汇报范围内提供的云定价配置Microsoft Defender。 有效范围为:订阅 ID 或特定资源 ID, (支持的资源为:“VirtualMachines、VMSS 和 ARC Machines”,仅适用于 plan='VirtualMachines'和 subPlan='P1') 。
PUT https://management.azure.com/{scopeId}/providers/Microsoft.Security/pricings/{pricingName}?api-version=2024-01-01
URI 参数
| 名称 |
在 |
必需 |
类型 |
说明 |
|
pricingName
|
path |
True
|
string
|
定价配置的名称
|
|
scopeId
|
path |
True
|
string
|
定价的范围 ID。 有效作用域为:订阅 (格式:“subscriptions/{subscriptionId}”) ,或特定资源 (格式:“subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - 支持的资源 (VirtualMachines)
|
|
api-version
|
query |
True
|
string
|
操作的 API 版本
|
请求正文
| 名称 |
必需 |
类型 |
说明 |
|
properties.pricingTier
|
True
|
pricingTier
|
指示是否在所选范围上启用 Defender 计划。 Microsoft Defender for Cloud 在两个定价层中提供:免费和标准。 标准层提供高级安全功能,免费层提供基本安全功能。
|
|
properties.enforce
|
|
enforce
|
如果设置为“False”,则允许此范围的后代覆盖在此范围上设置的定价配置, (允许设置 inherited=“False”) 。 如果设置为“True”,则会阻止覆盖并强制此范围的所有后代进行此定价配置。 此字段仅适用于订阅级定价。
|
|
properties.extensions
|
|
Extension[]
|
可选。 计划下提供的扩展列表。
|
|
properties.subPlan
|
|
string
|
当有多个子计划可用时,为标准定价配置选择的子计划。 每个子计划都支持一组安全功能。 如果未指定,则会应用完整计划。 对于 VirtualMachines 计划,可用的子计划为“P1”&“P2”,其中仅支持资源级别的“P1”子计划。
|
响应
安全性
azure_auth
Azure Active Directory OAuth2 流
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| 名称 |
说明 |
|
user_impersonation
|
模拟用户帐户
|
示例
Update pricing on resource (example for VirtualMachines plan)
Sample Request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines?api-version=2024-01-01
{
"properties": {
"pricingTier": "Standard",
"subPlan": "P1"
}
}
import com.azure.resourcemanager.security.fluent.models.PricingInner;
import com.azure.resourcemanager.security.models.PricingTier;
/**
* Samples for Pricings Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/
* PutResourcePricingByNameVirtualMachines_example.json
*/
/**
* Sample code: Update pricing on resource (example for VirtualMachines plan).
*
* @param manager Entry point to SecurityManager.
*/
public static void updatePricingOnResourceExampleForVirtualMachinesPlan(
com.azure.resourcemanager.security.SecurityManager manager) {
manager.pricings().updateWithResponse(
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
"virtualMachines", new PricingInner().withPricingTier(PricingTier.STANDARD).withSubPlan("P1"),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json
func ExamplePricingsClient_Update_updatePricingOnResourceExampleForVirtualMachinesPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Update(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1", "virtualMachines", armsecurity.Pricing{
Properties: &armsecurity.PricingProperties{
PricingTier: to.Ptr(armsecurity.PricingTierStandard),
SubPlan: to.Ptr("P1"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("virtualMachines"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// Inherited: to.Ptr(armsecurity.InheritedFalse),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// SubPlan: to.Ptr("P1"),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("MdeDesignatedSubscription"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledFalse),
// },
// {
// Name: to.Ptr("AgentlessVmScanning"),
// AdditionalExtensionProperties: map[string]any{
// "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]",
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
*
* @summary Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json
*/
async function updatePricingOnResourceExampleForVirtualMachinesPlan() {
const scopeId =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1";
const pricingName = "virtualMachines";
const pricing = { pricingTier: "Standard", subPlan: "P1" };
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.update(scopeId, pricingName, pricing);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines",
"name": "virtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P1",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"inherited": "False",
"inheritedFrom": null,
"extensions": [
{
"name": "MdeDesignatedSubscription",
"isEnabled": "False"
},
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
}
}
]
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines",
"name": "virtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P1",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"inherited": "False",
"inheritedFrom": null,
"extensions": [
{
"name": "MdeDesignatedSubscription",
"isEnabled": "False"
},
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{'Key':'TestKey1','Value':'TestValue1'},{'Key':'TestKey2','Value':'TestValue2'}]"
}
}
]
}
}
Update pricing on subscription (example for CloudPosture plan)
Sample Request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture?api-version=2024-01-01
{
"properties": {
"pricingTier": "Standard"
}
}
import com.azure.resourcemanager.security.fluent.models.PricingInner;
import com.azure.resourcemanager.security.models.PricingTier;
/**
* Samples for Pricings Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/
* PutPricingByName_example.json
*/
/**
* Sample code: Update pricing on subscription (example for CloudPosture plan).
*
* @param manager Entry point to SecurityManager.
*/
public static void updatePricingOnSubscriptionExampleForCloudPosturePlan(
com.azure.resourcemanager.security.SecurityManager manager) {
manager.pricings().updateWithResponse("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "CloudPosture",
new PricingInner().withPricingTier(PricingTier.STANDARD), com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingByName_example.json
func ExamplePricingsClient_Update_updatePricingOnSubscriptionExampleForCloudPosturePlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Update(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "CloudPosture", armsecurity.Pricing{
Properties: &armsecurity.PricingProperties{
PricingTier: to.Ptr(armsecurity.PricingTierStandard),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("CloudPosture"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("AgentlessVmScanning"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// },
// {
// Name: to.Ptr("AgentlessDiscoveryForKubernetes"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// },
// {
// Name: to.Ptr("SensitiveDataDiscovery"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// },
// {
// Name: to.Ptr("ContainerRegistriesVulnerabilityAssessments"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// },
// {
// Name: to.Ptr("EntraPermissionsManagement"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
*
* @summary Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingByName_example.json
*/
async function updatePricingOnSubscriptionExampleForCloudPosturePlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "CloudPosture";
const pricing = { pricingTier: "Standard" };
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.update(scopeId, pricingName, pricing);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
"name": "CloudPosture",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "AgentlessDiscoveryForKubernetes",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "EntraPermissionsManagement",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
"name": "CloudPosture",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "AgentlessDiscoveryForKubernetes",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "EntraPermissionsManagement",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
Update pricing on subscription (example for CloudPosture plan) - partial success
Sample Request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture?api-version=2024-01-01
{
"properties": {
"pricingTier": "Standard"
}
}
import com.azure.resourcemanager.security.fluent.models.PricingInner;
import com.azure.resourcemanager.security.models.PricingTier;
/**
* Samples for Pricings Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/
* PutPricingByNamePartialSuccess_example.json
*/
/**
* Sample code: Update pricing on subscription (example for CloudPosture plan) - partial success.
*
* @param manager Entry point to SecurityManager.
*/
public static void updatePricingOnSubscriptionExampleForCloudPosturePlanPartialSuccess(
com.azure.resourcemanager.security.SecurityManager manager) {
manager.pricings().updateWithResponse("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "CloudPosture",
new PricingInner().withPricingTier(PricingTier.STANDARD), com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingByNamePartialSuccess_example.json
func ExamplePricingsClient_Update_updatePricingOnSubscriptionExampleForCloudPosturePlanPartialSuccess() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Update(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "CloudPosture", armsecurity.Pricing{
Properties: &armsecurity.PricingProperties{
PricingTier: to.Ptr(armsecurity.PricingTierStandard),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("CloudPosture"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("AgentlessVmScanning"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeFailed),
// Message: to.Ptr("Failed find dedicated first party application client ID for extension"),
// },
// },
// {
// Name: to.Ptr("AgentlessDiscoveryForKubernetes"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeFailed),
// Message: to.Ptr("Failed assigning roles {d5a2ae44-610b-4500-93be-660a0c5f5ca6} to {identityName} for plan"),
// },
// },
// {
// Name: to.Ptr("SensitiveDataDiscovery"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeFailed),
// Message: to.Ptr("Failed assigning roles {f58310d9-a9f6-439a-9e8d-f62e7b41a168} to {identityName} for plan"),
// },
// },
// {
// Name: to.Ptr("ContainerRegistriesVulnerabilityAssessments"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// },
// {
// Name: to.Ptr("EntraPermissionsManagement"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
*
* @summary Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingByNamePartialSuccess_example.json
*/
async function updatePricingOnSubscriptionExampleForCloudPosturePlanPartialSuccess() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "CloudPosture";
const pricing = { pricingTier: "Standard" };
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.update(scopeId, pricingName, pricing);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
"name": "CloudPosture",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed find dedicated first party application client ID for extension"
}
},
{
"name": "AgentlessDiscoveryForKubernetes",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed assigning roles {d5a2ae44-610b-4500-93be-660a0c5f5ca6} to {identityName} for plan"
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed assigning roles {f58310d9-a9f6-439a-9e8d-f62e7b41a168} to {identityName} for plan"
}
},
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "EntraPermissionsManagement",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
"name": "CloudPosture",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed find dedicated first party application client ID for extension"
}
},
{
"name": "AgentlessDiscoveryForKubernetes",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed assigning roles {d5a2ae44-610b-4500-93be-660a0c5f5ca6} to {identityName} for plan"
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True",
"operationStatus": {
"code": "Failed",
"message": "Failed assigning roles {f58310d9-a9f6-439a-9e8d-f62e7b41a168} to {identityName} for plan"
}
},
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
},
{
"name": "EntraPermissionsManagement",
"isEnabled": "True",
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
Update pricing on subscription (example for VirtualMachines plan)
Sample Request
PUT https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines?api-version=2024-01-01
{
"properties": {
"pricingTier": "Standard",
"subPlan": "P2",
"enforce": "True"
}
}
import com.azure.resourcemanager.security.fluent.models.PricingInner;
import com.azure.resourcemanager.security.models.Enforce;
import com.azure.resourcemanager.security.models.PricingTier;
/**
* Samples for Pricings Update.
*/
public final class Main {
/*
* x-ms-original-file:
* specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/
* PutPricingVMsByName_example.json
*/
/**
* Sample code: Update pricing on subscription (example for VirtualMachines plan).
*
* @param manager Entry point to SecurityManager.
*/
public static void updatePricingOnSubscriptionExampleForVirtualMachinesPlan(
com.azure.resourcemanager.security.SecurityManager manager) {
manager.pricings().updateWithResponse("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "VirtualMachines",
new PricingInner().withPricingTier(PricingTier.STANDARD).withSubPlan("P2").withEnforce(Enforce.TRUE),
com.azure.core.util.Context.NONE);
}
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/to"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingVMsByName_example.json
func ExamplePricingsClient_Update_updatePricingOnSubscriptionExampleForVirtualMachinesPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Update(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "VirtualMachines", armsecurity.Pricing{
Properties: &armsecurity.PricingProperties{
Enforce: to.Ptr(armsecurity.EnforceTrue),
PricingTier: to.Ptr(armsecurity.PricingTierStandard),
SubPlan: to.Ptr("P2"),
},
}, nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("VirtualMachines"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceTrue),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// SubPlan: to.Ptr("P2"),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("MdeDesignatedSubscription"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledFalse),
// },
// {
// Name: to.Ptr("AgentlessVmScanning"),
// AdditionalExtensionProperties: map[string]any{
// "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]",
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// OperationStatus: &armsecurity.OperationStatusAutoGenerated{
// Code: to.Ptr(armsecurity.CodeSucceeded),
// Message: to.Ptr("Successfully enabled extension"),
// },
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
*
* @summary Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines, VMSS and ARC Machines' and only for plan='VirtualMachines' and subPlan='P1').
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/PutPricingVMsByName_example.json
*/
async function updatePricingOnSubscriptionExampleForVirtualMachinesPlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "VirtualMachines";
const pricing = {
enforce: "True",
pricingTier: "Standard",
subPlan: "P2",
};
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.update(scopeId, pricingName, pricing);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample Response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
"name": "VirtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P2",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "True",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "MdeDesignatedSubscription",
"isEnabled": "False"
},
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
},
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
"name": "VirtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P2",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "True",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "MdeDesignatedSubscription",
"isEnabled": "False"
},
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
},
"operationStatus": {
"code": "Succeeded",
"message": "Successfully enabled extension"
}
}
]
}
}
定义
| 名称 |
说明 |
|
CloudError
|
对所有 Azure 资源管理器 API 的常见错误响应,可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。
|
|
CloudErrorBody
|
错误详细信息。
|
|
code
|
操作状态代码。
|
|
enforce
|
如果设置为“False”,则允许此范围的后代覆盖在此范围上设置的定价配置, (允许设置 inherited=“False”) 。 如果设置为“True”,则会阻止重写,并强制对此范围的所有后代进行此定价配置。 此字段仅适用于订阅级定价。
|
|
ErrorAdditionalInfo
|
资源管理错误附加信息。
|
|
Extension
|
计划的扩展属性
|
|
inherited
|
“inherited” = “True” 表示当前范围从其父级继承其定价配置。 提供继承配置的父范围的 ID 显示在“inheritedFrom”字段中。 另一方面,“inherited” = “False” 表示当前范围显式设置了自己的定价配置,并且不会从其父级继承。 此字段是只读的,仅适用于资源级定价。
|
|
isEnabled
|
指示是否启用扩展。
|
|
OperationStatus
|
描述扩展的启用/禁用操作成功/失败的状态。
|
|
Pricing
|
Microsoft Defender for Cloud 分为两个定价层:免费和标准。 标准层提供高级安全功能,而免费层提供基本安全功能。
|
|
pricingTier
|
指示是否在所选范围内启用 Defender 计划。 Microsoft Defender for Cloud 分为两个定价层:免费和标准。 标准层提供高级安全功能,而免费层提供基本安全功能。
|
|
resourcesCoverageStatus
|
此字段仅适用于订阅级别,并反映订阅下资源的覆盖状态。 请注意:“pricingTier”字段反映订阅的计划状态。 但是,由于计划状态也可以在资源级别定义,因此订阅的计划状态和资源状态之间可能存在不一致。 此字段有助于指示资源的覆盖状态。
|
CloudError
对所有 Azure 资源管理器 API 的常见错误响应,可返回失败操作的错误详细信息。 (这也遵循 OData 错误响应格式.) 。
| 名称 |
类型 |
说明 |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
错误附加信息。
|
|
error.code
|
string
|
错误代码。
|
|
error.details
|
CloudErrorBody[]
|
错误详细信息。
|
|
error.message
|
string
|
错误消息。
|
|
error.target
|
string
|
错误目标。
|
CloudErrorBody
错误详细信息。
code
操作状态代码。
| 名称 |
类型 |
说明 |
|
Failed
|
string
|
扩展未成功创建/更新。 有关更多详细信息,请参阅操作状态消息。
|
|
Succeeded
|
string
|
已成功创建/更新扩展。
|
enforce
如果设置为“False”,则允许此范围的后代覆盖在此范围上设置的定价配置, (允许设置 inherited=“False”) 。 如果设置为“True”,则会阻止重写,并强制对此范围的所有后代进行此定价配置。 此字段仅适用于订阅级定价。
| 名称 |
类型 |
说明 |
|
False
|
string
|
允许此范围的后代覆盖在此范围上设置的定价配置, (允许设置 inherited=“False”)
|
|
True
|
string
|
阻止替代,并将当前范围的定价配置强制用于所有后代
|
ErrorAdditionalInfo
资源管理错误附加信息。
| 名称 |
类型 |
说明 |
|
info
|
object
|
其他信息。
|
|
type
|
string
|
其他信息类型。
|
Extension
计划的扩展属性
| 名称 |
类型 |
说明 |
|
additionalExtensionProperties
|
|
与扩展关联的属性值。
|
|
isEnabled
|
isEnabled
|
指示是否启用扩展。
|
|
name
|
string
|
扩展插件名称。 支持的值是:
AgentlessDiscoveryForKubernetes - 有关 Kubernetes 群集体系结构、工作负载对象和设置的信息的基于 API 的发现。 作为云安全资源管理器的一部分,Kubernetes 清单、标识和网络暴露检测、攻击路径分析和风险搜寻是必需的。
可用于 CloudPosture 计划。
OnUploadMalwareScanning - 限制订阅中每个存储帐户每月扫描的 GB。 在给定存储帐户上达到此限制后,将不会在当前日历月扫描 Blob。
可用于 StorageAccounts 计划。
SensitiveDataDiscovery - 敏感数据发现使用凭据、信用卡等敏感数据标识 Blob 存储容器,以帮助确定安全事件的优先级并进行调查。
可用于 StorageAccounts 和 CloudPosture 计划。
ContainerRegistriesVulnerabilityAssessments - 为存储在容器注册表中的映像提供漏洞管理。
适用于 CloudPosture 和容器计划。
|
|
operationStatus
|
OperationStatus
|
可选。 描述扩展的启用/禁用操作成功/失败的状态。
|
inherited
“inherited” = “True” 表示当前范围从其父级继承其定价配置。 提供继承配置的父范围的 ID 显示在“inheritedFrom”字段中。 另一方面,“inherited” = “False” 表示当前范围显式设置了自己的定价配置,并且不会从其父级继承。 此字段是只读的,仅适用于资源级定价。
| 名称 |
类型 |
说明 |
|
False
|
string
|
指示当前范围设置其自己的定价配置,并且不会从其父级继承它
|
|
True
|
string
|
指示当前范围正在从其父级继承其定价配置
|
isEnabled
指示是否启用扩展。
| 名称 |
类型 |
说明 |
|
False
|
string
|
指示扩展已禁用
|
|
True
|
string
|
指示扩展已启用
|
OperationStatus
描述扩展的启用/禁用操作成功/失败的状态。
| 名称 |
类型 |
说明 |
|
code
|
code
|
操作状态代码。
|
|
message
|
string
|
有关操作成功/失败的其他信息。
|
Pricing
Microsoft Defender for Cloud 分为两个定价层:免费和标准。 标准层提供高级安全功能,而免费层提供基本安全功能。
| 名称 |
类型 |
说明 |
|
id
|
string
|
资源 ID
|
|
name
|
string
|
资源名称
|
|
properties.deprecated
|
boolean
|
可选。 如果计划已弃用,则其值为 True。 如果有替换计划,它们将显示在 属性中replacedBy
|
|
properties.enablementTime
|
string
|
可选。 如果 pricingTier 为 , Standard 则此属性保留上次 pricingTier 设置为 Standard的日期,当 (可用时,例如 2023-03-01T12:42:42.1921106Z) 。
|
|
properties.enforce
|
enforce
|
如果设置为“False”,则允许此范围的后代覆盖在此范围上设置的定价配置, (允许设置 inherited=“False”) 。 如果设置为“True”,则会阻止重写,并强制对此范围的所有后代进行此定价配置。 此字段仅适用于订阅级定价。
|
|
properties.extensions
|
Extension[]
|
可选。 计划下提供的扩展列表。
|
|
properties.freeTrialRemainingTime
|
string
|
订阅免费试用版剩余的持续时间 - ISO 8601 格式 (例如P3Y6M4DT12H30M5S) 。
|
|
properties.inherited
|
inherited
|
“inherited” = “True” 表示当前范围从其父级继承其定价配置。 提供继承配置的父范围的 ID 显示在“inheritedFrom”字段中。 另一方面,“inherited” = “False” 表示当前范围显式设置了自己的定价配置,并且不会从其父级继承。 此字段是只读的,仅适用于资源级定价。
|
|
properties.inheritedFrom
|
string
|
继承自的范围的 ID。 如果未继承,则为“Null”。 此字段仅适用于资源级定价。
|
|
properties.pricingTier
|
pricingTier
|
指示是否在所选范围内启用 Defender 计划。 Microsoft Defender for Cloud 分为两个定价层:免费和标准。 标准层提供高级安全功能,而免费层提供基本安全功能。
|
|
properties.replacedBy
|
string[]
|
可选。 替换此计划的计划列表。 仅当此计划已弃用时,此属性才存在。
|
|
properties.resourcesCoverageStatus
|
resourcesCoverageStatus
|
此字段仅适用于订阅级别,并反映订阅下资源的覆盖状态。 请注意:“pricingTier”字段反映订阅的计划状态。 但是,由于计划状态也可以在资源级别定义,因此订阅的计划状态和资源状态之间可能存在不一致。 此字段有助于指示资源的覆盖状态。
|
|
properties.subPlan
|
string
|
当有多个子计划可用时,为标准定价配置选择的子计划。 每个子计划都支持一组安全功能。 如果未指定,则应用完整计划。 对于 VirtualMachines 计划,可用的子计划为“P1”&“P2”,其中仅支持资源级别的“P1”子计划。
|
|
type
|
string
|
资源类型
|
pricingTier
指示是否在所选范围内启用 Defender 计划。 Microsoft Defender for Cloud 分为两个定价层:免费和标准。 标准层提供高级安全功能,而免费层提供基本安全功能。
| 名称 |
类型 |
说明 |
|
Free
|
string
|
使用基本安全功能获取免费的 Microsoft Defender for Cloud 体验
|
|
Standard
|
string
|
使用高级安全功能获取标准Microsoft Defender for Cloud 体验
|
resourcesCoverageStatus
此字段仅适用于订阅级别,并反映订阅下资源的覆盖状态。 请注意:“pricingTier”字段反映订阅的计划状态。 但是,由于计划状态也可以在资源级别定义,因此订阅的计划状态和资源状态之间可能存在不一致。 此字段有助于指示资源的覆盖状态。
| 名称 |
类型 |
说明 |
|
FullyCovered
|
string
|
此值指示与订阅关联的所有资源都已启用 Defender 计划。
|
|
NotCovered
|
string
|
此值指示已为订阅下的所有资源禁用 Defender 计划。 Defender 计划不保护任何资源。
|
|
PartiallyCovered
|
string
|
此值指示订阅下的某些资源已启用 Defender 计划,而其他资源则禁用了 Defender 计划。 资源之间的覆盖率状态是混合的。
|