MicrosoftHi,
thanks for extending Defender's capabilities to APIs. As Defender for APIs is still in preview, however, we would like to incrementally test it by starting in the development environment. From what I learned, one first has to enable workload protection on subscription level and then enable the service on a per API basis. Following this, after we have enabled Defender for APIs, we indeed have found that the recommendation 'Azure API Management APIs should be onboarded to Defender for APIs' showed up for a variety of APIs in our Defender's security recommendations:
- Somewhat surprisingly, however, we found out that only a small number of resources (i.e., APIs) was listed as unhealthy, while a number of APIs were simply ignored (neither listed as unhealthy or healthy) - is this still under development or a known problem or under which conditions are APIs captured w.r.t. the named recommendation?
- Is there a possibility to define an exemption for this new recommendation for some resources or to define a general exemption for the recommendation (as it is possible for other recommendations) and if so, how does this work?
Thanks!
