Microsoft.Security pricings
Bicep resource definition
The pricings resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/pricings resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Security/pricings@2024-01-01' = {
name: 'string'
properties: {
enforce: 'string'
extensions: [
{
additionalExtensionProperties: {
{customized property}: any()
}
isEnabled: 'string'
name: 'string'
}
]
pricingTier: 'string'
subPlan: 'string'
}
}
Property values
pricings
| Name | Description | Value |
|---|---|---|
| name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
| properties | Pricing data | PricingProperties |
PricingProperties
| Name | Description | Value |
|---|---|---|
| enforce | If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. | 'False' 'True' |
| extensions | Optional. List of extensions offered under a plan. | Extension[] |
| pricingTier | Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. | 'Free' 'Standard' (required) |
| subPlan | The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. | string |
Extension
| Name | Description | Value |
|---|---|---|
| additionalExtensionProperties | Property values associated with the extension. | ExtensionAdditionalExtensionProperties |
| isEnabled | Indicates whether the extension is enabled. | 'False' 'True' (required) |
| name | The extension name. Supported values are: AgentlessDiscoveryForKubernetes - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer. Available for CloudPosture plan. OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month. Available for StorageAccounts plan. SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events. Available for StorageAccounts and CloudPosture plans. ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries. Available for CloudPosture and Containers plans. |
string (required) |
ExtensionAdditionalExtensionProperties
| Name | Description | Value |
|---|---|---|
| {customized property} | For Bicep, you can use the any() function. |
ARM template resource definition
The pricings resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/pricings resource, add the following JSON to your template.
{
"type": "Microsoft.Security/pricings",
"apiVersion": "2024-01-01",
"name": "string",
"properties": {
"enforce": "string",
"extensions": [
{
"additionalExtensionProperties": {
"{customized property}": {}
},
"isEnabled": "string",
"name": "string"
}
],
"pricingTier": "string",
"subPlan": "string"
}
}
Property values
pricings
| Name | Description | Value |
|---|---|---|
| type | The resource type | 'Microsoft.Security/pricings' |
| apiVersion | The resource api version | '2024-01-01' |
| name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
| properties | Pricing data | PricingProperties |
PricingProperties
| Name | Description | Value |
|---|---|---|
| enforce | If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. | 'False' 'True' |
| extensions | Optional. List of extensions offered under a plan. | Extension[] |
| pricingTier | Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. | 'Free' 'Standard' (required) |
| subPlan | The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. | string |
Extension
| Name | Description | Value |
|---|---|---|
| additionalExtensionProperties | Property values associated with the extension. | ExtensionAdditionalExtensionProperties |
| isEnabled | Indicates whether the extension is enabled. | 'False' 'True' (required) |
| name | The extension name. Supported values are: AgentlessDiscoveryForKubernetes - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer. Available for CloudPosture plan. OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month. Available for StorageAccounts plan. SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events. Available for StorageAccounts and CloudPosture plans. ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries. Available for CloudPosture and Containers plans. |
string (required) |
ExtensionAdditionalExtensionProperties
| Name | Description | Value |
|---|---|---|
| {customized property} |
Terraform (AzAPI provider) resource definition
The pricings resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.Security/pricings resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.Security/pricings@2024-01-01"
name = "string"
parent_id = "string"
body = jsonencode({
properties = {
enforce = "string"
extensions = [
{
additionalExtensionProperties = {}
isEnabled = "string"
name = "string"
}
]
pricingTier = "string"
subPlan = "string"
}
})
}
Property values
pricings
| Name | Description | Value |
|---|---|---|
| type | The resource type | "Microsoft.Security/pricings@2024-01-01" |
| name | The resource name | string (required) Character limit: 1-260 Valid characters: Alphanumerics, underscores, and hyphens. |
| parent_id | To deploy to a resource group, use the ID of that resource group. | string (required) |
| properties | Pricing data | PricingProperties |
PricingProperties
| Name | Description | Value |
|---|---|---|
| enforce | If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. | "False" "True" |
| extensions | Optional. List of extensions offered under a plan. | Extension[] |
| pricingTier | Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. | "Free" "Standard" (required) |
| subPlan | The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. | string |
Extension
| Name | Description | Value |
|---|---|---|
| additionalExtensionProperties | Property values associated with the extension. | ExtensionAdditionalExtensionProperties |
| isEnabled | Indicates whether the extension is enabled. | "False" "True" (required) |
| name | The extension name. Supported values are: AgentlessDiscoveryForKubernetes - API-based discovery of information about Kubernetes cluster architecture, workload objects, and setup. Required for Kubernetes inventory, identity and network exposure detection, attack path analysis and risk hunting as part of the cloud security explorer. Available for CloudPosture plan. OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month. Available for StorageAccounts plan. SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events. Available for StorageAccounts and CloudPosture plans. ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries. Available for CloudPosture and Containers plans. |
string (required) |
ExtensionAdditionalExtensionProperties
| Name | Description | Value |
|---|---|---|
| {customized property} |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for