Resolving conflicts, adding changes

limwainstein · limwainstein · commit beb61cf94412 · 2024-08-12T15:45:46.000+03:00
diff --git a/defender-endpoint/device-discovery.md b/defender-endpoint/device-discovery.md
@@ -91,13 +91,13 @@ Network devices aren't managed as standard endpoints, as Defender for Endpoint d
 
 For more information, see [Network devices](network-devices.md).
 
-## Device discovery Integration
+## Device discovery integration
 
 To address the challenge of gaining enough visibility to locate, identify, and secure your complete OT/IOT asset inventory Defender for Endpoint now supports the following integration:
 
-- **Microsoft Defender for IoT**: This integration combines Defender for Endpoint's device discovery capabilities with Microsoft Defender for IoT in the Defender portal (Preview) to secure:
+- **Microsoft Defender for IoT**: This integration combines Defender for Endpoint's device discovery capabilities with Microsoft Defender for IoT in the Microsoft Defender portal (Preview) to secure:
 
-    - OT devices, such as servers or packaging systems. For more information, [onboard Defender for IoT in the Defender portal](../defender-for-iot/get-started.md).
+    - OT devices, such as servers or packaging systems. For more information, see [onboard Defender for IoT in the Defender portal](../defender-for-iot/get-started.md).
     - Enterprise IoT devices connected to an IT network (for example, Voice over Internet Protocol (VoIP), printers, and smart TVs). For more information, see [Enable Enterprise IoT security with Defender for Endpoint](/azure/defender-for-iot/organizations/eiot-defender-for-endpoint).
 
 ## Vulnerability assessment on discovered devices
diff --git a/defender-endpoint/machines-view-overview.md b/defender-endpoint/machines-view-overview.md
@@ -114,7 +114,7 @@ The **Newly discovered** device count for network devices and **IoT/OT** tabs, s
 There are several options you can choose from to customize the device inventory view. On the top navigation for each tab you can:
 
 - Search for a device by name
-- Search for a device by the most recently used IP address or IP address prefix
+- Search for a device by the most recently used IP or Mac address or IP address prefix
 - Add or remove columns
 - Export the entire list in CSV format for offline analysis
 - Select the date range to display
@@ -129,26 +129,31 @@ The counts on the top of each tab are updated based on the current view.
 
 ## Use filters to customize the device inventory views
 
-| Filter | Description |
-|---|---|
-| **Risk level** | The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level. |
-| **Exposure level** | The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation.<br/><br/> If the exposure level says "No data available," there are a few reasons why:<br/>- Device stopped reporting for more than 30 days. In that case it's considered inactive, and the exposure isn't computed.<br/>- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).<br/>- Device with stale agent (unlikely). |
-| **Criticality level** | The criticality level reflects how critical a device is for your organization. The possible levels are `low`, `medium`, `high`, or `very high`. `Very high` means that the device is considered a business critical asset. For more information, see [Overview of critical asset management](/security-exposure-management/critical-asset-management). |
-| **Transient devices** | By default transient devices are filtered out of the device inventory to reduce inventory noise. You can turn transient device filtering off as needed. Learn more about [transient device filtering](transient-device-tagging.md). |
-| **OS Platform** | Filter by the OS platforms you're interested in investigating <br/><br/>(*Computers and mobile and IoT devices only*). |
-| **Windows version** | Filter by the Windows versions you're interested in investigating. If `future version` appears in the Windows version field, it can mean:<br/><br/> - This is a pre-release build for a future Windows release<br/> - The build has no version name<br/> - The build version name isn't yet supported <br/><br/> In all these scenarios, where available, the full OS version can be seen in the device details page.<br/><br/> (*Computers and mobile only*)<br/><br/>Windows 11 WVD onboarding is supported; however, those devices might appear as WVD 10 in the **Device Inventory** and **Device** pages. |
-| **Sensor health state** | Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:<br/> - **Active**: Devices that are actively reporting sensor data to the service.<br/> - **Inactive**: Devices that stopped sending signals for more than seven days.<br/> - **Misconfigured**: Devices that have impaired communications with service or are unable to send sensor data.<br/> Misconfigured devices can further be classified to: <br/>  - No sensor data <br/>  - Impaired communications <br/>  For more information on how to address issues on misconfigured devices, see, [Fix unhealthy sensors](fix-unhealthy-sensors.md).<br/><br/> (*Computers and mobile only*) |
-| **Onboarding status** | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. Device discovery must be enabled for this filter to appear. You can filter by the following states: <br/> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint.<br/> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but isn't currently onboarded. Microsoft highly recommends onboarding these devices.<br/> - **Unsupported**: The endpoint was discovered in the network, but isn't supported by Microsoft Defender for Endpoint.<br/> - **Insufficient info**: The system couldn't determine the supportability of the device.<br/><br/> (*Computers and mobile only*) |
-| **Antivirus status** | Filter the view based on whether the antivirus status is disabled, not updated or unknown.<br/><br/> (*Computers and mobile only*) |
-| **First seen** | Filter your view based on when the device was first seen in the network or when it was first reported by the Microsoft Defender for Endpoint sensor.<br/><br/>(*Computers and mobile and IoT devices only*)|
-| **Tags** | Filter the list based on the grouping and tagging that you've added to individual devices. See [Create and manage device tags](machine-tags.md). |
-| **Internet facing** | Filter the list based on whether the device is internet facing. |
-| **Group** | Filter the list based on the group you're interested in investigating.<br/><br/> (*Computers and mobile only*) |
-| **Device value** | Filter the list based on whether the device is marked as high value or low value. |
-| **Exclusion state** | Filter the list based on whether the device is excluded or not. For more information, see [Exclude devices](exclude-devices.md). |
-| **Managed by** | `Managed by` indicates how the device is being managed. You can filter by:<br/> - Microsoft Defender for Endpoint<br/> - Microsoft Intune, including co-management with Microsoft Configuration Manager via tenant attach<br/>- Microsoft Configuration manager (ConfigMgr)<br/> - Unknown: This issue could be due the running an outdated Windows version, GPO management, or another non-Microsoft MDM.<br/><br/> (*Computers and mobile only*) |
-| **Device Type** | Filter by the device type you're interested in investigating.<br/><br/> (*IoT devices only*) |
-| **Mitigation status** | Filter by isolation or containment status of a device. |
+Filter | Description
+:---|:---
+**Risk level** | The risk level reflects the overall risk assessment of the device based on a combination of factors, including the types and severity of active alerts on the device. Resolving active alerts, approving remediation activities, and suppressing subsequent alerts can lower the risk level.
+**Exposure level** | The exposure level reflects the current exposure of the device based on the cumulative impact of its pending security recommendations. The possible levels are low, medium, and high. Low exposure means your devices are less vulnerable from exploitation.</br></br> If the exposure level says "No data available," there are a few reasons why:</br>- Device stopped reporting for more than 30 days. In that case it's considered inactive, and the exposure isn't computed.</br>- Device OS not supported - see [minimum requirements for Microsoft Defender for Endpoint](minimum-requirements.md).</br>- Device with stale agent (unlikely).
+**Criticality level** | The criticality level reflects how critical a device is for your organization. The possible levels are low, medium, high, or very high. Very high means that the device is considered a business critical asset. For more information, see [Overview of critical asset management](/security-exposure-management/critical-asset-management).
+**Transient devices** | By default transient devices are filtered out of the device inventory to reduce inventory noise. You can turn transient device filtering off as needed. Learn more about [transient device filtering](transient-device-tagging.md).
+**OS Platform** | Filter by the OS platforms you're interested in investigating </br></br>(_Computers and mobile and IoT/OT devices only_).
+**OS Version** | Filter by the OS versions you're interested in investigating </br></br>(_All devices, Computers and mobile, and IoT/OT devices only_).
+**Windows version** | Filter by the Windows versions you're interested in investigating. If 'future version' appears in the Windows version field, it can mean:</br></br> - This is a pre-release build for a future Windows release</br> - The build has no version name</br> - The build version name isn't yet supported </br></br> In all these scenarios, where available, the full OS version can be seen in the device details page.</br></br> (_Computers and mobile only_).
+**Sensor health state** | Filter by the following sensor health states, for devices onboard to Microsoft Defender for Endpoint:</br> - **Active**: Devices that are actively reporting sensor data to the service.</br> - **Inactive**: Devices that stopped sending signals for more than seven days.</br> - **Misconfigured**: Devices that have impaired communications with service or are unable to send sensor data.</br> Misconfigured devices can further be classified to: </br>  - No sensor data </br>  - Impaired communications </br>  For more information on how to address issues on misconfigured devices, see, [Fix unhealthy sensors](fix-unhealthy-sensors.md).</br></br> (_Computers and mobile only_).
+**Onboarding status** | Onboarding status indicates whether the device is currently onboarded to Microsoft Defender for Endpoint or not. Device discovery must be enabled for this filter to appear. You can filter by the following states: </br> - **Onboarded**: The endpoint is onboarded to Microsoft Defender for Endpoint.</br> - **Can be onboarded**: The endpoint was discovered in the network as a supported device, but isn't currently onboarded. Microsoft highly recommends onboarding these devices.</br> - **Unsupported**: The endpoint was discovered in the network, but isn't supported by Microsoft Defender for Endpoint.</br> - **Insufficient info**: The system couldn't determine the supportability of the device.</br></br> (_Computers and mobile only_).
+**Antivirus status** | Filter the view based on whether the antivirus status is disabled, not updated or unknown.</br></br> (_Computers and mobile only_).
+**First seen** | Filter your view based on when the device was first seen in the network or when it was first reported by the Microsoft Defender for Endpoint sensor.</br></br>(_Computers and mobile and IoT/OT devices only_).
+**Tags** | Filter the list based on the grouping and tagging that you've added to individual devices. See [Create and manage device tags](machine-tags.md).
+**Internet facing** | Filter the list based on whether the device is internet facing.
+**Group** | Filter the list based on the group you're interested in investigating.</br></br> (_Computers and mobile only_).
+**Device value** | Filter the list based on whether the device is marked as high value or low value.
+**Exclusion state** | Filter the list based on whether the device is excluded or not. For more information, see [Exclude devices](exclude-devices.md).
+**Managed by** | Managed by indicates how the device is being managed. You can filter by:</br> - Microsoft Defender for Endpoint</br> - Microsoft Intune, including co-management with Microsoft Configuration Manager via tenant attach</br>- Microsoft Configuration manager (ConfigMgr)</br> - Unknown: This issue could be due the running an outdated Windows version, GPO management, or another non-Microsoft MDM.</br></br> (_Computers and mobile only_)
+**Device Type** | Filter by the device type you're interested in investigating.</br></br> (_Appears on all tabs, except for uncategorized devices_)
+**Device Subtype** | Filter by the device subtype you're interested in investigating.</br></br> (_Appears on all tabs, except for uncategorized devices_)
+**Device Category** | Filter by the device category you're interested in investigating.</br></br> (_All devices and IoT devices/OT only_)
+**Vendor** | Filter by the device vendor you're interested in investigating.</br></br> (_All devices and IoT devices/OT only_)
+**Model** | Filter by the device model you're interested in investigating.</br></br> (_All devices and IoT devices/OT only_)
+**Mitigation status** | Filter by isolation or containment status of a device.
 
 ## Use columns to customize the device inventory views
 
diff --git a/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md b/defender-endpoint/whats-new-in-microsoft-defender-endpoint.md
@@ -53,10 +53,13 @@ For more information on Microsoft Defender for Endpoint on specific operating sy
 
 ## July 2024
 
-- (Preview) **Monitor OT devices in the device inventory**: You can now monitor OT devices in addition to IoT devices in the device inventory, as part of the integration with [Microsoft Defender for IoT in the Defender portal](/defender-for-iot/device-discovery). As part of this integration: 
-    - We've added the **Device type**, **Device subtype**, **Mac address**, and **Site** columns to the device inventory **IoT/OT** tab.
-    - If OT devices are discovered but a Defender for IoT license isn't set up, the device inventory displays a message that indicates the number of unprotected OT devices. [Learn more about the initial device inventory view with detected OT devices](/defender-for-iot/device-discovery#device-inventory-initial-view).
-- (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject. 
+- (Preview) **Monitor OT devices in the device inventory**: You can now monitor OT devices in addition to IoT devices in the device inventory, as part of the integration with [Microsoft Defender for IoT in the Defender portal](/defender-for-iot/device-discovery). As part of this integration:
+    - We've added the **All devices** tab and renamed the **IoT devices** tab to **IoT/OT devices**.
+    - We've added the **Device type**, **Device subtype**, **Vendor** and **Model** filters and columns to the device inventory. 
+    - We've added the ability to search Mac devices and Mac addresses.
+    - We've added a system tag that shows the production site name (read only), used for the Defender for IoT [site security](/defender-for-iot/site-security-overview.md) feature, as part of the [device group](/defender-for-iot/set-up-sites.md#add-device-group).
+    - If OT devices are discovered but a Defender for IoT license isn't set up, the device inventory displays partial data on the OT/IoT devices, and a message that indicates the number of unprotected OT devices. [Learn more about the initial device inventory view with detected OT devices](/defender-for-iot/device-discovery#device-inventory-initial-view).
+- (GA) Learning hub resources have moved from the Microsoft Defender portal to [learn.microsoft.com](https://go.microsoft.com/fwlink/?linkid=2273118). Access Microsoft Defender XDR Ninja training, learning paths, training modules and more. Browse the [list of learning paths](/training/browse/?products=m365-ems-cloud-app-security%2Cdefender-for-cloud-apps%2Cdefender-identity%2Cm365-information-protection%2Cm365-threat-protection%2Cmdatp%2Cdefender-office365&expanded=m365%2Coffice-365), and filter by product, role, level, and subject.     
 
 ## June 2024
 
