Securing your API Management service from day one with Defender for APIs

Introduction

We are excited to announce that you can now secure your Azure API Management (APIM) managed APIs from day one with Defender for APIs. This allows you to enable security as soon as you create your APIM service within the Azure portal. This means that security for APIs is no longer an afterthought and API management administrators do not need to leave the Azure API Management portal experience to turn on protection for their APIs which is a critical entry point into the API attack surface.

for APIs provides full lifecycle protection, detection, and response coverage. for APIs includes unified visibility across your APIM Services within the Azure subscription, security insights with hardening recommendations, classification of sensitive data exposure, and of APIs with and threat intelligence-based detections to alert against top OWASP API risks.

Enabling Defender for APIs from APIM instance creation experience in Azure portal

Step 1 – Create a new API Management Service

From the Azure Portal, select Create a resource. You can also select Create a resource on the Azure Home page.

walnerdort_0-1715787297776.png

On the Create a resource page, select Integration > API Management.

walnerdort_0-1715787594440.png

On the API Management services page select Create

walnerdort_1-1715787654689.png

Step 2 – Enable Defender for APIs

After filling out the information in the Basics tab, select the Monitor + secure tab. Select the Enable check box to enable the for APIs plan. In order to enable the plan, you must have the proper role and permissions that can be found here.

Note: Enabling the Defender for APIs is at the Azure subscription level, and will apply to all APIM services within the Azure subscription

walnerdort_2-1715787806003.png

Step 3 – Select Pricing plan

Finally, Select Choose a plan dropdown menu to choose the correct Defender plan for your environment.

Note: For detailed information on pricing, click on View all plans to view more details on each individual plan and pricing. After selecting your desired pricing plan click Save. To estimate what is the right plan for you, please see our documentation to check your API Management Traffic analytics and use the Defender for APIs cost estimator script that will help in accurately deciding the plan costs.

walnerdort_3-1715787889569.png

After completing the rest of the setup for your API Management Service, select the Review + Install tab and select Create after you validate all information is correct. Your APIs that are onboarded to that APIM Service will now be protected with the added security of Defender for APIs!

Note: All APIs must still be onboarded manually. Any new APIs that are added to your APIM Service after this action will still need to be manually onboarded to Defender for APIs.

Conclusion and More Resources

To learn more about Defender for APIs please visit Overview of the Microsoft Defender for APIs plan – Microsoft Defender for Cloud | Microsoft Learn. To provide feedback on this article visit https://aka.ms/MDCUserVoice

Reviewers 

Ajinkya Gore, Senior Product Manager – Defender for APIs

Haris Sohail, Product Manager 2 – Defender for APIs

Preetham Anand Naik, Senior Product Manager – Defender for APIs

Yuri Diogenes, Principal PM Manager – CxE Defender for Cloud

 

This article was originally published by Microsoft's Defender for Cloud Blog. You can find the original article here.