Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
GET https://management.azure.com/{scopeId}/providers/Microsoft.Security/pricings/{pricingName}?api-version=2024-01-01
URI Parameters
| Name |
In |
Required |
Type |
Description |
|
pricingName
|
path |
True
|
string
|
name of the pricing configuration
|
|
scopeId
|
path |
True
|
string
|
The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
|
|
api-version
|
query |
True
|
string
|
API version for the operation
|
Responses
| Name |
Type |
Description |
|
200 OK
|
Pricing
|
OK
|
|
Other Status Codes
|
CloudError
|
Error response describing why the operation failed.
|
Security
azure_auth
Azure Active Directory OAuth2 Flow
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
| Name |
Description |
|
user_impersonation
|
impersonate your user account
|
Examples
Get pricings on resource - VirtualMachines plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/VirtualMachines?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json
func ExamplePricingsClient_Get_getPricingsOnResourceVirtualMachinesPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1", "VirtualMachines", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("VirtualMachines"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/VirtualMachines"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// Inherited: to.Ptr(armsecurity.InheritedTrue),
// InheritedFrom: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// SubPlan: to.Ptr("P2"),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("AgentlessVmScanning"),
// AdditionalExtensionProperties: map[string]any{
// "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]",
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("MdeDesignatedSubscription"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json
*/
async function getPricingsOnResourceVirtualMachinesPlan() {
const scopeId =
"subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1";
const pricingName = "VirtualMachines";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/VirtualMachines",
"name": "VirtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P2",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"inherited": "True",
"inheritedFrom": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
}
},
{
"name": "MdeDesignatedSubscription",
"isEnabled": "True"
}
]
}
}
Get pricings on subscription - CloudPosture plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameCloudPosture_example.json
func ExamplePricingsClient_Get_getPricingsOnSubscriptionCloudPosturePlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "CloudPosture", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("CloudPosture"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("AgentlessVmScanning"),
// AdditionalExtensionProperties: map[string]any{
// "ExclusionTags": "[]",
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("AgentlessDiscoveryForKubernetes"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("SensitiveDataDiscovery"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("ContainerRegistriesVulnerabilityAssessments"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("EntraPermissionsManagement"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameCloudPosture_example.json
*/
async function getPricingsOnSubscriptionCloudPosturePlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "CloudPosture";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
"name": "CloudPosture",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[]"
}
},
{
"name": "AgentlessDiscoveryForKubernetes",
"isEnabled": "True"
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True"
},
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True"
},
{
"name": "EntraPermissionsManagement",
"isEnabled": "True"
}
]
}
}
Get pricings on subscription - Containers plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Containers?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameContainers_example.json
func ExamplePricingsClient_Get_getPricingsOnSubscriptionContainersPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "Containers", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("Containers"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Containers"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("ContainerRegistriesVulnerabilityAssessments"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameContainers_example.json
*/
async function getPricingsOnSubscriptionContainersPlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "Containers";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Containers",
"name": "Containers",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "ContainerRegistriesVulnerabilityAssessments",
"isEnabled": "True"
}
]
}
}
Get pricings on subscription - Dns plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Dns?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameDns_example.json
func ExamplePricingsClient_Get_getPricingsOnSubscriptionDnsPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "Dns", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("Dns"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Dns"),
// Properties: &armsecurity.PricingProperties{
// Deprecated: to.Ptr(true),
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ReplacedBy: []*string{
// to.Ptr("VirtualMachines")},
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameDns_example.json
*/
async function getPricingsOnSubscriptionDnsPlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "Dns";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Dns",
"name": "Dns",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"deprecated": true,
"replacedBy": [
"VirtualMachines"
],
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered"
}
}
Get pricings on subscription - StorageAccounts plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameStorageAccounts_example.json
func ExamplePricingsClient_Get_getPricingsOnSubscriptionStorageAccountsPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "StorageAccounts", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("StorageAccounts"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusFullyCovered),
// SubPlan: to.Ptr("PerStorageAccount"),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("OnUploadMalwareScanning"),
// AdditionalExtensionProperties: map[string]any{
// "capGBPerMonthPerStorageAccount": float64(10),
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("SensitiveDataDiscovery"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameStorageAccounts_example.json
*/
async function getPricingsOnSubscriptionStorageAccountsPlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "StorageAccounts";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts",
"name": "StorageAccounts",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "PerStorageAccount",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "FullyCovered",
"extensions": [
{
"name": "OnUploadMalwareScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"capGBPerMonthPerStorageAccount": 10
}
},
{
"name": "SensitiveDataDiscovery",
"isEnabled": "True"
}
]
}
}
Get pricings on subscription - VirtualMachines plan
Sample request
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines?api-version=2024-01-01
package armsecurity_test
import (
"context"
"log"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity"
)
// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/9ac34f238dd6b9071f486b57e9f9f1a0c43ec6f6/specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameVirtualMachines_example.json
func ExamplePricingsClient_Get_getPricingsOnSubscriptionVirtualMachinesPlan() {
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
log.Fatalf("failed to obtain a credential: %v", err)
}
ctx := context.Background()
clientFactory, err := armsecurity.NewClientFactory("<subscription-id>", cred, nil)
if err != nil {
log.Fatalf("failed to create client: %v", err)
}
res, err := clientFactory.NewPricingsClient().Get(ctx, "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23", "VirtualMachines", nil)
if err != nil {
log.Fatalf("failed to finish the request: %v", err)
}
// You could use response here. We use blank identifier for just demo purposes.
_ = res
// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
// res.Pricing = armsecurity.Pricing{
// Name: to.Ptr("VirtualMachines"),
// Type: to.Ptr("Microsoft.Security/pricings"),
// ID: to.Ptr("/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines"),
// Properties: &armsecurity.PricingProperties{
// EnablementTime: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2023-03-01T12:42:42.192Z"); return t}()),
// Enforce: to.Ptr(armsecurity.EnforceFalse),
// FreeTrialRemainingTime: to.Ptr("PT0S"),
// PricingTier: to.Ptr(armsecurity.PricingTierStandard),
// ResourcesCoverageStatus: to.Ptr(armsecurity.ResourcesCoverageStatusPartiallyCovered),
// SubPlan: to.Ptr("P2"),
// Extensions: []*armsecurity.Extension{
// {
// Name: to.Ptr("AgentlessVmScanning"),
// AdditionalExtensionProperties: map[string]any{
// "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]",
// },
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// },
// {
// Name: to.Ptr("MdeDesignatedSubscription"),
// IsEnabled: to.Ptr(armsecurity.IsEnabledTrue),
// }},
// },
// }
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
const { SecurityCenter } = require("@azure/arm-security");
const { DefaultAzureCredential } = require("@azure/identity");
/**
* This sample demonstrates how to Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
*
* @summary Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.
* x-ms-original-file: specification/security/resource-manager/Microsoft.Security/stable/2024-01-01/examples/Pricings/GetPricingByNameVirtualMachines_example.json
*/
async function getPricingsOnSubscriptionVirtualMachinesPlan() {
const scopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23";
const pricingName = "VirtualMachines";
const credential = new DefaultAzureCredential();
const client = new SecurityCenter(credential);
const result = await client.pricings.get(scopeId, pricingName);
console.log(result);
}
To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue
Sample response
{
"id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
"name": "VirtualMachines",
"type": "Microsoft.Security/pricings",
"properties": {
"pricingTier": "Standard",
"subPlan": "P2",
"freeTrialRemainingTime": "PT0S",
"enablementTime": "2023-03-01T12:42:42.1921106Z",
"enforce": "False",
"resourcesCoverageStatus": "PartiallyCovered",
"extensions": [
{
"name": "AgentlessVmScanning",
"isEnabled": "True",
"additionalExtensionProperties": {
"ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
}
},
{
"name": "MdeDesignatedSubscription",
"isEnabled": "True"
}
]
}
}
Definitions
| Name |
Description |
|
CloudError
|
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
|
|
CloudErrorBody
|
The error detail.
|
|
code
|
The operation status code.
|
|
enforce
|
If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
|
|
ErrorAdditionalInfo
|
The resource management error additional info.
|
|
Extension
|
A plan's extension properties
|
|
inherited
|
"inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
|
|
isEnabled
|
Indicates whether the extension is enabled.
|
|
OperationStatus
|
A status describing the success/failure of the extension's enablement/disablement operation.
|
|
Pricing
|
Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
|
|
pricingTier
|
Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
|
|
resourcesCoverageStatus
|
This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
|
CloudError
Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).
| Name |
Type |
Description |
|
error.additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
error.code
|
string
|
The error code.
|
|
error.details
|
CloudErrorBody[]
|
The error details.
|
|
error.message
|
string
|
The error message.
|
|
error.target
|
string
|
The error target.
|
CloudErrorBody
The error detail.
| Name |
Type |
Description |
|
additionalInfo
|
ErrorAdditionalInfo[]
|
The error additional info.
|
|
code
|
string
|
The error code.
|
|
details
|
CloudErrorBody[]
|
The error details.
|
|
message
|
string
|
The error message.
|
|
target
|
string
|
The error target.
|
code
The operation status code.
| Name |
Type |
Description |
|
Failed
|
string
|
Extension was not created/updated successfully. See operation status message for more details.
|
|
Succeeded
|
string
|
Extension was created/updated successfully.
|
enforce
If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
| Name |
Type |
Description |
|
False
|
string
|
Allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
|
|
True
|
string
|
Prevents overrides and forces the current scope's pricing configuration to all descendants
|
ErrorAdditionalInfo
The resource management error additional info.
| Name |
Type |
Description |
|
info
|
object
|
The additional info.
|
|
type
|
string
|
The additional info type.
|
Extension
A plan's extension properties
| Name |
Type |
Description |
|
additionalExtensionProperties
|
|
Property values associated with the extension.
|
|
isEnabled
|
isEnabled
|
Indicates whether the extension is enabled.
|
|
name
|
string
|
The extension name. Supported values are:
AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.
Available for CloudPosture plan and Containers plan.
OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
Available for StorageAccounts plan (DefenderForStorageV2 sub plans).
SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.
ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.
Available for CloudPosture plan and Containers plan.
MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure
Available for VirtualMachines plan (P1 and P2 sub plans).
AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.
Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.
EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.
Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.
Available for CloudPosture plan.
FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.
Windows registries, Linux system files, in real time, for changes that might indicate an attack.
Available for VirtualMachines plan (P2 sub plan).
ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.
Available for Containers plan.
AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.
Available for AI plan.
|
|
operationStatus
|
OperationStatus
|
Optional. A status describing the success/failure of the extension's enablement/disablement operation.
|
inherited
"inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
| Name |
Type |
Description |
|
False
|
string
|
Indicates that the current scope sets its own pricing configuration and does not inherit it from its parent
|
|
True
|
string
|
Indicates that the current scope is inheriting its pricing configuration from its parent
|
isEnabled
Indicates whether the extension is enabled.
| Name |
Type |
Description |
|
False
|
string
|
Indicates the extension is disabled
|
|
True
|
string
|
Indicates the extension is enabled
|
OperationStatus
A status describing the success/failure of the extension's enablement/disablement operation.
| Name |
Type |
Description |
|
code
|
code
|
The operation status code.
|
|
message
|
string
|
Additional information regarding the success/failure of the operation.
|
Pricing
Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
| Name |
Type |
Description |
|
id
|
string
|
Resource Id
|
|
name
|
string
|
Resource name
|
|
properties.deprecated
|
boolean
|
Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
|
|
properties.enablementTime
|
string
|
Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
|
|
properties.enforce
|
enforce
|
If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
|
|
properties.extensions
|
Extension[]
|
Optional. List of extensions offered under a plan.
|
|
properties.freeTrialRemainingTime
|
string
|
The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
|
|
properties.inherited
|
inherited
|
"inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
|
|
properties.inheritedFrom
|
string
|
The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
|
|
properties.pricingTier
|
pricingTier
|
Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
|
|
properties.replacedBy
|
string[]
|
Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
|
|
properties.resourcesCoverageStatus
|
resourcesCoverageStatus
|
This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
|
|
properties.subPlan
|
string
|
The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
|
|
type
|
string
|
Resource type
|
pricingTier
Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
| Name |
Type |
Description |
|
Free
|
string
|
Get free Microsoft Defender for Cloud experience with basic security features
|
|
Standard
|
string
|
Get the standard Microsoft Defender for Cloud experience with advanced security features
|
resourcesCoverageStatus
This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
| Name |
Type |
Description |
|
FullyCovered
|
string
|
This value indicates that all resources associated with the subscription have the Defender plan enabled.
|
|
NotCovered
|
string
|
This value indicates that the Defender plan is disabled for all resources under the subscription. None of the resources are protected by the Defender plan.
|
|
PartiallyCovered
|
string
|
This value indicates that some resources under the subscription have the Defender plan enabled, while others have it disabled. There is a mixed coverage status among resources.
|