Support and prerequisites for Defender for APIs deployment
Review the requirements on this page before setting up Microsoft Defender for APIs.
Cloud and region support
Defender for APIs is available in the Azure commercial cloud, in these regions:
- Asia (Southeast Asia, EastAsia)
- Australia (Australia East, Australia Southeast, Australia Central, Australia Central 2)
- Brazil (Brazil South, Brazil Southeast)
- Canada (Canada Central, Canada East)
- Europe (West Europe, North Europe)
- India (Central India, South India, West India)
- Japan (Japan East, Japan West)
- UK (UK South, UK West)
- US (East US, East US 2, West US, West US 2, West US 3, Central US, North Central US, South Central US, West Central US, East US 2 EUAP, Central US EUAP)
Review the latest cloud support information for Defender for Cloud plans and features in the cloud support matrix.
API support
Feature | Supported |
---|---|
Availability | This feature is available in the Premium, Standard, Basic, and Developer tiers of Azure API Management. |
API gateways | Azure API Management Defender for APIs currently doesn't onboard APIs that are exposed using the API Management self-hosted gateway, or managed using API Management workspaces. |
API types | Currently, Defender for APIs discovers and analyzes REST APIs. |
Defender CSPM integration
To explore API security risks using Cloud Security Explorer, the Defender Cloud Security Posture Management (CSPM) plan must be enabled. Learn more.
Onboarding requirements
Onboarding requirements for Defender for APIs are as follows.
Requirement | Details |
---|---|
API Management instance | At least one API Management instance in an Azure subscription. Defender for APIs is enabled at the level of a subscription. One or more supported APIs must be imported to the API Management instance. |
Azure account | You need an Azure account to sign in to the Azure portal. |
Onboarding permissions | To enable and onboard Defender for APIs, you will need API Management Service Contributor role access, along with the permissions outlined in the User roles and permissions for enabling Microsoft Defender plans. |
Onboarding location | You can enable Defender for APIs in the Defender for Cloud portal, or in the Azure API Management portal. |
Next steps
Enable and onboard Defender for APIs.