Microsoft.Security advancedThreatProtectionSettings

Bicep resource definition

The advancedThreatProtectionSettings resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in Bicep.

Valid deployment scopes for the advancedThreatProtectionSettings resource are:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/advancedThreatProtectionSettings resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/advancedThreatProtectionSettings@2019-01-01' = {
  name: 'current'
  scope: resourceSymbolicName
  properties: {
    isEnabled: bool
  }
}

Property values

advancedThreatProtectionSettings

Name Description Value
name The resource name 'current'
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For Bicep, set this property to the symbolic name of the resource to apply the extension resource.
properties The Advanced Threat Protection settings. AdvancedThreatProtectionProperties

AdvancedThreatProtectionProperties

Name Description Value
isEnabled Indicates whether Advanced Threat Protection is enabled. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Cosmos DB account with Microsoft Defender enabled

Deploy to Azure
Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders.
Storage account with Advanced Threat Protection

Deploy to Azure
This template allows you to deploy an Azure Storage account with Advanced Threat Protection enabled.

ARM template resource definition

The advancedThreatProtectionSettings resource type is an extension resource, which means you can apply it to another resource.

Use the scope property on this resource to set the scope for this resource. See Set scope on extension resources in ARM templates.

Valid deployment scopes for the advancedThreatProtectionSettings resource are:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/advancedThreatProtectionSettings resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/advancedThreatProtectionSettings",
  "apiVersion": "2019-01-01",
  "name": "current",
  "scope": "string",
  "properties": {
    "isEnabled": "bool"
  }
}

Property values

advancedThreatProtectionSettings

Name Description Value
type The resource type 'Microsoft.Security/advancedThreatProtectionSettings'
apiVersion The resource api version '2019-01-01'
name The resource name 'current'
scope Use when creating an extension resource at a scope that is different than the deployment scope. Target resource

For JSON, set the value to the full name of the resource to apply the extension resource to.
properties The Advanced Threat Protection settings. AdvancedThreatProtectionProperties

AdvancedThreatProtectionProperties

Name Description Value
isEnabled Indicates whether Advanced Threat Protection is enabled. bool

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
Create a Cosmos DB account with Microsoft Defender enabled

Deploy to Azure
Using this ARM template, you can deploy an Azure Cosmos DB account with Microsoft Defender for Azure Cosmos DB enabled. Microsoft Defender for Azure Cosmos DB is an Azure-native layer of security that detects attempts to exploit databases in your Azure Cosmos DB accounts. Microsoft Defender for Azure Cosmos DB detects potential SQL injections, known bad actors based on Microsoft Threat Intelligence, suspicious access patterns, and potential exploitations of your database through compromised identities or malicious insiders.
Storage account with Advanced Threat Protection

Deploy to Azure
This template allows you to deploy an Azure Storage account with Advanced Threat Protection enabled.

Terraform (AzAPI provider) resource definition

The advancedThreatProtectionSettings resource type is an extension resource, which means you can apply it to another resource.

Use the parent_id property on this resource to set the scope for this resource.

Valid deployment scopes for the advancedThreatProtectionSettings resource are:

  • Resource groups

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/advancedThreatProtectionSettings resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/advancedThreatProtectionSettings@2019-01-01"
  name = "current"
  parent_id = "string"
  body = jsonencode({
    properties = {
      isEnabled = bool
    }
  })
}

Property values

advancedThreatProtectionSettings

Name Description Value
type The resource type "Microsoft.Security/advancedThreatProtectionSettings@2019-01-01"
name The resource name "current"
parent_id The ID of the resource to apply this extension resource to. string (required)
properties The Advanced Threat Protection settings. AdvancedThreatProtectionProperties

AdvancedThreatProtectionProperties

Name Description Value
isEnabled Indicates whether Advanced Threat Protection is enabled. bool