Merge pull request #951 from MicrosoftDocs/chrisda

Smart quote and weird non-ASCII text replacement

Author: chrisda

defender-for-iot/device-discovery.md

@@ -24,7 +24,7 @@ Learn how to [discover and manage your IoT/OT devices](manage-devices-inventory.
 ## Device inventory: initial view
 
 If you don't yet have a Defender for IoT license, the **Device inventory** page detects your OT devices and lists them with regular device data, but without security data. For example, the device name, IP, and category are visible, while the risk level isn't visible. The device inventory also displays a note at the top of the page that indicates the number of unprotected OT devices.
- 
+
 In this case, [onboard Defender for IoT](get-started.md) to get security value for your OT devices.
 
 If you're seeing the message that indicates the number of unprotected OT devices, and you've already set up Defender for IoT, [set up a site](set-up-sites.md) and associate the relevant devices with it.
@@ -41,29 +41,29 @@ Learn more about the [device inventory in Microsoft Defender for Endpoint](/defe
 
 The key device discovery capabilities are:
 
-|Capability  |Description  |
-|---------|---------|
-|OT device management     |[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.​<br>- Add organization-specific information to emphasize your organization preferences. |
-|Device protection with risk-based approach  |Identify risks such as missing patches, vulnerabilities and prioritize fixes based on risk scoring and automated threat modeling. |
-|Device alignment with physical sites     |Allows contextual security monitoring. Use the **Site** filter to manage each site separately. Learn more about [filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views). |
-|Device groups     |Allows different teams in your organization to monitor and manage relevant assets only.​ Learn more about [creating a device group](/defender-endpoint/machine-groups#create-a-device-group).  |
-|Device criticality     |Reflects how critical a device is for your organization and allows you to identify a device as a business critical asset. Learn more about [device criticality](/defender-endpoint/machines-view-overview#device-inventory-overview). |
+|Capability|Description|
+|---|---|
+|OT device management|[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.<br>- Add organization-specific information to emphasize your organization preferences.|
+|Device protection with risk-based approach|Identify risks such as missing patches, vulnerabilities and prioritize fixes based on risk scoring and automated threat modeling.|
+|Device alignment with physical sites|Allows contextual security monitoring. Use the **Site** filter to manage each site separately. Learn more about [filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views).|
+|Device groups|Allows different teams in your organization to monitor and manage relevant assets only. Learn more about [creating a device group](/defender-endpoint/machine-groups#create-a-device-group).|
+|Device criticality|Reflects how critical a device is for your organization and allows you to identify a device as a business critical asset. Learn more about [device criticality](/defender-endpoint/machines-view-overview#device-inventory-overview).|
 
 ## Supported devices
 
 Defender for IoT's device inventory supports the following device classes:
 
-|Devices  |Example |
-|---------|---------|
-|**Manufacturing**| Industrial and operational devices, such as pneumatic devices,  packaging systems, industrial packaging systems, industrial robots        |
-|**Building**     | Access panels,  surveillance devices, HVAC systems, elevators, smart lighting systems    |
-|**Health care**     |  Glucose meters, monitors       |
-|**Transportation / Utilities**     |  Turnstiles, people counters, motion sensors, fire and safety systems, intercoms       |
-|**Energy and resources**     |  DCS controllers, PLCs, historian devices, HMIs      |
-|**Endpoint devices**     |  Workstations, servers, or mobile devices        |
-| **Enterprise** | Smart devices, printers,  communication devices, or audio/video devices |
-| **Retail** | Barcode scanners, humidity sensor, punch clocks | 
+|Devices|Example|
+|---|---|
+|**Manufacturing**|Industrial and operational devices, such as pneumatic devices,  packaging systems, industrial packaging systems, industrial robots|
+|**Building**|Access panels,  surveillance devices, HVAC systems, elevators, smart lighting systems|
+|**Health care**|Glucose meters, monitors|
+|**Transportation / Utilities**|Turnstiles, people counters, motion sensors, fire and safety systems, intercoms|
+|**Energy and resources**|DCS controllers, PLCs, historian devices, HMIs|
+|**Endpoint devices**|Workstations, servers, or mobile devices|
+|**Enterprise**|Smart devices, printers,  communication devices, or audio/video devices|
+|**Retail**|Barcode scanners, humidity sensor, punch clocks|
 
 ## Next steps
 
-[Discover and manage devices](manage-devices-inventory.md)
+[Discover and manage devices](manage-devices-inventory.md)

defender-for-iot/microsoft-defender-iot.md

@@ -22,18 +22,18 @@ In this article, you learn how Microsoft Defender customers can extend their pro
 
 You can work with these different flavors of Defender for IoT:
 
-|Flavor  |Details  |Next steps  |
-|---------|---------|---------|
-|Defender for IoT in the Defender portal (Preview)  |Microsoft Defender customers can use this flavor for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).  |[Get started](get-started.md) with Defender for IoT in the Defender portal. |
-|Defender for IoT in the classic, Azure portal    |All customers can use this flavor to identify OT devices, vulnerabilities, and threats in the Azure portal.  |See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).         |
-|Protection for enterprise IoT devices     |Microsoft Defender customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices. |[Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.         |
+|Flavor|Details|Next steps|
+|---|---|---|
+|Defender for IoT in the Defender portal (Preview)|Microsoft Defender customers can use this flavor for a unified IT/OT experience, extending Defender XDR protection to OT environments. [Learn about the main use cases](#what-are-the-main-defender-for-iot-use-cases).|[Get started](get-started.md) with Defender for IoT in the Defender portal.|
+|Defender for IoT in the classic, Azure portal|All customers can use this flavor to identify OT devices, vulnerabilities, and threats in the Azure portal.|See the [Defender for IoT on Azure overview](/azure/defender-for-iot/organizations/overview).|
+|Protection for enterprise IoT devices|Microsoft Defender customers can enable protection for enterprise IoT devices, like printers, smart TVs, and conferencing systems and purpose-built, proprietary devices.|[Get started](/azure/defender-for-iot/organizations/eiot-sensor) with enterprise IoT monitoring.|
 
 ## Who uses Defender for IoT?
 
 Defender for IoT is intended for:
 
 - **CISOs** or security leaders that want to gain an overview of their organization's OT network and security.
-- **OT security admins, industrial engineers, risk managers, and SOC analysts​** that want to gain a high-level view of a site's risks, incidents, and vulnerabilities, get recommendations for remediation actions, manage and discover protected OT devices, and more.
+- **OT security admins, industrial engineers, risk managers, and SOC analysts** that want to gain a high-level view of a site's risks, incidents, and vulnerabilities, get recommendations for remediation actions, manage and discover protected OT devices, and more.
 
 ## What are the main OT security challenges?
 
@@ -51,13 +51,13 @@ Defender for IoT in the Defender portal uses the following combination of techno
 
 ## What are the main Defender for IoT use cases?
 
-|Use case  |Capabilities  |
-|---------|---------|
-|**[Discover OT devices](manage-devices-inventory.md)**     |Gather OT network data from Microsoft Defender for Endpoint; identify and  manage OT devices.  |
-|**[Get an overview of your productions sites (site security)](site-security-overview.md)** |Get an overview of your production sites to gain insights into OT risks, make better-informed security investment decisions​, and streamline communication between stakeholders. |
-|**[Prioritize and remediate vulnerabilities](prioritize-vulnerabilities.md)**     |Proactively manage OT network risks based on vulnerability details and recommended remediation advice.  |
-|**[Analyze incidents](investigate-threats.md) and respond to threats**     |Review incidents and alerts with real-time details about events logged in your OT network and take recommended remediation actions. |
-|**Extend Microsoft Defender XDR**     |Microsoft Defender XDR and Defender for IoT form a unified pre- and post-breach enterprise defense suite. This suite natively integrates across endpoint, IoT/OT, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks. |
+|Use case|Capabilities|
+|---|---|
+|**[Discover OT devices](manage-devices-inventory.md)**|Gather OT network data from Microsoft Defender for Endpoint; identify and  manage OT devices.|
+|**[Get an overview of your productions sites (site security)](site-security-overview.md)**|Get an overview of your production sites to gain insights into OT risks, make better-informed security investment decisions, and streamline communication between stakeholders.|
+|**[Prioritize and remediate vulnerabilities](prioritize-vulnerabilities.md)**|Proactively manage OT network risks based on vulnerability details and recommended remediation advice.|
+|**[Analyze incidents](investigate-threats.md) and respond to threats**|Review incidents and alerts with real-time details about events logged in your OT network and take recommended remediation actions.|
+|**Extend Microsoft Defender XDR**|Microsoft Defender XDR and Defender for IoT form a unified pre- and post-breach enterprise defense suite. This suite natively integrates across endpoint, IoT/OT, identity, email, and applications to detect, prevent, investigate, and automatically respond to sophisticated attacks.|
 
 ## Next steps
 

defender-for-iot/prerequisites.md

@@ -58,18 +58,18 @@ If you're using the Defender portal for the first time, you need to set up all o
 
 The unified RBAC roles and permissions to give users access to [site security](site-security-overview.md) features are:
 
-|Write permissions |Read permissions |
+|Write permissions|Read permissions|
 |----|----|
-| **MDE Roles**: Core security settings scoped to all device groups. <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator scoped to all device groups.| Write roles (including roles that aren't scoped to all device groups). <br> **MDE Roles**: Security data basics (under Security Operations).<br>**Entra ID roles**: Global Reader, Security Reader.|
+|**MDE Roles**: Core security settings scoped to all device groups. <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator scoped to all device groups.|Write roles (including roles that aren't scoped to all device groups). <br> **MDE Roles**: Security data basics (under Security Operations).<br>**Entra ID roles**: Global Reader, Security Reader.|
 
 This table shows the full roles and permissions needed for all MDE features used with Defender for IoT:
 
-| Feature | Write permissions | Read permissions |
+|Feature|Write permissions|Read permissions|
 |---|----|---|
-|Alerts and incidents| **MDE Roles**: Alerts (manage) <br> **Entra ID roles**: Global Administrator, Security Administrator, Security Operator| Write roles<br> **MDE Roles**: Security data basics<br>**Entra ID roles**: Global Reader, Security Reader |
-|Vulnerabilities | **MDE Roles**: Response (manage)\ Security operations \ Security data <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator | Write roles<br> **MDE Roles**: Vulnerability management (read) <br> **Entra ID roles**: Global Reader, Security Reader |
-|Inventory| **MDE Roles**: Onboard offboard device: Detection tuning (manage) <br> Manage device tags: Alerts (manage) <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator | Write roles <br>**MDE Roles**: Security data basics/Security operations \ Security data <br> **Entra ID roles**: Global Reader, Security Reader |
-|Device group| **MDE Roles**: Authorization (Read and manage) <br>**Entra ID roles**: Global Administrator, Security Administrator |**MDE Roles**: Authorization (write roles, Read-only) |
+|Alerts and incidents|**MDE Roles**: Alerts (manage) <br> **Entra ID roles**: Global Administrator, Security Administrator, Security Operator|Write roles<br> **MDE Roles**: Security data basics<br>**Entra ID roles**: Global Reader, Security Reader|
+|Vulnerabilities|**MDE Roles**: Response (manage)\ Security operations \ Security data <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator|Write roles<br> **MDE Roles**: Vulnerability management (read) <br> **Entra ID roles**: Global Reader, Security Reader|
+|Inventory|**MDE Roles**: Onboard offboard device: Detection tuning (manage) <br> Manage device tags: Alerts (manage) <br>**Entra ID roles**: Global Administrator, Security Administrator, Security Operator|Write roles <br>**MDE Roles**: Security data basics/Security operations \ Security data <br> **Entra ID roles**: Global Reader, Security Reader|
+|Device group|**MDE Roles**: Authorization (Read and manage) <br>**Entra ID roles**: Global Administrator, Security Administrator|**MDE Roles**: Authorization (write roles, Read-only)|
 
 To assign roles and permissions for other Microsoft Defender for Endpoint features, such as alerts, incidents and inventory, see [assign roles and permissions for Defender for Endpoint](/defender-endpoint/prepare-deployment).
 

defender-office-365/attack-simulation-training-insights.md

@@ -439,8 +439,8 @@ How user activity signals are captured is described in the following table.
 |Read Message|The user read the simulation message.|Message read signals might experience issues in the following scenarios: <ul><li>The user reported the message as phishing in Outlook without leaving the reading pane, and **Mark items as read when viewed in the Reading Pane** wasn't configured (default).</li><li>The user reported the unread message as phishing in Outlook, the message was deleted, and **Mark messages as read when deleted** wasn't configured (default).</li></ul>|
 |Out of Office|Determines whether the user is out of office.|Currently calculated by the Automatic replies setting from Outlook.|
 |Compromised User|Indicates if a user been compromised. The compromise signals can vary based on the attack type.|<ul><li>**Credential Harvest**: The user enters their credentials in the login page (credentials aren't stored by Microsoft).</li><li>**Malware Attachment**: The user opens the file and enables editing in protected view.</li><li>**Link in attachment**: The user opens the attachment, and clicks on the link.</li><li>**Link to Malware**: The user clicks on the link and enters their credentials.</li><li>**Drive by URL**: The user clicks on the link (entering credentials isn't required).</li><li>**OAuth**: The user clicks on the link and accepts to share permissions.</li></ul>|
-|Clicked Message Link|Indicates if a user clicked on the message .|The URL in the simulation is unique for each user, which allows individual user activity tracking. Third-party filtering services or email forwarding can lead to false positives. For more information, see [I see clicks or compromise events from users who insist they didn't click the link in the simulation message](attack-simulation-training-faq.md#i-see-clicks-or-compromise-events-from-users-who-insist-they-didnt-click-the-link-in-the-simulation-message).|
-|Forwarded Message|Indicates if a user forwarded on the message .||
+|Clicked Message Link|Indicates if a user clicked on the message.|The URL in the simulation is unique for each user, which allows individual user activity tracking. Third-party filtering services or email forwarding can lead to false positives. For more information, see [I see clicks or compromise events from users who insist they didn't click the link in the simulation message](attack-simulation-training-faq.md#i-see-clicks-or-compromise-events-from-users-who-insist-they-didnt-click-the-link-in-the-simulation-message).|
+|Forwarded Message|Indicates if a user forwarded on the message.||
 |Replied to Message|Indicates if an end users has replied on the message.||
 |Deleted message|Indicates if an end users has deleted the message.|The signal comes from the Outlook activity of the user. If the user reports the message as phishing, the message might be moved to the Deleted Items folder, which is identified as a deletion.|
 |Permissions granted|Indicates if a user shared permissions in an Oauth-based attack.||