CMET feature details

06-Customizing AzTS for your org/Extending AzTS/AddControlForAssessment.md

@@ -2,7 +2,7 @@
 Please follow the below mentioned steps to add new controls based on Microsoft Defender for Cloud (MDC) Assessment/Recommendation:
 
 **Step 0:** Following prerequisites are required to add new control.
-   1. This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-add-new-control).
+   1. This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).
 
    2. CMET (Control metadata editor tool) is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user (This is only required once per user).
 
@@ -12,7 +12,7 @@ Please follow the below mentioned steps to add new controls based on Microsoft D
 
 **Step 2:** Go to **AzTS UI**. (To get AzTS UI URL, check this [FAQ](https://github.com/azsk/AzTS-docs/blob/main/03-Running%20AzTS%20solution%20from%20UI/README.md#frequently-asked-questions))
 
-**Step 3:** Open **Control editor tool**.
+**Step 3:** Open **Control metadata editor tool**.
 
 ![Open CMET Editor](../../Images/06_ExtendingAzTS_Open_CMET.png)
 

06-Customizing AzTS for your org/Extending AzTS/AddControlForPolicy.md

@@ -2,7 +2,7 @@
 Please follow the below mentioned steps to add new controls based on custom Azure Policy:
 
 **Step 0:** Following prerequisites are required to add new control.
-   1. This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-add-new-control).
+   1. This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).
 
    2. CMET (Control metadata editor tool) is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user (This is only required once per user).
 
@@ -38,7 +38,7 @@ Please follow the below mentioned steps to add new controls based on custom Azur
 
 **Step 3:** Go to **AzTS UI**. (To get AzTS UI URL, check this [FAQ](https://github.com/azsk/AzTS-docs/blob/main/03-Running%20AzTS%20solution%20from%20UI/README.md#frequently-asked-questions))
 
-**Step 4:** Open **Control editor tool**.
+**Step 4:** Open **Control metadata editor tool**.
 
 ![Open CMET Editor](../../Images/06_ExtendingAzTS_Open_CMET.png)
 

06-Customizing AzTS for your org/Extending AzTS/Prerequisites.md

@@ -1,5 +1,5 @@
-## Prerequisite AzTS configurations to add new control
-Below mentioned appsettings are required before adding new controls:
+## Prerequisite AzTS configurations to enable Control Medatadata Editor tool(CMET)
+Below mentioned appsettings are required before enabling CMET:
 
 ### AzTS API
 

06-Customizing AzTS for your org/Extending AzTS/Readme.md

@@ -1,16 +1,21 @@
 > The Azure Tenant Security Solution (AzTS) was created by the Core Services Engineering & Operations (CSEO) division at Microsoft, to help accelerate Microsoft IT's adoption of Azure. We have shared AzTS and its documentation with the community to provide guidance for rapidly scanning, deploying and operationalizing cloud resources, across the different stages of DevOps, while maintaining controls on security and governance.
 <br>AzTS is not an official Microsoft product – rather an attempt to share Microsoft CSEO's best practices with the community.
 
-# Extending AzTS
+# Extending AzT
+Azure Tenant Security Solution (AzTS) provides capability to add new controls(for existing services supported by AzTS) to customize the AzTS for your organization as per your need.
+Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Microsoft Defender for Cloud assessment using Control Metadata Editor Tool. 
 
-## Add new control for existing SVT
+## Enabling Control Medatadata Editor tool
+This feature is not enabled by default. To enable this feature for your AzTS setup, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).
 
-Azure Tenant Security Solution (AzTS) provides capability to add new controls(for existing services supported by AzTS) to customize the AzTS for your organization as per your need.
-Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Microsoft Defender for Cloud assessment.
+## Add new control for existing SVT
 
    - [Add new control based on custom Azure policy](AddControlForPolicy.md)
    - [Add new control based on MDC Assessment](AddControlForAssessment.md) 
 
+## Update existing control metadata
+   - [Update existing control metadata](UpdateControlMetadata.md)
+
 
 
 

06-Customizing AzTS for your org/Extending AzTS/UpdateControlMetadata.md

@@ -0,0 +1,37 @@
+## Update existig control metadata
+Control metadata like Display Name, Category, Tags, Description , Recommendations can be updated using Control Metadata Editor Tool(CMET). Please follow the below mentioned steps to update control metadata:
+
+**Step 0:** Following prerequisites are required:
+   1. CMET(Control metadata editor tool) is not enabled in AzTS setup by default. To enable this feature, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).
+
+   2. CMET is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user (This is only required once per user).
+
+**Step 1:** Go to **AzTS UI**. (To get AzTS UI URL, check this [FAQ](https://github.com/azsk/AzTS-docs/blob/main/03-Running%20AzTS%20solution%20from%20UI/README.md#frequently-asked-questions))
+
+**Step 2:** Open **Control metadata editor tool**.
+
+**Step 3:** Select the control to be be updated in CMET. It will open a popup displaying control metadata. Make sure 'Edit' toggle is turned 'ON' as shown in the image below.
+
+![Update Control](../../Images/06_ExtendingAzTS_UpdateControl_1.png)
+
+**Step 4:** Update metadata and click on 'Queue for Update' button.
+
+![Queue for Update](../../Images/06_ExtendingAzTS_QueueForUpdate.png)
+
+**Step 5:** Click on 'Close' button.
+
+**Step 6:** Click on **Action** and select **Update** option.
+![Update](../../Images/06_ExtendingAzTS_UpdateControl_2.png)
+
+**Step 7:** Add appropriate comments and click on 'Confirm'.
+![Update](../../Images/06_ExtendingAzTS_UpdateControlMetadata.png)
+
+Post this, you will get success message. Now you are good to **close** 'Update Control Metadata' window.
+![UpdateSuccess](../../Images/06_ExtendingAzTS_UpdateControlMetadata_Success.png)
+
+**Step 8:** To **validate the control addition**, refresh the control metadata editor tool and search for updated control. Control should be available with updated metadata.
+
+![Validate new control](../../Images/06_ExtendingAzTS_NewControl_Validation.png)
+
+**Step 9:** As an **additional validation**, you can also trigger adhoc scan from AzTS UI for one or more subscriptions and check the control scan results for updated control. To get information on how to trigger adhoc scan, you can refer to this [link](https://github.com/azsk/AzTS-docs/tree/main/03-Running%20AzTS%20solution%20from%20UI#how-to-scan-subscription-manually).
+