ASC to MDC Changes

.vs/VSWorkspaceState.json

@@ -0,0 +1,7 @@
+{
+  "ExpandedNodes": [
+    ""
+  ],
+  "SelectedNode": "\\C:\\Microsoft\\AzTS\\AzTS-docs",
+  "PreviewInSolutionExplorer": false
+}

01-Setup and getting started/README.md

@@ -758,7 +758,7 @@ The below steps will help you to verify and understand different resources and f
 |ATS_04_WorkItemScheduler|  Responsible to queue up subscriptions as workitems for scanning. It also reconciles the errored subscriptions through retries in the end. By default, it would retry to scan 5 times for each error subscription. If there is nothing to process for the day, it would simply ignore the run.
 |ATS_05_MGTreeProcessor| Responsible to fetch details about all the management group that has been granted access as Reader using central MI. All these management groups will be fetched by the job and persisted into LA. This function is disabled by default. To enable this function, you need to add/update ` FeatureManagement__ManagementGroups : true ` and `ManagementGroupConfigurations__ManagementGroupId : <Root_Management_Group_id> ` application setting on Azure Portal. To update settings, go to your App Service --> Configuration --> New application settings --> Save after adding/updating the setting.
 |ATS_07_InitiateOnDemandProcessing| Responsible to queue MetadataAggregator's functions (ATS_01_SubscriptionInvProcessor, ATS_02_BaselineControlsInvProcessor, ATS_03_SubscriptionRBACProcessor, ATS_04_WorkItemScheduler) for processing. **Note**: This function will only be available if premium tier pricing plan is used for the function app. Also this function is available by default for AzTS solution with VNet integration, as the pricing plan used here is premium tier.
-|ATS_08_SecureScoreProcessor| Responsible to fetch details of Secure Score provided by Azure Security Center. This data will be persisted into Log Analytics.
+|ATS_08_SecureScoreProcessor| Responsible to fetch details of Secure Score provided by Microsoft Defender for Cloud. This data will be persisted into Log Analytics.
 |ATS_09_PolicyStateProcessor| Responsible to collect policy state data (compliance details of policy assignments), collected data is used to evaluate Azure policy based controls. This function is disabled by default and will be enabled as part of [prerequisites](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/AddControlForPolicy.md) to add custom Azure policy based controls.
 |ATS_10_ARGInvProcessor| Responsible to collect dynamic data from Azure Resource Graph based on configured queries.
 

02-Monitoring security using AzTS/README.md

@@ -13,7 +13,7 @@
 -------------------------
 
 ## Tenant Security Solution - under the covers (how it works)
- Tenant Security Solution is built by extending what the DevOps Kit has been doing and leveraging the best of Azure native features. It is a hybrid model, which leverages the native Azure security capabilities like Azure Security Center (ASC), Azure Policies, etc., to evaluate the security controls and continue to leverage DevOps Kit scanning capabilities in the form of custom code controls to address any coverage gaps.  
+ Tenant Security Solution is built by extending what the DevOps Kit has been doing and leveraging the best of Azure native features. It is a hybrid model, which leverages the native Azure security capabilities like Microsoft Defender for Cloud (MDC), Azure Policies, etc., to evaluate the security controls and continue to leverage DevOps Kit scanning capabilities in the form of custom code controls to address any coverage gaps.  
 
 It has been designed to handle huge scales in highly performant and cost-efficient manner.
 
@@ -109,7 +109,7 @@ The compliance report contains 2 tabs. There is an overall/summary view of compl
 ![Compliance summary](../Images/13_TSS_PBIDashboardComplianceDetails.png) 
 
 
-In Inventory dashboard, 4 tabs are present. Inventory Overview tab shows distribution of resource types and RBAC role memberships across all Azure subscriptions in the organization. SecureScore tab provides details about Secure Score for subscriptions (single score based on Security Center assessment). Assessments Metadata tab provides details about ASC assessments like recommendation, severity, etc. VM Extension status tab contains details about virtual machines scanned like OS type, extensions, power state, etc. Examples of these tabs are shown below:
+In Inventory dashboard, 4 tabs are present. Inventory Overview tab shows distribution of resource types and RBAC role memberships across all Azure subscriptions in the organization. SecureScore tab provides details about Secure Score for subscriptions (single score based on Security Center assessment). Assessments Metadata tab provides details about MDC assessments like recommendation, severity, etc. VM Extension status tab contains details about virtual machines scanned like OS type, extensions, power state, etc. Examples of these tabs are shown below:
 
 ###### Inventory view:
 

06-Customizing AzTS for your org/Extending AzTS/AddControlForAssessment.md

@@ -1,14 +1,14 @@
-## Add new control based on ASC Assessment
-Please follow the below mentioned steps to add new controls based on Azure Security Center (ASC) Assessment/Recommendation:
+## Add new control based on MDC Assessment
+Please follow the below mentioned steps to add new controls based on Microsoft Defender for Cloud (MDC) Assessment/Recommendation:
 
 **Step 0:** Following prerequisites are required to add new control.
    1. This feature is not enabled by default. If you have not enabled this feature in your AzTS setup yet, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-add-new-control).
 
    2. CMET (Control metadata editor tool) is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user (This is only required once per user).
 
-**Step 1:** Get the display name of the ASC control recommendation. You can find ASC control recommendations for your subscriptions [here](https://portal.azure.com/?feature.customportal=false#blade/Microsoft_Azure_Security/SecurityMenuBlade/5).
+**Step 1:** Get the display name of the MDC control recommendation. You can find MDC control recommendations for your subscriptions [here](https://portal.azure.com/?feature.customportal=false#blade/Microsoft_Azure_Security/SecurityMenuBlade/5).
 
-![Open new control window](../../Images/06_ExtendingAzTS_Search_ASC_Recommendations.png)
+![Open new control window](../../Images/06_ExtendingAzTS_Search_MDC_Recommendations.png)
 
 **Step 2:** Go to **AzTS UI**. (To get AzTS UI URL, check this [FAQ](https://github.com/azsk/AzTS-docs/blob/main/03-Running%20AzTS%20solution%20from%20UI/README.md#frequently-asked-questions))
 
@@ -27,30 +27,30 @@ Please follow the below mentioned steps to add new controls based on Azure Secur
 
 **Step 6:** Select either one of the existing **Security Domain** for the control or if you want to add new Security Domain, type required domain in text field.
 
-![Select Security Domain](../../Images/06_ExtendingAzTS_NewControl_ASC_Security_Domain.png)
+![Select Security Domain](../../Images/06_ExtendingAzTS_NewControl_MDC_Security_Domain.png)
 
 **Step 7:** Provide the **Control ID**. Initial part of the control ID is pre-populated based on the service/feature and security domain you choose for the control (Azure_FeatureName_SecurityDomain_XXX).
 
 > **Note:** Please don't use spaces between words instead use underscore '_' to separate words in control ID. 
 To see some of the examples of existing control IDs please check out this [list](https://github.com/azsk/AzTS-docs/tree/main/Control%20coverage#azure-services-supported-by-azts).
 
-![Provide ControlId](../../Images/06_ExtendingAzTS_NewControl_ASC_ControlId.png)
+![Provide ControlId](../../Images/06_ExtendingAzTS_NewControl_MDC_ControlId.png)
 
-**Step 8:** Set Control **Scan Source** to '**ASC**'.
+**Step 8:** Set Control **Scan Source** to '**MDC**'.
 
-![Set Scan source](../../Images/06_ExtendingAzTS_NewControl_ASC_Scan_Source.png)
+![Set Scan source](../../Images/06_ExtendingAzTS_NewControl_MDC_Scan_Source.png)
 
-**Step 9:** Provide **Display Name**. You can either choose ASC recommendation display name from the drop down or type display name in text field (which you have picked in step #1).
+**Step 9:** Provide **Display Name**. You can either choose MDC recommendation display name from the drop down or type display name in text field (which you have picked in step #1).
 
-![Provide Display Name](../../Images/06_ExtendingAzTS_NewControl_ASC_DisplayName.png)
+![Provide Display Name](../../Images/06_ExtendingAzTS_NewControl_MDC_DisplayName.png)
 
 Once you select the Display Name, **Assessment Properties** field will get auto populated.
 
-![Provide Display Name](../../Images/06_ExtendingAzTS_NewControl_ASC_Properties.png)
+![Provide Display Name](../../Images/06_ExtendingAzTS_NewControl_MDC_Properties.png)
 
 **Step 10:** Select either one of the existing **Category** (generic security specification of the control) for the control or if none of the existing categories is relevant for the control, enter/type your required category in text field.
 
-![Select Category](../../Images/06_ExtendingAzTS_NewControl_ASC_Category.png)
+![Select Category](../../Images/06_ExtendingAzTS_NewControl_MDC_Category.png)
 
 **Step 11:** Keep **Enabled** switch to '**Yes**'.
 
@@ -66,20 +66,20 @@ Once you select the Display Name, **Assessment Properties** field will get auto
 |Rationale| Logical intention for the added control | e.g. Auditing enables log collection of important system events pertinent to security. Regular monitoring of audit logs can help to detect any suspicious and malicious activity early and respond in a timely manner.|
 |Recommendations| Steps or guidance on how to remediate non-compliant resources | e.g. Refer https://azure.microsoft.com/en-in/documentation/articles/key-vault-get-started/ for configuring Key Vault and storing secrets |
 |Custom Tags| Tags can be used for filtering and referring controls in the future while reporting| e.g. Production, Phase2 etc. |
-|Control Settings| Settings specific to the control to be provided for the scan | e.g. Required TLS version for all App services in your tenant (Note: For ASC assessment/recommendation based controls this should be empty) |
+|Control Settings| Settings specific to the control to be provided for the scan | e.g. Required TLS version for all App services in your tenant (Note: For MDC assessment/recommendation based controls this should be empty) |
 |Comments | These comments show up in the changelog for the feature. | e.g. Added new policy based control for App Service |
 
 **Step 13:** Click on **Add** button to save new control.
 
-![Save new control](../../Images/06_ExtendingAzTS_NewControl_ASC_Save.png)
+![Save new control](../../Images/06_ExtendingAzTS_NewControl_MDC_Save.png)
 
 **Step 14:** Post control addition, you will get success message. Now you are good to **close** 'Add new control' window. Newly added control will reflect in control scan results from next automated schedule scan. 
 
-![New control success msg](../../Images/06_ExtendingAzTS_NewControl_ASC_Success.png)
+![New control success msg](../../Images/06_ExtendingAzTS_NewControl_MDC_Success.png)
 
 **Step 15:** To **validate the control addition**, refresh the control metadata editor tool and search for newly added control. Control should be available now.
 
-![Validate new control](../../Images/06_ExtendingAzTS_NewControl_ASC_Validation.png)
+![Validate new control](../../Images/06_ExtendingAzTS_NewControl_MDC_Validation.png)
 
 **Step 16:** As an **additional validation**, you can also trigger adhoc scan from AzTS UI for one or more subscriptions and check the control scan results for newly added control. To get information on how to trigger adhoc scan, you can refer to this [link](https://github.com/azsk/AzTS-docs/tree/main/03-Running%20AzTS%20solution%20from%20UI#how-to-scan-subscription-manually).
 

06-Customizing AzTS for your org/Extending AzTS/Readme.md

@@ -6,10 +6,10 @@
 ## Add new control for existing SVT
 
 Azure Tenant Security Solution (AzTS) provides capability to add new controls(for existing services supported by AzTS) to customize the AzTS for your organization as per your need.
-Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Azure Security Center assessment.
+Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Microsoft Defender for Cloud assessment.
 
    - [Add new control based on custom Azure policy](AddControlForPolicy.md)
-   - [Add new control based on ASC Assessment](AddControlForAssessment.md) 
+   - [Add new control based on MDC Assessment](AddControlForAssessment.md) 
 
 
 

06-Customizing AzTS for your org/README.md

@@ -38,7 +38,7 @@ This feature is currently being worked upon and will be released soon (ETA: Jan
 
 - [SVT customization](Readme.md#customizing-the-svts)
    - [Update/extend existing control by custom Azure policy](#)
-   - [Update/extend existing control by custom ASC Assessment](#)
+   - [Update/extend existing control by custom MDC Assessment](#)
    - [Add new control for existing SVT](#)
    - [Add new SVT altogether (non-existing SVT)](#)
 

Control coverage/Feature/SQLServer.md

@@ -107,22 +107,22 @@ Using this feature ensures that sensitive data is stored encrypted at rest. This
 ### Control Spec
 
 > **Passed:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as `Healthy`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as `Healthy`.
 > (or)
 > Transparent Data Encryption is enabled on all databases in the SQL server.
 >
 > **Failed:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy` or `Exempt`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy` or `Exempt`.
 > (or)
 > Transparent Data Encryption is not enabled on all databases in the SQL server.
 >
 > **Verify:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as `Not Applicable` with `cause` other than `OffByPolicy` and `Exempt`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as `Not Applicable` with `cause` other than `OffByPolicy` and `Exempt`.
 >
 > **NotApplicable:**
 > Not Applicable.
 >
-> **Note:** If no Azure Security Center (ASC) assessment is found for the SQL server, response from the ARM API is considered for the evaluation.
+> **Note:** If no Microsoft Defender for Cloud (MDC) assessment is found for the SQL server, response from the ARM API is considered for the evaluation.
 >
 ### Recommendation
 
@@ -553,13 +553,13 @@ Known database vulnerabilities in a system can be easy targets for attackers. A
 ### Control Spec
 
 > **Passed:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as `Healthy`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as `Healthy`.
 >
 > **Failed:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy`, `Exempt`, `Exempt by Rule` or `Disabled parent assessment`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy`, `Exempt`, `Exempt by Rule` or `Disabled parent assessment`.
 >
 > **Verify:**
-> Azure Security Center (ASC) reports the assessment status for the SQL server as `Not Applicable` with `cause` other than `OffByPolicy`, `Exempt`, `Exempt by Rule` or `Disabled parent assessment`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the SQL server as `Not Applicable` with `cause` other than `OffByPolicy`, `Exempt`, `Exempt by Rule` or `Disabled parent assessment`.
 >
 > **NotApplicable:**
 > Not Applicable.

Control coverage/Feature/Storage.md

@@ -83,22 +83,22 @@ Use of HTTPS ensures server/service authentication and protects data in transit
 ### Control Spec
 
 > **Passed:**
-> Azure Security Center (ASC) reports the assessment status for the storage account as `Healthy`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the storage account as `Healthy`.
 > (or)
 > Storage account supports encryption in transit using HTTPS protocol.
 >
 > **Failed:**
-> Azure Security Center (ASC) reports the assessment status for the storage account as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy` or `Exempt`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the storage account as either `Unhealthy`, or `NotApplicable` with `cause` - `OffByPolicy` or `Exempt`.
 > (or)
 > Storage account does not support encryption in transit using HTTPS protocol.
 >
 > **Verify:**
-> Azure Security Center (ASC) reports the assessment status for the storage account as `Not Applicable` with `cause` other than `OffByPolicy` and `Exempt`.
+> Microsoft Defender for Cloud (MDC) reports the assessment status for the storage account as `Not Applicable` with `cause` other than `OffByPolicy` and `Exempt`.
 >
 > **NotApplicable:**
 > Not Applicable.
 >
-> **Note:** If no Azure Security Center (ASC) assessment is found for the storage account, response from the ARM API is considered for the evaluation.
+> **Note:** If no Microsoft Defender for Cloud (MDC) assessment is found for the storage account, response from the ARM API is considered for the evaluation.
 >
 ### Recommendation