Merge pull request #2352 from MicrosoftDocs/main

Publish main to live, 01/08, 5:00 PM IST

CloudAppSecurityDocs/network-requirements.md

@@ -11,6 +11,15 @@ ms.topic: reference
 
 This article provides a list of ports and IP addresses you need to allow and allowlist to work with Microsoft Defender for Cloud Apps.
 
+In order to stay up to date on IP ranges, it's recommended to refer to the following Azure service tags for Microsoft Defender for Cloud Apps services. The latest IP ranges are found in the service tag. For more information, see [Azure IP ranges](https://azureipranges.azurewebsites.net/).
+
+| Service tag name    |    Defender for Cloud Apps services included   |
+|:---|:---|
+| MicrosoftCloudAppSecurity | Portal access, Access and session controls, SIEM agent connection, App connector, Mail server, Log collector. |
+
+The following tables list the current static IP ranges covered by the MicrosoftCloudAppSecurity service tag. For latest list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
+
+
 ## View your data center
 
 Some of the requirements below depend on which data center you're connected to.

defender-for-iot/manage-devices-inventory.md

@@ -49,6 +49,7 @@ To customize the device inventory views:
 - [Offboard devices](/defender-endpoint/offboard-machines).
 - [Investigate the device details](/defender-endpoint/investigate-machines) to identify behaviors or events that might be related to the alert.
 - In the device details pane, select the ellipsis on the top right to [take response actions on a device](/defender-endpoint/respond-machine-alerts).
+- [Manually update the site associated with a device](manage-sites.md#manually-update-device-site-association) to maintain accurate monitoring of the network traffic.<!-- Devices can be manually updated[Update the site associated with a device.-->
 
 ## Next steps
 

defender-for-iot/manage-sites.md

@@ -17,6 +17,34 @@ When you manage a site, you might need to edit or delete the site information li
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
+## Manually update device site association
+
+Security admininstrators can manually assign or modify the site location for a device. Manually assigning a site overrides the automatic site association created when making the site.
+
+To quickly update a group of devices, select multiple devices from the inventory and set the site for all of the selected devices simulataneously.
+
+**To change the site associated with a device**:
+
+1. Select **Assets -> Devices** to open the **Device Inventory**.
+
+1. Select the device, or group of devices, to update. A list of action buttons appear at the top of the Device Inventory table.
+
+1. Select **Set site**. The **Set site** pane opens.
+
+    :::image type="content" source="media/manage-sites/set-site-from-inventory-boxed.png" alt-text="Screenshot of the set site button in the device inventory table for changing the site location setting" lightbox="media/manage-sites/set-site-from-inventory-boxed.png":::
+
+1. In **Set site manually**, open the **Select site** drop down list and select the site to associate with this device. If you want to leave a device unassociated with a specific site, select **Unassigned**.
+
+    :::image type="content" source="media/manage-sites/device-set-site-manually.png" alt-text="Screenshot of the set site manually drop down list for changing the site location setting" lightbox="media/manage-sites/device-set-site-manually.png":::
+
+1. Select **Save and close**.
+
+1. The Set site confirmation box appears. Select **Confirm** to finalize the change. Finalizing the change prevents automatic site reassignment based on existing site security rules. This change remains until the device is reset manually.
+
+>[!Note]
+>
+>For managing an entire site, instead of manually changing each individual device to a new site, it is recommended to go to **Site security** and use the **Edit site** wizard to more efficiently manage the site and the devices associated to it. For more information, see [Site security](monitor-site-security.md).
+
 ## Edit or delete a site
 
 To edit or delete a site:

defender-for-iot/set-up-sites.md

@@ -68,7 +68,7 @@ In this stage, you configure Defender for IoT to associate devices to the site,
 
     Use the **Group** column to check the ID for each suggested site. Sites with the same ID indicate that the devices are likely located at the same physical location. As these suggested sites are expected to belong to the same site, review and confirm that the devices listed are correct before making your selections and associating the suggested sites.
 
-    :::image type="content" source="media/set-up-sites/site-security-associate-group.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location with the Group column in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/set-up-sites/site-security-associate-group.png":::
+    :::image type="content" source="media/set-up-sites/site-security-associate-group.png" alt-text="Screenshot showing the associate devices screen and the suggested list of OT devices per location with the Group column in the site set-up page of Microsoft Defender for IoT in the Microsoft Defender portal." lightbox="media/set-up-sites/site-security-associate-group.png" :::
 
 1. Select **Next** to review the site details.
 

defender-for-iot/whats-new.md

@@ -6,7 +6,7 @@ ms.service: defender-for-iot
 author: lwainstein
 ms.author: lwainstein
 ms.localizationpriority: medium
-ms.date: 03/07/2024
+ms.date: 01/07/2025
 ms.custom: enterprise-iot
 ---
 
@@ -16,6 +16,16 @@ This article describes features available in Microsoft Defender for IoT in the D
 
 [!INCLUDE [defender-iot-preview](../includes//defender-for-iot-defender-public-preview.md)]
 
+## January 2025
+|Service area  |Updates  |
+|---------|---------|
+| **OT networks** | - [Manually update the site association of a device](#manually-update-the-site-association-of-a-device)|
+
+### Manually update the site association of a device
+
+Manually assign or modify the site location for a specific device or set of devices. For more information, see [manually update device site association](manage-sites.md#manually-update-device-site-association).
+
+
 ## December 2024
 
 |Service area  |Updates  |

defender-xdr/investigate-respond-container-threats.md

@@ -124,7 +124,9 @@ To determine the full scope of a container attack, you can deepen your investiga
 
 In the [Advanced hunting](advanced-hunting-overview.md) page, you can extend your search for container-related activities using the **CloudProcessEvents** and **CloudAuditEvents** tables.
 
-The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. On the other hand, the [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
+The [CloudProcessEvents](advanced-hunting-cloudprocessevents-table.md) table contains information about process events in multi-cloud hosted environments such as Azure Kubernetes Service, Amazon Elastic Kubernetes Service, and Google Kubernetes Engine. 
+
+The [CloudAuditEvents](advanced-hunting-cloudauditevents-table.md) table contains cloud audit events from cloud platforms protected by Microsoft Defender for Cloud. It also contains Kubeaudit logs, which holds information about Kubernetes-related events.
 
 ## Troubleshoot issues
 
@@ -150,7 +152,7 @@ Learn how to access the Cloud Shell and check your network plugins by following
 2. Above the **Essential** information, select **Connect** button and follow the instructions. 
 3. The Cloud Shell opens at the bottom of your browser. In the command line interface, run the following command to check your network plugins:
 
-      **kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
+      > kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1
 
 The results should mention any of the specified plugins in the network policy requirement. An empty line means that the supported plugin is not installed.
 
@@ -159,7 +161,7 @@ The results should mention any of the specified plugins in the network policy re
 1. Navigate your cluster in Google Cloud Portal. 
 2. Select **Connect** above the name of the cluster. In the small window that appears, copy the following command and run it in your local terminal.
 
-	  **kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1**
+	  > kubectl get pods --all-namespaces -o json | jq -r '.items[].metadata.labels["k8s-app"]' | uniq | grep -E 'azure-npm|calico-node|cilium|aws-node' | head -n 1
 
 3. You can also choose **Run in Cloud Shell** to run a shell session that opens at the bottom of your browser. You can copy the command in the interface to check your network plugins.
 
@@ -170,15 +172,16 @@ The results should mention any of the specified plugins in the network policy re
 1. Navigate to your cluster in AWS Cloud Portal. 
 2. Select **CloudShell** on the top-right corner. A Cloud Shell session opens at the bottom of your browser, which provides a command-line interface to manage your AWS resources.
 3. Connect to your cluster by running the following command:</br></br>
-    **aws eks --region &lt;cluster region&gt; update-kubeconfig --name &lt;cluster name&gt;**
+    > aws eks --region &lt;cluster region&gt; update-kubeconfig --name &lt;cluster name&gt;**
+   
    > [!NOTE]
    > Ensure that the aws-node is deleted or disabled for the Calico and Cilium plugins.
 
 ### The terminate pod action failed
 
 You need to confirm that the target pod's state is active or valid. To check if the pod is active, run the following command in the Cloud Shell:
 
-  **kubectl get pod &lt;pod-name&gt;**
+  > kubectl get pod &lt;pod-name&gt;
 
 ## See also