Manage your Defender for APIs deployment

This article describes how to manage your Microsoft Defender for APIs plan deployment in Microsoft Defender for Cloud. Management tasks include offboarding APIs from Defender for APIs.

Defender for APIs is currently in preview.

Offboard an API

  1. In the Defender for Cloud portal, select Workload protections.

  2. Select API security.

  3. Next to the API you want to offboard from Defender for APIs, select the ellipsis (...) > Remove.

    Screenshot of the review API information in Cloud Security Explorer.

  4. Optional: You can also select multiple APIs to offboard by selecting the APIs in the checkbox and then selecting Remove:

    Screenshot showing selected APIs to remove.

Query your APIs with the cloud security explorer

You can use the cloud security explorer to run graph-based queries on the cloud security graph. By utilizing the cloud security explorer, you can proactively identify potential security risks to your APIs.

There are three types of APIs you can query:

  • API Collections: API collections enable software applications to communicate and exchange data. They are an essential component of modern software applications and microservice architectures. API collections include one or more API endpoints that represent a specific resource or operation provided by an organization. API collections provide functionality for specific types of applications or services. API collections are typically managed and configured by API management/gateway services.

  • API Endpoints: API endpoints represent a specific URL, function, or resource within an API collection. Each API endpoint provides a specific functionality that developers, applications, or other systems can access.

  • API Management services: API management services are platforms that provide tools and infrastructure for managing APIs, typically through a web-based interface. They often include features such as: API gateway, API portal, API analytics and API security.

To query APIs in the cloud security graph:

  1. Sign in to the Azure portal.

  2. Navigate to Microsoft Defender for Cloud > Cloud Security Explorer.

  3. From the drop-down menu, select APIs:

    Screenshot of Defender for Cloud's cloud security explorer that shows how to select APIs.

  4. Select all relevant options.

  5. Select Done.

  6. Add any other conditions.

  7. Select Search.

You can learn more about how to build queries with cloud security explorer.

Next steps

Learn about Defender for APIs.