Share via

Defender for Cloud Inventory API Coverage — No Official Way to Retrieve Per-Resource Coverage?

CSA Juan Guevara 0 Reputation points
2025-05-09T13:40:31.34+00:00

I'm reaching out to the Microsoft Defender for Cloud team and the broader community because I've run into a gap that I believe others may face too — and I’m hoping for guidance or clarification.

I need to programmatically retrieve a list of resources from a subscription and determine if each resource is covered by a Defender for Cloud plan. This would replicate what we see in the Azure Portal under:

Microsoft Defender for Cloud > Inventory:

The goal is to fetch this data via API and replicate that table — but the problem is that it seems there’s no way to retrieve the “Defender for Cloud” coverage status per resource.

Here’s what I’ve tried so far:

  • The /pricings endpoint — returns plan tiers like Free or Standard, but only for the overall subscription or service type, not individual resources.
  • Azure Resource Graph — the properties field does not contain any Defender-related indicators that would confirm whether a specific resource is covered.

My Question

Does an API exist today to retrieve per-resource Defender for Cloud coverage? Is there a /coverage endpoint or equivalent that is officially supported?

If anyone from the Defender for Cloud or Azure product teams can point me in the right direction, I’d truly appreciate it.

Thank you!

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
1,537 questions

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.