Merge pull request #201053 from batamig/bi-directional-sync

Sensor version 22.2.3 bi-directional synch. Approved July 3

Author: v-ccolin

articles/defender-for-iot/organizations/how-to-manage-cloud-alerts.md

@@ -181,34 +181,44 @@ Defender for IoT provides remediation steps you can carry out for the alert. Rem
 
 ## Manage alert status and severity
 
-You can change the alert status and severity for a single alert or for a group of alerts.
+You can update alert status or severity for a single alert or for a group of alerts.
 
-**To change the alert status:**
+*Learn* an alert to indicate to Defender for IoT that the detected network traffic is authorized. Learned alerts won't be triggered again the next time the same traffic is detected on your network. For more information, see [Learn and unlearn alert traffic](how-to-manage-the-alert-event.md#learn-and-unlearn-alert-traffic).
 
-1. Select an alert or group of alerts.
-1. Select **Change status** and select a status (New, Active, Closed).
+- **To manage a single alert**:
 
-Changes to status aren't reflected in the on-premises management console or sensor.
+    1. Select an alert in the grid.
+    1. Either on the details pane on the right, or in an alert details page itself, select the new status and/or severity.
 
-**To change the alert severity:**
+- **To manage multiple alerts in bulk**:
+
+    1. Select the alerts in the grid that you want to modify.
+    1. Use the :::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/status-icon.png" border="false"::: **Change status** and/or :::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/severity-icon.png" border="false"::: **Change severity** options in the toolbar to update the status and/or the severity for all the selected alerts.
+
+- **To learn one or more alerts**, do one of the following:
+
+    - Select one or more alerts in the grid and then select :::image type="icon" source="media/how-to-manage-sensors-on-the-cloud/learn-icon.png" border="false"::: **Learn** in the toolbar.
+    - On an alert details page, in the **Take Action** tab, select **Learn**.
 
-1. Select an alert or group of alerts.
-1. Select **Change severity** and select a severity.
 
 Changes to severity aren't reflected in the on-premises management console or sensor.
 
-## On-premises alert management
+### Managing alerts in a hybrid deployment
+
+Users working in hybrid deployments may be managing alerts in Defender for IoT on the Azure portal, the sensor, and an on-premises management console.
+
+Alert management across all interfaces functions as follows:
+
+- **Alert statuses are fully synchronized** between the Azure portal and the sensor. This means that when you set an alert status to **Closed** on either the Azure portal or the sensor, the alert status is updated in the other location as well.
+
+    Setting an alert status to **Closed** or **Muted** on a sensor updates the alert status to **Closed** on the Azure portal. Alert statuses are also synchronized between the sensor and the on-premises management console to keep all management sources updated with the correct alert statuses.
 
-Users working in hybrid deployments may be managing alerts on both the Microsoft Defender for IoT portal, Alerts page, and on on-premises sensors and the management console.
+    [Learning](#manage-alert-status-and-severity) an alert in Azure also updates the alert in the sensor console.
 
-Users working with alerts in Azure and on-premises should understand how alert management between the portal and the on-premises components operates.
+- **Alert Exclusion rules**: If you're working with an on-premises management console, you may have defined alert *Exclusion rules* to determine the rules detected by relevant sensors.
 
- Parameter | Description
-|--|--|
-| **Alert Exclusion rules**|  Alert *Exclusion rules* defined in the on-premises management console affect the rules detected by managed sensors. As a result, the alerts excluded be these rules won't be displayed in the Alerts page. See [Create alert exclusion rules](how-to-work-with-alerts-on-premises-management-console.md#create-alert-exclusion-rules) for more information.
-| **Managing alerts on-premises**  |  Alerts  **Learned**,  **Acknowledged**, or **Muted** in the on-premises management console or in sensors aren't simultaneously updated in Alerts page on the Defender for IoT Cloud Alerts page. This means that this alert will stay open on the Cloud. However another alert  won't be triggered from the on-premises components for this activity.
-| **Managing alert in the portal Alerts page** | Changing the status of an alert to **New**, **Active**, or **Closed** on the Alerts page or changing the alert severity on the Alerts page doesn't affect the alert status or severity  in the on-premises management console or sensors.
+    Alerts excluded because they meet criteria for a specific exclusion rule are not displayed on the sensor, or in the Azure portal. For more information, see [Create alert exclusion rules](how-to-work-with-alerts-on-premises-management-console.md#create-alert-exclusion-rules).
 
 ## Next steps
 
-For more information, see [Gain insight into global, regional, and local threats](how-to-gain-insight-into-global-regional-and-local-threats.md#gain-insight-into-global-regional-and-local-threats).
+For more information, see [Gain insight into global, regional, and local threats](how-to-gain-insight-into-global-regional-and-local-threats.md#gain-insight-into-global-regional-and-local-threats).

articles/defender-for-iot/organizations/media/how-to-manage-sensors-on-the-cloud/learn-icon.png

@@ -2,7 +2,7 @@
 title: What's new in Microsoft Defender for IoT
 description: This article lets you know what's new in the latest release of Defender for IoT.
 ms.topic: overview
-ms.date: 05/25/2022
+ms.date: 07/05/2022
 ---
 
 # What's new in Microsoft Defender for IoT?
@@ -33,6 +33,8 @@ For more information, see the [Microsoft Security Development Lifecycle practice
 
 | Version | Date released | End support date |
 |--|--|--|
+| 22.2.3 | 07/2022 | 04/2023 |
+| 22.1.5 | 06/2022 | 03/2022 |
 | 22.1.5 | 06/2022 | 03/2023 |
 | 22.1.4 | 04/2022 | 12/2022 |
 | 22.1.3 | 03/2022 | 11/2022 |
@@ -44,6 +46,12 @@ For more information, see the [Microsoft Security Development Lifecycle practice
 
 ## July 2022
 
+- [Enterprise IoT purchase experience and Defender for Endpoint integration in GA](#enterprise-iot-purchase-experience-and-defender-for-endpoint-integration-in-ga)
+
+**Sensor software version**: 22.2.3
+
+- [Bi-directional alert synch between sensors and the Azure portal (Public preview)](#bi-directional-alert-synch-between-sensors-and-the-azure-portal-public-preview)
+
 ### Enterprise IoT purchase experience and Defender for Endpoint integration in GA
 
 Defender for IoT’s new purchase experience and the Enterprise IoT integration with Microsoft Defender for Endpoint is now in General Availability (GA). With this update, we've made the following updates and improvements:
@@ -57,19 +65,31 @@ Defender for IoT’s new purchase experience and the Enterprise IoT integration
 > [!NOTE]
 > The Enterprise IoT network sensor and all detections remain in Public Preview.
 
-## June 2022
+### Bi-directional alert synch between sensors and the Azure portal (Public preview)
 
-**Sensor software version**: 22.1.5
+For sensors updated to version 22.2.1, alert statuses and learn statuses are now fully synchronized between the sensor console and the Azure portal. For example, this means that you can close an alert on the Azure portal or the sensor console, and the alert status is updated in both locations.
+
+*Learn* an alert from either the Azure portal or the sensor console to ensure that it's not triggered again the next time the same network traffic is detected.
 
-- Bug fixes related to OT monitoring software updates and sensor-cloud connections.
+The sensor console is also synchronized with an on-premises management console, so that alert statuses and learn statuses remain up-to-date across your management interfaces.
 
-## May 2022
+For more information, see:
+
+- [View and manage alerts from the Azure portal](how-to-manage-cloud-alerts.md)
+- [View alerts on your sensor](how-to-view-alerts.md)
+- [Manage alerts from the sensor console](how-to-manage-the-alert-event.md)
+- [Work with alerts on the on-premises management console](how-to-work-with-alerts-on-premises-management-console.md)
+
+## June 2022
+
+**Sensor software version**: 22.1.5
 
 We've recently optimized and enhanced our documentation as follows:
 
 - [Updated appliance catalog for OT environments](#updated-appliance-catalog-for-ot-environments)
 - [Documentation reorganization for end-user organizations](#documentation-reorganization-for-end-user-organizations)
 
+
 ### Updated appliance catalog for OT environments
 
 We've refreshed and revamped the catalog of supported appliances for monitoring OT environments. These appliances support flexible deployment options for environments of all sizes and can be used to host both the OT monitoring sensor and on-premises management consoles.