Azure Defender Coverage

Question

Azure Defender Coverage

Surendra Pratap Singh 21

How to list all resources covered/not covered by Azure Defender using REST API ?

0 comments

Answer accepted by question author

0 additional answers

Your answer

Answer 1

JamesTran-MSFT 37,256 Microsoft Employee Moderator

@Surendra Pratap Singh
Thank you for you post!

You can leverage the Pricings - List REST API to list the resources covered/not covered by Azure Defender. To do this you can review the JSON response, specifically the "pricingTier", since this will directly correlate to the pricing tier value of Azure Security Center - Free and Standard (Defender), which you can use to differentiate which resources are covered.

Pricings - REST API Overview

{  
  "value": [  
    {  
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",  
      "name": "VirtualMachines",  
      "type": "Microsoft.Security/pricings",  
      "properties": {  
        "pricingTier": "Standard"  
      }  
    },  
    {  
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/SqlServers",  
      "name": "SqlServers",  
      "type": "Microsoft.Security/pricings",  
      "properties": {  
        "pricingTier": "Standard"  
      }  
    },  
    {  
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/AppServices",  
      "name": "AppServices",  
      "type": "Microsoft.Security/pricings",  
      "properties": {  
        "pricingTier": "Free"  
      }  
    },  
    {  
      "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts",  
      "name": "StorageAccounts",  
      "type": "Microsoft.Security/pricings",  
      "properties": {  
        "pricingTier": "Standard"  
      }  
    }  
  ]  
}

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

Surendra Pratap Singh 21 Reputation points

2021-08-03T07:02:50.447+00:00

Hi JamesTran-MSFT,

Thanks for your reply ,

I have json output from pricing API and it is not matching exactly with Azure Portal VIew

azure Portal View:

Total no of resources =11 (matched)
Fully Covered = 5 (not matched)
Not covered= 6 (not matched)
Agent not installed=0 (not marched)

JSON output :

Total nodes=11
pricingTier (standard) =1
pricingTier (free) =10

is there any issue with rights and permission for Tenant ID or something else I am missing? Please help!!

120039-test.txt
JamesTran-MSFT 37,256 Reputation points Microsoft Employee Moderator

2021-08-03T18:22:59.293+00:00

@Surendra Pratap Singh
Thank you for the quick follow up! Based off your JSON output, can you share the REST API call you made, or a screenshot of where you got that output from?

Findings: Using the Pricings - List API

The output of the List API call matches with Azure Defender's "on/off" plan button. So it'll show you which Azure providers are protected by Defender, and if the plan is "on", there's no way to specify how many resources or which specific resources will be protected. Using VMs as an example, if the plan is switched to "on", all your servers in the subscription will be protected by Azure Defender.

When it comes to getting the actual "Resource Quantity", or getting which specific resource is protected by Defender, this currently isn't available as a REST API. However, if you'd like this feature to be implemented, I'd recommend leveraging our User Voice forum and creating a feature request.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
Surendra Pratap Singh 21 Reputation points

2021-08-04T11:32:21.847+00:00

Thanks JamesTran-MSFT,

for your quick response ,

following endpoint is used to call Pricing API

httpClient.GetAsync($"https://management.azure.com/subscriptions/XXXXXXX/providers/Microsoft.Security/pricings?api-version=2018-06-01");

Share via

Azure Defender Coverage

0 additional answers

Your answer