Merge branch 'main' into siosulli-mdvm-updates

Author: siosulli

defender-endpoint/linux-exclusions.md

@@ -88,7 +88,53 @@ For antivirus exclusions, when using the * wildcard at the end of the path, it w
 
 ### Using the management console
 
-For more information on how to configure exclusions from Puppet, Ansible, or another management console, see [Set preferences for Defender for Endpoint on Linux](linux-preferences.md).
+To configure exclusions from Puppet, Ansible, or another management console, please refer to the following sample `mdatp_managed.json`.
+```JSON
+{
+   "exclusionSettings":{
+     "exclusions":[
+        {
+           "$type":"excludedPath",
+           "isDirectory":true,
+           "path":"/home/*/git<EXAMPLE DO NOT USE>",
+           "scopes": [
+              "epp"
+           ]
+        },
+        {
+           "$type":"excludedPath",
+           "isDirectory":true,
+           "path":"/run<EXAMPLE DO NOT USE>",
+           "scopes": [
+              "global"
+           ]
+        },
+        {
+           "$type":"excludedPath",
+           "isDirectory":false,
+           "path":"/var/log/system.log<EXAMPLE DO NOT USE><EXCLUDED IN ALL SCENARIOS>",
+           "scopes": [
+              "epp", "global"
+           ]
+        },
+        {
+           "$type":"excludedFileExtension",
+           "extension":".pdf<EXAMPLE DO NOT USE>",
+           "scopes": [
+              "epp"
+           ]
+        },
+        {
+           "$type":"excludedFileName",
+           "name":"/bin/cat<EXAMPLE DO NOT USE><NO SCOPE PROVIDED - GLOBAL CONSIDERED>"
+        }
+     ],
+     "mergePolicy":"admin_only"
+   }
+}
+```
+
+For more information, see [Set preferences for Defender for Endpoint on Linux](linux-preferences.md).
 
 ### Using the command line
 

defender-for-iot/TOC.yml

@@ -43,4 +43,10 @@
     - name: Manage
       items:
       - name: Manage sites
-        href: manage-sites.md           
+        href: manage-sites.md  
+      - name: Manage licenses
+        items:
+          - name: Overview
+            href: license-overview.md
+          - name: Manage your license
+            href: manage-license.md           

defender-for-iot/get-started.md

@@ -46,3 +46,7 @@ Once you have a trial license, [set up a new site](set-up-sites.md) so that Micr
 ## Turn on Public preview features
 
 Turn on the public preview features in the Microsoft Defender XDR settings to enable the site security features. Directions to change the settings are available in [Defender portal preview features](/defender-xdr/preview#turn-on-preview-features).
+
+## Upgrade to a permanent license
+
+After assessing the trial version, you can [upgrade to a full license](manage-license.md). For more information, see [license overview](license-overview.md).

defender-for-iot/license-overview.md

@@ -0,0 +1,41 @@
+---
+title: Overview of the permanent site license and how to choose one for Microsoft Defender for IoT in the Defender portal 
+description: Learn about a permanent site license, how to upgrade and the different options available for Microsoft Defender for IoT in the Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 08/01/2024
+ms.topic: overview
+---
+
+# How the site-based license model works
+
+The site-based license model offers a simplified approach to licensing by providing coverage for entire sites rather than individual devices. Customers can purchase annual licenses for their operational sites where Operational Technology (OT) devices are deployed, and receive security coverage for all devices within the site.  
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## What defines a site?
+
+A site refers to a logical grouping of devices within your organization. It represents a specific physical location, such as a manufacturing facility, campus, office building, hospital, rig, or any other relevant site.
+
+## What are the different OT site-based licenses?
+
+Licenses come in five different sizes, based on the number of devices at the site. The licenses range from the smallest tier that covers up to 100 devices per site, to the largest tier, which secures up to 5000 devices per site. For more information, see [license sizing details](https://www.microsoft.com/en-us/security/business/endpoint-security/microsoft-defender-iot-pricing#xfb84a030eec341cb84a6165f393e928a).
+
+The size of a site is determined by the maximum number of devices per site. Billing is based on the license tier, regardless of the number of devices actually discovered.
+
+## What if I need to change the number of devices for a site after making a purchase?  
+
+Once a license is purchased, the number of devices cannot be adjusted until the renewal period. During the annual license renewal, you change to a different license tier for a site based on your updated discovered device count.
+
+## How to choose a license and assess the number of devices on-site?
+
+There are two methods for assessing the number of devices at your site. You could either utilize your OT network monitoring tools to detect and count the devices per site, or use previous knowledge of the number of devices at the site and update the license during the annual license renewal if needed.
+
+> [!Note]
+> All types of devices, both OT and IT, identified on your site should be included in the license. This includes endpoints managed by Microsoft Defender for Endpoint and devices detected by the Microsoft Defender for IoT sensors.
+
+## Next steps
+
+[Manage your license](manage-license.md)

defender-for-iot/manage-license.md

@@ -0,0 +1,41 @@
+---
+title: Manage licenses for Microsoft Defender for IoT in the Microsoft Defender portal
+description: Read this article to learn about the managing of your license for Defender for IoT in the Microsoft Defender portal.
+ms.service: defender-for-iot
+author: limwainstein
+ms.author: lwainstein
+ms.localizationpriority: medium
+ms.date: 06/25/2024
+ms.topic: how-to
+---
+
+# Manage your license
+
+After using a trial license, and deciding to use Microsoft Defender for IoT permanently, you must purchase a full license. To purchase the correct license, you need to know the total number of devices within your network so that you can choose the correct sized license for your network.
+
+This article shows how to make changes to your license, including the steps to choose the best size license to purchase, and upgrading from a trial to permanent license.
+
+[!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
+
+## Calculate number of devices
+
+To calculate the number of devices in your network:
+
+1. In the [Microsoft Defender portal](https://security.microsoft.com/machines) menu, select **Assets > Devices**. The device inventory opens.
+1. Select the **IoT/OT devices** tab. Note down the total number of devices listed. In this example there are 816 IoT/OT devices detected.
+
+    :::image type="content" source="media/manage-licenses/calculate-ot-devices.png" alt-text="Screenshot showing the list of OT devices in the device inventory for caluculating the total number of devices at the site." lightbox="media/manage-licenses/calculate-ot-devices.png":::
+
+## Select license size in the admin center
+
+Purchase the license for your network from the [Microsoft 365 admin center](/microsoft-365/commerce/licenses/buy-licenses), ensuring it covers enough devices for your site needs.
+
+1. Go to the Microsoft 365 admin center **Billing > Purchase services**. If you don't have this option select **Marketplace** instead.
+
+1. Search for Defender for IoT.
+
+1. Choose the license appropriate for the size of your site. There are five different sized licenses ranging from Extra-large for up to 5,000 devices, to extra-small covering a maximum of 100 devices.
+
+    Make sure to select the number of licenses you want to purchase based on the number of sites you're monitoring. You might need to select licenses of different sizes if the number of devices at each site is different.
+
+1. Complete the purchasing instructions.

defender-for-iot/media/manage-licenses/calculate-ot-devices.png

@@ -135,7 +135,6 @@ For example:
 For more information about DMARC, use the following resources:
 
 - The [DMARC Training Series](https://www.m3aawg.org/activities/training/dmarc-training-series) from M<sup>3</sup>AAWG (Messaging, Malware, Mobile Anti-Abuse Working Group).
-- The checklist at [dmarcian](https://space.dmarcian.com/deployment/).
 - Information at [DMARC.org](https://dmarc.org).
 
 ## Use the Microsoft 365 admin center to add DMARC TXT records for \*.onmicrosoft.com domains in Microsoft 365

defender-office-365/email-authentication-dmarc-configure.md

@@ -1,5 +1,5 @@
 ---
-title: Investigate users in Microsoft Defender XDR
+title: User entity page in the Microsoft Defender portal
 description: Investigate users for an incident in the Microsoft Defender portal.
 ms.service: defender-xdr
 ms.localizationpriority: medium

defender-xdr/investigate-users.md

@@ -30,6 +30,7 @@ ms.date: 07/10/2024
 Microsoft Sentinel is generally available within the Microsoft unified security operations platform in the Microsoft Defender portal. When you onboard Microsoft Sentinel to the Defender portal, you unify capabilities with Microsoft Defender XDR like incident management and advanced hunting. Reduce tool switching and build a more context-focused investigation that expedites incident response and stops breaches faster. For more information, see:
 
 - Blog post: [General availability of the Microsoft unified security operations platform](https://aka.ms/unified-soc-announcement)
+- Blog post: [Frequently asked questions about the unified security operations platform](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/frequently-asked-questions-about-the-unified-security-operations/ba-p/4212048)
 - [Microsoft Sentinel in the Microsoft Defender portal](https://go.microsoft.com/fwlink/p/?linkid=2263690)
 - [Microsoft Defender XDR integration with Microsoft Sentinel](/azure/sentinel/microsoft-365-defender-sentinel-integration)