Skip to content

Set Microsoft Defender for APIs to the Standard tier#

Security · Microsoft Defender for Cloud · 2023_06

Enable Microsoft Defender for APIs.

Description#

Microsoft Defender for APIs provides additional security for APIs published in Azure API Management.

Protection is provided by analyzing onboarded APIs. Which allows Microsoft Defender for Cloud to produce security findings.

The inventory and security findings for onboarded APIs is reviewed in the Defender for Cloud API Security dashboard.

These security findings includes API recommendations and runtime threats.

Defender for APIs can be enabled together with the Defender CSPM plan, offering further capabilities.

Microsoft Defender for APIs can be enabled at the subscription level.

Recommendation#

Consider using Microsoft Defender for APIs to provide additional security for APIs published in Azure API Management.

Examples#

Configure with Azure template#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure Template snippet
{
    "type": "Microsoft.Security/pricings",
    "apiVersion": "2022-03-01",
    "name": "Api",
    "properties": {
        "pricingTier": "Standard"
    }
}

Configure with Bicep#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure Bicep snippet
resource defenderForApi 'Microsoft.Security/pricings@2022-03-01' = {
  name: 'Api'
  properties: {
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure CLI snippet
az security pricing create -n 'Api' --tier 'standard'

Configure with Azure PowerShell#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'Api' -PricingTier 'Standard'

Notes#

Microsoft Defender for APIs is a preview feature. Currently only REST APIs published in Azure API Management is supported. Not all regions are supported.


Last update: 2023-05-15

Comments