Merge pull request #1349 from tarTech23/bms

tarTech23 · web-flow · commit e7f2109ce3fb · 2024-09-16T23:01:28.000+03:00
Add BMS category
diff --git a/defender-for-iot/device-discovery.md b/defender-for-iot/device-discovery.md
@@ -43,15 +43,15 @@ The key device discovery capabilities are:
 
 |Capability|Description|
 |---|---|
-|OT device management|[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.<br>- Add organization-specific information to emphasize your organization preferences.|
+|OT device management|[Manage OT devices](manage-devices-inventory.md):<br>- Build an up-to-date inventory that includes all your managed and unmanaged devices.<br>- Discover your organization Building Management Systems (BMS) devices such as **Motion detector**, **Fire Alarm**, and **Elevators**.<br>- Classify critical devices to ensure that the most important assets in your organization are protected.<br>- Add organization-specific information to emphasize your organization preferences.|
 |Device protection with risk-based approach|Identify risks such as missing patches, vulnerabilities and prioritize fixes based on risk scoring and automated threat modeling.|
 |Device alignment with physical sites|Allows contextual security monitoring. Use the **Site** filter to manage each site separately. Learn more about [filters](/defender-endpoint/machines-view-overview#use-filters-to-customize-the-device-inventory-views).|
 |Device groups|Allows different teams in your organization to monitor and manage relevant assets only. Learn more about [creating a device group](/defender-endpoint/machine-groups#create-a-device-group).|
 |Device criticality|Reflects how critical a device is for your organization and allows you to identify a device as a business critical asset. Learn more about [device criticality](/defender-endpoint/machines-view-overview#device-inventory-overview).|
 
 ## Supported devices
 
-Defender for IoT's device inventory supports the following device classes:
+Defender for IoT's device inventory supports the following device categories:
 
 |Devices|Example|
 |---|---|
@@ -60,10 +60,12 @@ Defender for IoT's device inventory supports the following device classes:
 |**Health care**|Glucose meters, monitors|
 |**Transportation / Utilities**|Turnstiles, people counters, motion sensors, fire and safety systems, intercoms|
 |**Energy and resources**|DCS controllers, PLCs, historian devices, HMIs|
-|**Endpoint devices**|Workstations, servers, or mobile devices|
-|**Enterprise**|Smart devices, printers,  communication devices, or audio/video devices|
 |**Retail**|Barcode scanners, humidity sensor, punch clocks|
 
+For Enterprise device discovery information, see [Enterprise device discovery](/defender-for-iot/enterprise-iot).
+
+For Endpoint device discovery information, see [Endpoint device discovery](/defender-endpoint/device-discovery).
+
 ### Identified, unique devices
 
 Defender for IoT can discover all devices, of any type, across all environments. Devices are listed in the Defender for IoT **Device inventory** pages based on a unique IP and MAC address coupling.
@@ -72,8 +74,8 @@ Defender for IoT identifies single and unique devices as follows:
 
 |Type  |Description  |
 |---------|---------|
-|**Identified as individual devices**     |    Devices identified as *individual* devices include:<br>**IT, OT, or IoT devices with one or more NICs**, including network infrastructure devices such as switches and routers<br><br>**Note**: A device with modules or backplane components, such as racks or slots, is counted as a single device, including all modules or backplane components.|
-|**Not identified as individual devices**     | The following items *aren't* considered as individual devices, and do not count against your license:<br><br>- **Public internet IP addresses** <br>- **Multi-cast groups**<br>- **Broadcast groups**<br>- **Inactive devices**<br><br> Network-monitored devices are marked as *inactive* when there's no network activity detected within a specified time:<br><br> - **OT networks**: No network activity detected for more than 60 days<br> - **Enterprise IoT networks**: No network activity detected for more than 30 days<br><br>**Note**: Endpoints already managed by Defender for Endpoint are not considered as separate devices by Defender for IoT.  |
+|**Identified as individual devices**     |    Devices identified as *individual* devices include:<br>**OT or BMS unmanaged devices with one or more NICs**, including network infrastructure devices such as switches and routers<br><br>**Note**: A device with modules or backplane components, such as racks or slots, is counted as a single device, including all modules or backplane components.|
+|**Not identified as individual devices**     | The following items *aren't* considered as individual devices, and don't count against your license:<br><br>- **Public internet IP addresses** <br>- **Multi-cast groups**<br>- **Broadcast groups**<br>- **Inactive devices**<br><br> Network-monitored devices are marked as *inactive* when there's no network activity detected within a specified time:<br><br> - **OT networks**: No network activity detected for more than 60 days<br><br>**Note**: Endpoints already managed by Defender for Endpoint aren't considered as separate devices by Defender for IoT.  |
 
 ## Next steps
 
diff --git a/defender-for-iot/enterprise-iot-get-started.md b/defender-for-iot/enterprise-iot-get-started.md
@@ -21,7 +21,7 @@ In this article you'll learn how to add enterprise IoT to your Microsoft Defende
 
 ## Prerequisites
 
-Make sure that you have:
+Before you start, you need:
 
 - IoT devices in your network, visible in the Microsoft Defender portal **Device inventory**
 
diff --git a/defender-for-iot/prerequisites.md b/defender-for-iot/prerequisites.md
@@ -25,7 +25,7 @@ Before you start, you need:
 
     For more information, see [Buy or remove licenses for a Microsoft business subscription](/microsoft-365/commerce/licenses/buy-licenses) and [About admin roles in the Microsoft 365 admin center](/microsoft-365/admin/add-users/about-admin-roles).
 
-- A Microsoft 365 E5/ Defender for Endpoint Plan 2/ E5 security license.
+- A Microsoft 365 E5 or E5 security license or a Defender for Endpoint P2 license.
 
 - Microsoft Defender for Endpoint agents deployed in your environment. For more information, see [onboard Microsoft Defender for Endpoint](/defender-endpoint/onboarding).
 
diff --git a/defender-for-iot/whats-new.md b/defender-for-iot/whats-new.md
@@ -16,6 +16,20 @@ This article describes features available in Microsoft Defender for IoT in the D
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
+## September 2024
+
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [New Device Category Added – Building Management Systems (BMS)](#new-device-category-added--building-management-systems-bms) |
+
+### New Device Category Added – Building Management Systems (BMS)
+
+A new BMS device category has been added to the MDIoT license aiming to improve BMS device discovery and security. The BMS category includes a subset of Smart Facility and Surveillance devices (previously under the IoT category) such as fire alarms, humidity sensors, security radars, etc. These devices now require an Microsoft Defender for IoT site-based license for full protection.
+
+Cameras devices will remain under the IoT category.
+
+For more information, see [overview of device discovery](device-discovery.md).
+
 ## July 2024
 
 |Service area  |Updates  |
