Microsoft Defender for API Security – Estimate Your Plan Cost Easily


With cyber threats becoming more sophisticated, ensuring the security of your business-critical APIs is non-negotiable.

Microsoft for Cloud introduces an efficient solution with its for APIs feature, designed to provide comprehensive lifecycle protection, detection, and response coverage for your APIs. for APIs is designed to help you protect your APIs from OWASP top API risks and empower you with the visibility needed to enhance your API security posture. With the ability to detect real-time threats swiftly, you're always a step ahead in responding to API security threats and triage.

The Importance of Selecting the Right Plan

To have comprehensive coverage of your APIs, It is crucial to onboard your APIM APIs into Defender for APIs plan by selecting the right entitlement and completing the second step of onboarding by actioning the onboarding recommendation, detailed here.

With five distinct pricing plans, each catering to varying entitlement limits and monthly fees, selecting the right plan for your Subscription(s) is vital. These plans are billed at the subscription level based on the total API traffic monitored monthly, ensuring that you're only billed for what you use, with a reset at the start of each billing cycle.

Estimating Your API Traffic for Optimal Pricing

Determining the most suitable plan requires an understanding of your historical Azure API Management (APIM) traffic usage.

To avoid such overages, accurately estimating your monthly API traffic is key.

Here's estimate your monthly API traffic within Azure API Management:

  • Navigate to the Azure API Management portal and access Metrics under the Monitoring menu.
  • Set the time range to the last 30 days and configure the following parameters:
    • Scope: Azure API Management Service Name
    • Metric Namespace: API Management service standard metrics
    • Metric: Requests
    • Aggregation: Sum

After these parameters are set, the system will automatically calculate the total number of requests for the past 30 days.

Understanding the structure of Microsoft Defender for APIs' plans is crucial for effective budgeting and ensuring that your usage aligns with your organizational needs. Microsoft offers several Defender for APIs plans, each designed to cater to different levels of API call volumes and specific requirements.

To explore the detailed breakdown of each plan and to understand the overage costs that may apply if your usage exceeds the allocated number of API calls for your selected plan, we encourage you to visit our official pricing documentation. This resource provides the most up-to-date and comprehensive information on the various plans available, including pricing details and best align them with your needs.

For more information, please refer to our public documentation on Microsoft Defender for APIs pricing.

These overage prices ensure that while you have the flexibility to exceed your plan's entitlement limit, you remain informed of the additional charges. It's advisable to regularly monitor your API traffic to manage costs effectively and consider upgrading your plan if your API usage consistently exceeds the allotted amount.

For organizations with multiple subscriptions and API Management services, estimating the total cost can be complex and time consuming. To facilitate this process, we've developed a PowerShell script that simplifies the estimation of monthly API traffic and associated costs. This script, available on our GitHub repository, is an important tool for forecasting your expenditure and selecting the most cost-effective plan for your needs.
The results are derived from data extracted from the past month, and the estimation is for the monthly cost. At the end of the script execution CSV file (AllSubscriptionsPlanRecommendation.csv) will be saved in the current directory.

You can find the PowerShell script here: Microsoft Defender for Cloud – Defender for APIs Plan Cost Estimator.

In conclusion, Microsoft Defender for Cloud's Defender for APIs feature is a game-changer in API security and cost management. By following the guidelines provided and utilizing the PowerShell script for cost estimations, you can ensure optimal protection and pricing for your API traffic. Embrace this opportunity to enhance your API security posture while effectively managing your expenses.


Preetham Anand Naik, Senior Product Manager, Microsoft Defender for Cloud

Walner Dort, Product Manager 2, Microsoft Defender for Cloud


This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.