Securing your API Management service from day one with Defender for APIs
Introduction
We are excited to announce that you can now secure your Azure API Management (APIM) managed APIs from day one with Defender for APIs. This allows you to enable security as soon as you create your APIM service within the Azure portal. This means that security for APIs is no longer an afterthought and API management administrators do not need to leave the Azure API Management portal experience to turn on protection for their APIs which is a critical entry point into the API attack surface.
Defender for APIs provides full lifecycle protection, detection, and response coverage. Defender for APIs includes unified visibility across your APIM Services within the Azure subscription, security insights with hardening recommendations, classification of sensitive data exposure, and continuous monitoring of APIs with machine learning and threat intelligence-based detections to alert against top OWASP API risks.
Enabling Defender for APIs from APIM instance creation experience in Azure portal
Step 1 – Create a new API Management Service
From the Azure Portal, select Create a resource. You can also select Create a resource on the Azure Home page.
On the Create a resource page, select Integration > API Management.
On the API Management services page select Create
Step 2 – Enable Defender for APIs
After filling out the information in the Basics tab, select the Monitor + secure tab. Select the Enable check box to enable the Defender for APIs plan. In order to enable the plan, you must have the proper role and permissions that can be found here.
Note: Enabling the Defender for APIs is at the Azure subscription level, and will apply to all APIM services within the Azure subscription
Step 3 – Select Pricing plan
Finally, Select Choose a plan dropdown menu to choose the correct Defender plan for your environment.
Note: For detailed information on pricing, click on View all plans to view more details on each individual plan and pricing. After selecting your desired pricing plan click Save. To estimate what is the right plan for you, please see our documentation to check your API Management Traffic analytics and use the Defender for APIs cost estimator script that will help in accurately deciding the plan costs.
After completing the rest of the setup for your API Management Service, select the Review + Install tab and select Create after you validate all information is correct. Your APIs that are onboarded to that APIM Service will now be protected with the added security of Defender for APIs!
Note: All APIs must still be onboarded manually. Any new APIs that are added to your APIM Service after this action will still need to be manually onboarded to Defender for APIs.
Conclusion and More Resources
To learn more about Defender for APIs please visit Overview of the Microsoft Defender for APIs plan – Microsoft Defender for Cloud | Microsoft Learn. To provide feedback on this article visit https://aka.ms/MDCUserVoice
Reviewers
Ajinkya Gore, Senior Product Manager – Defender for APIs
Haris Sohail, Product Manager 2 – Defender for APIs
Preetham Anand Naik, Senior Product Manager – Defender for APIs
Yuri Diogenes, Principal PM Manager – CxE Defender for Cloud
Microsoft Tech Community – Latest Blogs –Read More