azsk · v-himkam · Sep 16, 2020 · Oct 16, 2020
diff --git a/01-Subscription-Security/Readme.md b/01-Subscription-Security/Readme.md
@@ -423,14 +423,16 @@ The Set-AzSKAzureSecurityCenterPolicies provisions the following for Azure Secur
 Set-AzSKAzureSecurityCenterPolicies -SubscriptionId <SubscriptionId> `
         -SecurityContactEmails <ContactEmails> `
         -SecurityPhoneNumber <ContactPhone> `
-        [-OptionalPolicies]
+        [-OptionalPolicies] `
+        [-SetASCTier]
 ```
 |Config Param Name	|Purpose	|
 | --------------- | -------- |
 |SubscriptionId 	|Subscription ID against which ASC would be setup	|
 |SecurityContactEmails 	|Comma-separated list of emails (e.g., 'abc@microsoft.com, def@microsoft.com')	for contact preference|
 |SecurityPhoneNumber 	|Single phone number (e.g., '425-882-8080' or '+91-98765-43210' or '+1-425-882-8080')	for contact preference|
 |OptionalPolicies       |Switch to enable policies which are marked as optional|
+|SetASCTier |Switch for configuring standard pricing tiers for all the resource types supported in Azure Security Center (ASC) |
 
 This command will *overwrite* the contact emails and contact phone previously set in Azure Security Center. Here is the [list](../01-Subscription-Security/ASCPoliciesCoverage.md) of all the policies (both mandatory & optional) that are enabled via this command.
 

diff --git a/04-Continous-Assurance/Readme.md b/04-Continous-Assurance/Readme.md
@@ -275,7 +275,9 @@ Update-AzSKContinuousAssurance -SubscriptionId <SubscriptionId> `
     [-FixRuntimeAccount] ` 
     [-NewRuntimeAccount] `
     [-FixModules] `
-    [-RenewCertificate]`
+    [-RenewCertificate] `
+    [-SkipCertificateCleanup]`
+    [-DeleteOldCredentials]`
     [-Remove <LogAnalyticsSettings/AltLogAnalyticsSettings/WebhookSettings/ScanOnDeployment"]
 ```
 
@@ -295,7 +297,9 @@ Update-AzSKContinuousAssurance -SubscriptionId <SubscriptionId> `
 |FixRuntimeAccount|Use this switch to fix CA runtime account in case of below issues.<ol><li>Runtime account deleted<br>(Permissions required: Subscription owner)</li><li>Runtime account permissions missing<br>(Permissions required: Subscription owner and AD App owner)</li><li>Certificate deleted/expired<br>(Permissions required: Subscription owner and AD App owner)</li></ol>|FALSE|None||
 |NewRuntimeAccount|Use this switch to setup new runtime account and the person running the command will become new SPN owner.This feature is helpful in case when CA certificate is expired but the SPN owner who had setup CA is not available and certificate can't be renewed. |FALSE|None||
 |FixModules|Use this switch in case Az.Automation/Az.Accounts module(s) extraction fails in CA Automation Account.|FALSE|None||
-|RenewCertificate|Renews certificate credential of CA SPN if the caller is Owner of the AAD Application (SPN). If the caller is not Owner, a new application is created with a corresponding SPN and a certificate owned by the caller. CA uses the updated credential going forward.|FALSE|None||
+|RenewCertificate|Renews certificate credential of CA SPN if the caller is Owner of the AAD Application (SPN). If the caller is not Owner, a new application is created with a corresponding SPN and a certificate owned by the caller. CA uses the updated credential going forward.<br>It will offer workflow  to delete existing old credentials|FALSE|None||
+|SkipCertificateCleanup|This switch may be used to skip deletion of older certificates associated with CA SPN.|FALSE|None||
+|-DeleteOldCredentials|This switch may be used for deletion of older certificates associated with CA SPN without renewing a certificate.|FALSE|None||
 |ScanOnDeployment|CA scan can be auto-triggered upon resource deployment.Updating CA with this flag will make sure that the Resource Group in which resource is deployed will be scanned.|FALSE|None||
 |Remove|Use this switch to clear previously set LogAnalytics, AltLogAnalytics,Webhook settings from CA Automation Account or to unregister from scan on deployment mode|False|None||