Skip to content

Set Microsoft Defender for APIs to the Standard tier#

Security · Microsoft Defender for Cloud · Rule · 2023_12 · Critical

Enable Microsoft Defender for APIs.

Description#

Microsoft Defender for APIs provides additional security for APIs published in Azure API Management.

Protection is provided by analyzing onboarded APIs. Which allows Microsoft Defender for Cloud to produce security findings.

The inventory and security findings for onboarded APIs is reviewed in the Defender for Cloud API Security dashboard.

These security findings includes API recommendations and runtime threats.

Defender for APIs can be enabled together with the Defender CSPM plan, offering further capabilities.

Microsoft Defender for APIs can be enabled at the subscription level.

Recommendation#

Consider using Microsoft Defender for APIs to provide additional security for APIs published in Azure API Management.

Examples#

Configure with Azure template#

To deploy and enable Defender for APIs configurations that pass this rule:

  • Set the properties.pricingTier property to to Standard.
  • Set the properties.subPlan property to a plan such as P1. Other plans are available, currently these are: P1, P2, P3, P4, and P5.

For example:

Azure Template snippet
{
  "type": "Microsoft.Security/pricings",
  "apiVersion": "2023-01-01",
  "name": "Api",
  "properties": {
    "subPlan": "P1",
    "pricingTier": "Standard"
  }
}

Configure with Bicep#

To deploy and enable Defender for APIs configurations that pass this rule:

  • Set the properties.pricingTier property to to Standard.
  • Set the properties.subPlan property to a plan such as P1. Other plans are available, currently these are: P1, P2, P3, P4, and P5.

For example:

Azure Bicep snippet
resource defenderForApi 'Microsoft.Security/pricings@2023-01-01' = {
  name: 'Api'
  properties: {
    subPlan: 'P1'
    pricingTier: 'Standard'
  }
}

Configure with Azure CLI#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure CLI snippet
az security pricing create -n Api --tier standard --subplan P1

Configure with Azure PowerShell#

To enable Microsoft Defender for APIs:

  • Set the Standard pricing tier for Microsoft Defender for APIs.

For example:

Azure PowerShell snippet
Set-AzSecurityPricing -Name 'Api' -PricingTier 'Standard' -SubPlan 'P1'

Notes#

Currently only REST APIs published in Azure API Management is supported. Not all regions are supported.

Comments