UPdating doc for CMET

azsk · Jun 13, 2023 · a1f0cc9 · a1f0cc9
1 parent 50c7ca3
commit a1f0cc9
Show file tree

Hide file tree

Showing 15 changed files with 108 additions and 25 deletions.
diff --git a/06-Customizing AzTS for your org/Extending AzTS/FeaturesInCMET.md b/06-Customizing AzTS for your org/Extending AzTS/FeaturesInCMET.md
@@ -0,0 +1,68 @@
+## Features in CMET
+- ### Bulk Edit
+
+With Bulk Edit feature, custom tags can be added to more than 1 controls at single time.
+
+### **Enabling Bulk Edit feature in CMET**
+
+To enable bulk edit in CMET (Control Metadata Editor Tool), you need to configure following two application settings in AzTS API App service:
+
+1.	FeatureManagement__BulkEdit -> True
+2.	UIConfigurations__ControlEditorFeatureConfiguration__IsBulkEditEnabled -> True
+
+Please follow below steps to add these settings.
+1. Open the Azure portal.
+2. Navigate to AzTS host subscription -> AzTS host resource group.
+3. Go to app service AzSK-AzTS-WebApi-xxxxx.
+4. Go to Configuration under Settings.
+5. Click on "New application setting" to add required application settings.
+
+![Resources](../../Images/06_BulkEdit_1.png)
+
+![Resources](../../Images/06_BulkEdit_2.png)
+
+
+### **Using Bulk Edit feature to add Custom tags to controls** 
+
+Once Bulk Edit Feature is enabled, follow below steps to add custom tag(s) for set of controls.
+
+1. Open AzTS UI in new browser window.
+2. Open CMET editor (for this user will require editor permission over CMET, if you don’t have permission, please follow steps mentioned [here](../Extending%20AzTS/Prerequisites.md#access-to-cmet-control-metadata-editor-tool)).
+
+![Resources](../../Images/06_BulkEdit_OpenCMET.png)
+
+3. Select all the controls for which custom tag needs to be added. 
+
+![Resources](../../Images/06_BulkEdit_SelectControls.png)
+
+4. Go to Action -> Select 'Bulk Edit' option.
+
+![Resources](../../Images/06_BulkEdit_SelectBulkEdit.png)
+
+5. Toggle edit button to enable editing.
+
+![Resources](../../Images/06_BulkEdit_ToggleEdit.png)
+
+6. Enter the value for custom tag and click on 'Update'.
+  >Note: The tag value should be without any spaces in between two words. It is recommended to use camel casing for better readability.
+
+![Resources](../../Images/06_BulkEdit_Update.png)
+
+7. Close the edit popup after bulk updates success message is displayed.
+
+![Resources](../../Images/06_BulkEdit_UpdateSuccess.png)
+
+### **Validating custom tags added using Bulk Edit:**
+Once custom tag has been added for set of controls, follow below validation steps:
+
+1. Refresh CMET editor view.
+
+![Resources](../../Images/06_BulkEdit_Refresh.png)
+
+2. Search controls by newly added tag value (like ‘LearningBaselineTest’ in example), this will list all the controls which have this tag. 
+
+![Resources](../../Images/06_BulkEdit_FilterControls.png)
+
+
+
+
diff --git a/06-Customizing AzTS for your org/Extending AzTS/Prerequisites.md b/06-Customizing AzTS for your org/Extending AzTS/Prerequisites.md
@@ -1,7 +1,20 @@
 ## Prerequisite AzTS configurations to enable Control Medatadata Editor tool(CMET)
+
+Few application settings need to be configured for AzTS Function Apps/WebApps to enable Control Medatadata Editor tool(CMET).These can be configured either from Azure portal or using the helper script provided with AzTS solution.
+
+- Using Azure Portal
+  1. Open the [Azure portal](https://portal.azure.com/).
+  2. Navigate to AzTS host subscription -> AzTS host resource group.
+  3. Go to required app service(AzSK-AzTS-WebApi-xxxxx/AzSK-AzTS-MetadataAggregator-xxxxx/AzSK-AzTS-WorkItemProcessor-xxxxx).
+  4. Go to Configuration under Settings.
+  5. Click on "New application setting" to add required application setting and its value.
+  6. Repeat step 5 for all settings required for Function App/Web App. Then click 'Save'.
+
+
 Below mentioned appsettings are required for enabling CMET:
 
-### AzTS API
+
+### AzTS API(AzSK-AzTS-WebApi-xxxxx)
 
 - FeatureManagement__OrgPolicy -> true
 - FeatureManagement__AddNewControl -> true
@@ -14,28 +27,21 @@ Below mentioned appsettings are required for enabling CMET:
 
 > **Note:** **FeatureManagement__PolicyStates** appsettings is required only for Azure custom policy-based control evaluation.
 
-### AzTS MetaDataAggregator
+### AzTS MetaDataAggregator(AzSK-AzTS-MetadataAggregator-xxxxx)
 
 - FeatureManagement__OrgPolicy -> true
 - FeatureManagement__PolicyStates -> true
 
 > **Note:** **FeatureManagement__PolicyStates** appsettings is required only for Azure custom policy-based control evaluation.
 
-### AzTS WorkItemProcessor
+### AzTS WorkItemProcessor(AzSK-AzTS-WorkItemProcessor-xxxxx)
 
 - FeatureManagement__OrgPolicy -> true
 - FeatureManagement__PolicyStates -> true
 
 > **Note:** **FeatureManagement__PolicyStates** appsettings is required only for Azure custom policy-based control evaluation.
 -----
-Above mentioned appsettings can be configured either from Azure portal or using the helper script provided with AzTS solution.
-
-- Azure Portal
-  - Open the [Azure portal](https://portal.azure.com/).
-  - Navigate to AzTS host subscription -> AzTS host resource group.
-  - Go to required app service(AzSK-AzTS-WebApi-xxxxx/AzSK-AzTS-MetadataAggregator-xxxxx/AzSK-AzTS-WorkItemProcessor-xxxxx).
-  - Go to Configuration under Settings.
-  - Click on "New application setting" to add required appsettings.
+
 
 - Using helper script
   - Download the script from [here](./Scripts/ConfigureCustomControlAdditionPrerequisites.ps1)

diff --git a/06-Customizing AzTS for your org/Extending AzTS/Readme.md b/06-Customizing AzTS for your org/Extending AzTS/Readme.md
@@ -2,19 +2,21 @@
 <br>AzTS is not an official Microsoft product – rather an attempt to share Microsoft CSEO's best practices with the community.
 
 # Extending AzTS
-Azure Tenant Security Solution (AzTS) provides capability to add new controls(for existing services supported by AzTS) to customize the AzTS for your organization as per your need.
-Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Microsoft Defender for Cloud assessment using Control Metadata Editor Tool. 
 
-## Enabling Control Medatadata Editor tool
-This feature is not enabled by default. To enable this feature for your AzTS setup, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).
+## Customizing AzTS for your org
 
-## Add new control for existing services
+### Control Medatadata Editor tool
+CMET (Control Metadata Editor Tool) is a tool that can be used by privileged users (mostly by admins maintaining AzTS setup for organization)to customize AzTS for organization. It provides capabilities to update control metadata (Tags, Display Name, control settings(if applicable)), enable or disable control, etc.
+This feature is disabled by default. To enable this feature for your AzTS setup, please follow steps mentioned [here](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-tool).
 
-   - [Add new control based on custom Azure policy](AddControlForPolicy.md)
-   - [Add new control based on MDC Assessment](AddControlForAssessment.md) 
+CMET (Control metadata editor tool) is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user.(This is only required once per user).
 
-## Update existing control metadata
-   - [Update existing control metadata](UpdateControlMetadata.md)
+Once CMET is enabled, you can use below features:
+
+   - [Add new control based on custom Azure policy](/06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/AddControlForPolicy.md)
+   - [Add new control based on MDC Assessment](/06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/AddControlForAssessment.md) 
+   - [Update control metadata for existing control](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/UpdateControlMetadata.md)
+
 
 
 

diff --git a/06-Customizing AzTS for your org/Extending AzTS/UpdateControlMetadata.md b/06-Customizing AzTS for your org/Extending AzTS/UpdateControlMetadata.md
@@ -1,5 +1,5 @@
-## Update existig control metadata
-Control metadata like Display Name, Category, Tags, Description , Recommendations can be updated using Control Metadata Editor Tool(CMET). Please follow the below mentioned steps to update control metadata:
+## Update existing control metadata
+Control metadata like Display Name, Category, Tags, Description, Recommendations can be updated using Control Metadata Editor Tool(CMET). Please follow the below mentioned steps to update control metadata:
 
 **Step 0:** Following prerequisites are required:
    1. CMET(Control metadata editor tool) is not enabled in AzTS setup by default. To enable this feature, please follow steps mentioned [here](Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-toolcmet).

diff --git a/06-Customizing AzTS for your org/README.md b/06-Customizing AzTS for your org/README.md
@@ -3,13 +3,20 @@
 
 # Extending AzTS
 
-## Add new control for existing SVT
+## Customizing AzTS for your org
 
-Azure Tenant Security Solution (AzTS) provides capability to add new controls(for existing services supported by AzTS) to customize the AzTS for your organization as per your need.
-Currently you can extend AzTS controls set by either adding a new control based on custom Azure Policy or based on Microsoft Defender for Cloud assessment.
+### Control Medatadata Editor tool
+CMET (Control Metadata Editor Tool) is a tool that can be used by privileged users (mostly by admins maintaining AzTS setup for organization)to customize AzTS for organization. It provides capabilities to update control metadata (Tags, Display Name, control settings(if applicable)), enable or disable control, etc.
+This feature is disabled by default. To enable this feature for your AzTS setup, please follow steps mentioned [here](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/Prerequisites.md#prerequisite-azts-configurations-to-enable-control-medatadata-editor-tool).
+
+CMET (Control metadata editor tool) is only accessible to privileged users based on AzTS API configurations. Please follow the steps mentioned [here](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/Prerequisites.md#access-to-cmet-control-metadata-editor-tool) to add yourself as privileged user.(This is only required once per user).
+
+Once CMET is enabled, you can use below features:
 
    - [Add new control based on custom Azure policy](/06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/AddControlForPolicy.md)
    - [Add new control based on MDC Assessment](/06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/AddControlForAssessment.md) 
+   - [Update control metadata for existing control](../06-Customizing%20AzTS%20for%20your%20org/Extending%20AzTS/UpdateControlMetadata.md)
+
 
 
 

diff --git a/Images/06_BulkEdit_1.png b/Images/06_BulkEdit_1.png
diff --git a/Images/06_BulkEdit_2.png b/Images/06_BulkEdit_2.png
diff --git a/Images/06_BulkEdit_FilterControls.png b/Images/06_BulkEdit_FilterControls.png
diff --git a/Images/06_BulkEdit_OpenCMET.png b/Images/06_BulkEdit_OpenCMET.png
diff --git a/Images/06_BulkEdit_Refresh.png b/Images/06_BulkEdit_Refresh.png
diff --git a/Images/06_BulkEdit_SelectBulkEdit.png b/Images/06_BulkEdit_SelectBulkEdit.png
diff --git a/Images/06_BulkEdit_SelectControls.png b/Images/06_BulkEdit_SelectControls.png
diff --git a/Images/06_BulkEdit_ToggleEdit.png b/Images/06_BulkEdit_ToggleEdit.png
diff --git a/Images/06_BulkEdit_Update.png b/Images/06_BulkEdit_Update.png
diff --git a/Images/06_BulkEdit_UpdateSuccess.png b/Images/06_BulkEdit_UpdateSuccess.png