Blog Post

Microsoft Defender for Cloud Blog
2 MIN READ

Securing your API Management service from day one with Defender for APIs

walnerdort's avatar
walnerdort
Icon for Microsoft rankMicrosoft
May 15, 2024

Introduction

 

We are excited to announce that you can now secure your Azure API Management (APIM) managed APIs from day one with Defender for APIs. This allows you to enable security as soon as you create your APIM service within the Azure portal. This means that security for APIs is no longer an afterthought and API management administrators do not need to leave the Azure API Management portal experience to turn on protection for their APIs which is a critical entry point into the API attack surface.


Defender for APIs provides full lifecycle protection, detection, and response coverage. Defender for APIs includes unified visibility across your APIM Services within the Azure subscription, security insights with hardening recommendations, classification of sensitive data exposure, and continuous monitoring of APIs with machine learning and threat intelligence-based detections to alert against top OWASP API risks.

 

Enabling Defender for APIs from APIM instance creation experience in Azure portal

 

Step 1 – Create a new API Management Service

 

From the Azure Portal, select Create a resource. You can also select Create a resource on the Azure Home page.

 

On the Create a resource page, select Integration > API Management.

 

On the API Management services page select Create

Step 2 – Enable Defender for APIs

 

After filling out the information in the Basics tab, select the Monitor + secure tab. Select the Enable check box to enable the Defender for APIs plan. In order to enable the plan, you must have the proper role and permissions that can be found here.


Note: Enabling the Defender for APIs is at the Azure subscription level, and will apply to all APIM services within the Azure subscription

 

 

Step 3 – Select Pricing plan

 

Finally, Select Choose a plan dropdown menu to choose the correct Defender plan for your environment.


Note: For detailed information on pricing, click on View all plans to view more details on each individual plan and pricing. After selecting your desired pricing plan click Save. To estimate what is the right plan for you, please see our documentation to check your API Management Traffic analytics and use the Defender for APIs cost estimator script that will help in accurately deciding the plan costs.

 


After completing the rest of the setup for your API Management Service, select the Review + Install tab and select Create after you validate all information is correct. Your APIs that are onboarded to that APIM Service will now be protected with the added security of Defender for APIs!


Note: All APIs must still be onboarded manually. Any new APIs that are added to your APIM Service after this action will still need to be manually onboarded to Defender for APIs.

 

Conclusion and More Resources

 

To learn more about Defender for APIs please visit Overview of the Microsoft Defender for APIs plan - Microsoft Defender for Cloud | Microsoft Learn. To provide feedback on this article visit https://aka.ms/MDCUserVoice

 

Reviewers 

Ajinkya Gore, Senior Product Manager - Defender for APIs

Haris Sohail, Product Manager 2 - Defender for APIs

Preetham Anand Naik, Senior Product Manager - Defender for APIs

Yuri Diogenes, Principal PM Manager - CxE Defender for Cloud

 

Updated May 15, 2024
Version 2.0
No CommentsBe the first to comment