🛡️ Azure Subscription Microsoft Defender For APIs is not set to On🟢

• Contextual name: 🛡️ Microsoft Defender For APIs is not set to On🟢
• ID: /ce/ca/azure/subscription/microsoft-defender-for-api
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 Azure Subscription
  • 🔌 Azure Defender Plan - object.extracts.yaml
  • 🧪 test-data.json

Description

Open File

Description

Microsoft Defender for APIs offers full lifecycle protection, detection, and response coverage for APIs.

While an automated assessment procedure exists for this recommendation, the assessment status remains manual. Due to its potentially high cost, Microsoft Defender for APIs may not be suitable for all environments and should be evaluated carefully before implementation.

Rationale

Microsoft Defender for APIs helps provide visibility into business-critical APIs, assess and improve their security posture, prioritize vulnerability remediation, and detect threats in real time.

Impact

Microsoft Defender for APIs uses a tiered pricing model, billed per subscription per hour, with each tier allowing a set limit of API calls. In high-traffic environments, this may result in significant or prohibitive costs. Careful evaluation of API usage patterns and pricing tiers is essential before enabling the service. Refer to https://azure.microsoft.com/en-us/pricing/details/defender-for-cloud/#pricing for pricing information.

... see more

Remediation

Open File

Remediation

From Azure Portal

1. Go to Microsoft Defender for Cloud.
2. Under Management, select Environment Settings.
3. Click the name of a subscription.
4. Select the Defender plans blade.
5. Under Cloud Workload Protection (CWP), in the row for APIs, set the toggle switch for Status to On.
6. Select a plan.
7. Click Save to save the plan selection.
8. Click Save to enable Defender for APIs.

From Azure CLI

Run the following command to enable Defender for APIs:

az security pricing create --name Api --tier Standard --subplan <subplan>

Valid subplan values: P1, P2, P3, P4, and P5.

From PowerShell

Run the following command to enable Defender for APIs:

Set-AzSecurityPricing -Name Api -PricingTier Standard -SubPlan <subplan>

Valid SubPlan values: P1, P2, P3, P4, and P5.

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 CIS Azure v5.0.0 → 💼 8.1.2.1 Ensure Microsoft Defender for APIs is set to 'On' (Automated)			1		no data
💼 Cloudaware Framework → 💼 Microsoft Defender Configuration			29		no data