open a new support request using **Azure portal** as shown below:
 
-![Microsoft Support.](./media/troubleshooting-guide/troubleshooting-guide-fig2.png)
+:::image type="content" source="media/troubleshooting-guide/troubleshooting-guide-fig2.png" alt-text="Screenshot of creating a support request in the Help + support area.":::
 
 ## See also
 

articles/defender-for-cloud/other-threat-protections.md

@@ -214,7 +214,7 @@
   - name: OT monitoring appliances
     items:
     - name: Overview
-      href: appliance-catalog/appliance-catalog-overview.md
+      href: appliance-catalog/index.yml
     - name: Corporate environments
       items:
       - name: HPE ProLiant DL360

articles/defender-for-cloud/troubleshooting-guide.md

@@ -0,0 +1,74 @@
+### YamlMime:Landing
+
+title: Microsoft Defender for IoT - OT monitoring appliance catalog
+summary: Learn about the OT monitoring appliances supported for Microsoft Defender for IoT OT sensors and on-premises management consoles, including any extra procedures required for each appliance type.
+
+metadata:
+  title: Microsoft Defender for IoT - OT monitoring appliance reference
+  description: Learn about the appliances available for use with Microsoft Defender for IoT OT sensors and on-premises management consoles.
+  ms.topic: landing-page
+  ms.date: 07/24/2022
+
+# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
+
+landingContent:
+# Cards and links should be based on top customer tasks or top subjects
+# Start card title with a verb
+  # Card
+  - title: Corporate environments
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: HPE ProLiant DL360
+            url: hpe-proliant-dl360.md
+
+  # Card
+  - title: Large enterprises
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: HPE ProLiant DL20/DL20 Plus (4SFF)
+            url: hpe-proliant-dl20-plus-enterprise.md
+
+
+  # Card
+  - title: Production line
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: HPE ProLiant DL20/DL20 Plus (NHP 2LFF)
+            url: hpe-proliant-dl20-plus-smb.md
+          - text: Dell Edge 5200 (Rugged MIL-STD-810G)
+            url: dell-edge-5200.md
+          - text: YS-techsystems YS-FIT2 (Rugged MIL-STD-8106)
+            url: ys-techsystems-ys-fit2.md
+
+  # Card
+  - title: Virtual appliances
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: OT sensor (VMWare ESXi)
+            url: virtual-sensor-vmware.md
+          - text: OT sensor (Microsoft Hyper-V)
+            url: virtual-sensor-hyper-v.md
+          - text: On-premises management console (VMWare ESXi)
+            url: virtual-management-vmware.md
+          - text: On-premises management console (Microsoft Hyper-V)
+            url: virtual-management-hyper-v.md
+
+  # Card
+  - title: Legacy appliances
+    linkLists:
+      - linkListType: deploy
+        links:
+          - text: Dell PowerEdge R340 XL (Enterprise)
+            url: dell-poweredge-r340-xl-legacy.md
+          - text: HPE Edgeline El300 (SMB rugged)
+            url: hpe-edgeline-el300.md
+          - text: Neousys Nuvo-500LP (SMB rugged)
+            url: neousys-nuvo-5006lp.md
+      # - linkListType: reference
+      #   links:
+      #     - text: Security recommendations for GCP resources
+      #       url: recommendations-reference-gcp.md

articles/defender-for-iot/organizations/TOC.yml

@@ -1,26 +1,14 @@
 ---
 title: Install OT network monitoring software - Microsoft Defender for IoT
 description: Learn how to install agentless monitoring software for an OT sensor and an on-premises management console for Microsoft Defender for IoT. Use this article if you're reinstalling software on a preconfigured appliance, or if you've chosen to install software on your own appliances.
-ms.date: 07/11/2022
+ms.date: 07/13/2022
 ms.topic: how-to
 ---
 
 # Install OT agentless monitoring software
 
 This article describes how to install agentless monitoring software for OT sensors and on-premises management consoles. You might need the procedures in this article if you're reinstalling software on a preconfigured appliance, or if you've chosen to install software on your own appliances.
 
-## Pre-installation configuration
-
-Each appliance type comes with its own set of instructions that are required before installing Defender for IoT software.
-
-Make sure that you've completed the procedures as instructed in the **Reference > OT monitoring appliance** section of our documentation before installing Defender for IoT software.
-
-For more information, see:
-
-- [Which appliances do I need?](ot-appliance-sizing.md)
-- [Pre-configured physical appliances for OT monitoring](ot-pre-configured-appliances.md), including the catalog of available appliances
-- [OT monitoring with virtual appliances](ot-virtual-appliances.md)
-
 ## Download software files from the Azure portal
 
 Make sure that you've downloaded the relevant software file for the sensor or on-premises management console.
@@ -33,6 +21,19 @@ Mount the ISO file using one of the following options:
 
 - **Virtual mount** – use iLO for HPE appliances, or iDRAC for Dell appliances to boot the ISO file.
 
+## Pre-installation configuration
+
+Each appliance type comes with its own set of instructions that are required before installing Defender for IoT software.
+
+Make sure that you've completed any specific procedures required for your appliance before installing Defender for IoT software. For more information, see the [OT monitoring appliance catalog](appliance-catalog/appliance-catalog-overview.md).
+
+For more information, see:
+
+- [Which appliances do I need?](ot-appliance-sizing.md)
+- [Pre-configured physical appliances for OT monitoring](ot-pre-configured-appliances.md), including the catalog of available appliances
+- [OT monitoring with virtual appliances](ot-virtual-appliances.md)
+
+
 ## Install OT monitoring software
 
 This section provides generic procedures for installing OT monitoring software on sensors or an on-premises management console.
@@ -41,59 +42,99 @@ Select one of the following tabs, depending on which type of software you're ins
 
 # [OT sensor](#tab/sensor)
 
-This procedure describes how to install OT sensor software on a physical or virtual appliance.
+This procedure describes how to install OT sensor software on a physical or virtual appliance after you've booted the ISO file on your appliance.
 
 > [!Note]
-> At the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.
+> Towards the end of this process you will be presented with the usernames and passwords for your device. Make sure to copy these down as these passwords will not be presented again.
 
 **To install the sensor's software**:
 
-1. Select the installation language.
+1. When the installation boots, you're first prompted to select the hardware profile you want to install.
 
-    :::image type="content" source="media/tutorial-install-components/language-select.png" alt-text="Screenshot of the sensor's language select screen.":::
+    :::image type="content" source="media/tutorial-install-components/sensor-architecture.png" alt-text="Screenshot of the sensor's hardware profile options." lightbox="media/tutorial-install-components/sensor-architecture.png":::
 
-1. Select the sensor's architecture. For example:
+    For more information, see [Which appliances do I need?](ot-appliance-sizing.md).
 
-    :::image type="content" source="media/tutorial-install-components/sensor-architecture.png" alt-text="Screenshot of the sensor's architecture select screen.":::
+    System files are installed, the sensor reboots, and then sensor files are installed. This process can take a few minutes.
 
-1. The sensor will reboot, and the **Package configuration** screen will appear. Press the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.
+    When the installation steps are complete, the Ubuntu **Package configuration** screen is displayed, with the `Configuring iot-sensor` wizard, showing a prompt to  select your monitor interfaces.
 
-1. Select the monitor interface. For example:
+    In this wizard, use the up or down arrows to navigate, and the SPACE bar to select an option. Press ENTER to advance to the next screen.
+
+1. In the `Select monitor interfaces` screen, select the interfaces you want to monitor.
+
+    By default, eno1 is reserved for the management interface. and we recommend that you leave this option unselected.
+
+    For example:
 
     :::image type="content" source="media/tutorial-install-components/monitor-interface.png" alt-text="Screenshot of the select monitor interface screen.":::
 
-1. If one of the monitoring ports is for ERSPAN, select it. For example:
+1. In the `Select erspan monitor interfaces` screen, select any ERSPAN monitoring ports that you have. The wizard lists available interfaces, even if you don't have any ERSPAN monitoring ports in your system. If you have no ERSPAN monitoring ports, leave all options unselected.
+
+    For example:
 
     :::image type="content" source="media/tutorial-install-components/erspan-monitor.png" alt-text="Screenshot of the select erspan monitor screen.":::
 
-1. Select the interface to be used as the management interface. For example:
+1. In the `Select management interface` screen, we recommend keeping the default `eno1` value selected as the management interface.
+
+    For example:
 
     :::image type="content" source="media/tutorial-install-components/management-interface.png" alt-text="Screenshot of the management interface select screen.":::
 
-1. Enter the sensor's IP address. For example:
+1. In the `Enter sensor IP address` screen, enter the IP address for the sensor appliance you're installing.
 
     :::image type="content" source="media/tutorial-install-components/sensor-ip-address.png" alt-text="Screenshot of the sensor IP address screen.":::
 
-1. Enter the path of the mounted logs folder. We recommend using the default path. For example:
+1. In the `Enter path to the mounted backups folder` screen, enter the path to the sensor's mounted backups. We recommend using the default path of `/opt/sensor/persist/backups`. For example:
 
     :::image type="content" source="media/tutorial-install-components/mounted-backups-path.png" alt-text="Screenshot of the mounted backup path screen.":::
 
-1. Enter the Subnet Mask IP address. For example:
+1. In the `Enter Subnet Mask` screen, enter the IP address for the sensor's subnet mask. For example:
+
+    :::image type="content" source="media/tutorial-install-components/sensor-subnet-ip.png" alt-text="Screenshot of the Enter Subnet Mask screen.":::
 
-1. Enter the default gateway IP address.
+1. In the `Enter Gateway` screen, enter the sensor's default gateway IP address. For example:
 
-1. Enter the DNS Server IP address.
+    :::image type="content" source="media/tutorial-install-components/sensor-gateway-ip.png" alt-text="Screenshot of the Enter Gateway screen.":::
 
-1. Enter the sensor hostname. For example:
+1. In the `Enter DNS server` screen, enter the sensor's DNS server IP address. For example:
 
-    :::image type="content" source="media/tutorial-install-components/sensor-hostname.png" alt-text="Screenshot of the screen where you enter a hostname for your sensor.":::
+    :::image type="content" source="media/tutorial-install-components/sensor-dns-ip.png" alt-text="Screenshot of the Enter DNS server screen.":::
 
-    The installation process runs.
+1. In the `Enter hostname` screen, enter the sensor hostname. For example:
 
-1. When the installation process completes, save the appliance ID, and passwords. Copy these credentials to a safe place as you'll need them to access the platform the first time you use it.
+    :::image type="content" source="media/tutorial-install-components/sensor-hostname.png" alt-text="Screenshot of the Enter hostname screen.":::
+
+1. In the `Run this sensor as a proxy server (Preview)` screen, select `<Yes>` only if you want to configure a proxy, and then enter the proxy credentials as prompted.
+
+    The default configuration is without a proxy.
+
+    For more information, see [Connect Microsoft Defender for IoT sensors without direct internet access by using a proxy (legacy)](how-to-connect-sensor-by-proxy.md).
+
+
+1. <a name=credentials></a>The installation process starts running and then shows the credentials screen. For example:
 
     :::image type="content" source="media/tutorial-install-components/login-information.png" alt-text="Screenshot of the final screen of the installation with usernames, and passwords.":::
 
+    Save the usernames and passwords listed, as the passwords are unique and this is the only time that the credentials are listed. Copy the credentials to a safe place so that you can use them when signing into the sensor for the first time.
+
+    Select `<Ok>` when you're ready to continue.
+
+    The installation continues running again, and then reboots when the installation is complete. Upon reboot, you're prompted to enter credentials to sign in. For example:
+
+    :::image type="content" source="media/tutorial-install-components/sensor-sign-in.png" alt-text="Screenshot of a sensor sign-in screen after installation.":::
+
+1. Enter the credentials for one of the users that you'd copied down in the [previous step](#credentials).
+
+    - If the `iot-sensor login:` prompt disappears, press **ENTER** to have it shown again.
+    - When you enter your password, the password characters don't display on the screen. Make sure you enter them carefully.
+
+    When you've successfully signed in, the following confirmation screen appears:
+
+    :::image type="content" source="media/tutorial-install-components/install-complete.png" alt-text="Screenshot of the sign-in confirmation.":::
+
+Make sure that your sensor is connected to your network, and then you can sign in to your sensor via a network-connected browser. For more information, see [Activate and set up your sensor](how-to-activate-and-set-up-your-sensor.md#activate-and-set-up-your-sensor).
+
 # [On-premises management console](#tab/on-prem)
 
 
@@ -109,6 +150,12 @@ During the installation process, you can add a secondary NIC. If you choose not
 
    :::image type="content" source="media/tutorial-install-components/on-prem-language-select.png" alt-text="Select your preferred language for the installation process.":::
 
+1. Select your location. For example:
+
+1. Detect keyboard layout?  default no, then select a keyboard layout 
+
+1. Configure the network - your system has detected multiple interfaces. 
+
 1. Select **MANAGEMENT-RELEASE-\<version\>\<deployment type\>**.
 
    :::image type="content" source="media/tutorial-install-components/on-prem-install-screen.png" alt-text="Select your version.":::

articles/defender-for-iot/organizations/appliance-catalog/appliance-catalog-overview.md

@@ -9,7 +9,7 @@ ms.topic: how-to
 
 Use the **Device inventory** page from a sensor console to manage all OT and IT devices detected by that console. Identify new devices detected, devices that might need troubleshooting, and more.
 
-For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device).
+For more information, see [What is a Defender for IoT committed device?](architecture.md#what-is-a-defender-for-iot-committed-device)
 
 > [!TIP]
 > Alternately, view your device inventory from a [the Azure portal](how-to-manage-device-inventory-for-organizations.md), or from an [on-premises management console](how-to-investigate-all-enterprise-sensor-detections-in-a-device-inventory.md).