Set Microsoft Defender for APIs to the Standard tier#
Security · Microsoft Defender for Cloud · 2023_06
Enable Microsoft Defender for APIs.
Description#
Microsoft Defender for APIs provides additional security for APIs published in Azure API Management.
Protection is provided by analyzing onboarded APIs. Which allows Microsoft Defender for Cloud to produce security findings.
The inventory and security findings for onboarded APIs is reviewed in the Defender for Cloud API Security dashboard.
These security findings includes API recommendations and runtime threats.
Defender for APIs can be enabled together with the Defender CSPM plan, offering further capabilities.
Microsoft Defender for APIs can be enabled at the subscription level.
Recommendation#
Consider using Microsoft Defender for APIs to provide additional security for APIs published in Azure API Management.
Examples#
Configure with Azure template#
To enable Microsoft Defender for APIs:
- Set the
Standard
pricing tier for Microsoft Defender for APIs.
For example:
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2022-03-01",
"name": "Api",
"properties": {
"pricingTier": "Standard"
}
}
Configure with Bicep#
To enable Microsoft Defender for APIs:
- Set the
Standard
pricing tier for Microsoft Defender for APIs.
For example:
resource defenderForApi 'Microsoft.Security/pricings@2022-03-01' = {
name: 'Api'
properties: {
pricingTier: 'Standard'
}
}
Configure with Azure CLI#
To enable Microsoft Defender for APIs:
- Set the
Standard
pricing tier for Microsoft Defender for APIs.
For example:
Configure with Azure PowerShell#
To enable Microsoft Defender for APIs:
- Set the
Standard
pricing tier for Microsoft Defender for APIs.
For example:
Notes#
Microsoft Defender for APIs is a preview feature. Currently only REST APIs published in Azure API Management is supported. Not all regions are supported.
Links#
- Security operations in Azure
- What is Microsoft Defender for Cloud?
- Overview of Microsoft Defender for APIs
- Support and prerequisites for Defender for APIs
- Onboard Defender for APIs
- Quickstart: Enable enhanced security features
- Azure security baseline for API Management
- LT-1: Enable threat detection capabilities
- Azure Policy built-in policy definitions
- Azure deployment reference