Microsoft.Security pricings

Bicep resource definition

The pricings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/pricings resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.Security/pricings@2024-01-01' = {
  scope: resourceSymbolicName or scope
  name: 'string'
  properties: {
    enforce: 'string'
    extensions: [
      {
        additionalExtensionProperties: {
          {customized property}: any(Azure.Bicep.Types.Concrete.AnyType)
        }
        isEnabled: 'string'
        name: 'string'
      }
    ]
    pricingTier: 'string'
    subPlan: 'string'
  }
}

Property values

Extension

Name Description Value
additionalExtensionProperties Property values associated with the extension. ExtensionAdditionalExtensionProperties
isEnabled Indicates whether the extension is enabled. 'False'
'True' (required)
name The extension name. Supported values are:

AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.
Available for CloudPosture plan and Containers plan.

OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
Available for StorageAccounts plan (DefenderForStorageV2 sub plans).

SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.

ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.
Available for CloudPosture plan and Containers plan.

MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure
Available for VirtualMachines plan (P1 and P2 sub plans).

AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here /azure/defender-for-cloud/concept-agentless-data-collection.
Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.

EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.
Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here /azure/defender-for-cloud/permissions-management.
Available for CloudPosture plan.

FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.
Windows registries, Linux system files, in real time, for changes that might indicate an attack.
Available for VirtualMachines plan (P2 sub plan).

ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.
Available for Containers plan.

AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.
Available for AI plan.

string (required)

ExtensionAdditionalExtensionProperties

Name Description Value

Microsoft.Security/pricings

Name Description Value
name The resource name string (required)
properties Pricing data PricingProperties
scope Use when creating a resource at a scope that is different than the deployment scope. Set this property to the symbolic name of a resource to apply the extension resource.

PricingProperties

Name Description Value
enforce If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. 'False'
'True'
extensions Optional. List of extensions offered under a plan. Extension[]
pricingTier Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. 'Free'
'Standard' (required)
subPlan The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. string

ARM template resource definition

The pricings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/pricings resource, add the following JSON to your template.

{
  "type": "Microsoft.Security/pricings",
  "apiVersion": "2024-01-01",
  "name": "string",
  "properties": {
    "enforce": "string",
    "extensions": [
      {
        "additionalExtensionProperties": {
          "{customized property}": {}
        },
        "isEnabled": "string",
        "name": "string"
      }
    ],
    "pricingTier": "string",
    "subPlan": "string"
  }
}

Property values

Extension

Name Description Value
additionalExtensionProperties Property values associated with the extension. ExtensionAdditionalExtensionProperties
isEnabled Indicates whether the extension is enabled. 'False'
'True' (required)
name The extension name. Supported values are:

AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.
Available for CloudPosture plan and Containers plan.

OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
Available for StorageAccounts plan (DefenderForStorageV2 sub plans).

SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.

ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.
Available for CloudPosture plan and Containers plan.

MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure
Available for VirtualMachines plan (P1 and P2 sub plans).

AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here /azure/defender-for-cloud/concept-agentless-data-collection.
Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.

EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.
Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here /azure/defender-for-cloud/permissions-management.
Available for CloudPosture plan.

FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.
Windows registries, Linux system files, in real time, for changes that might indicate an attack.
Available for VirtualMachines plan (P2 sub plan).

ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.
Available for Containers plan.

AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.
Available for AI plan.

string (required)

ExtensionAdditionalExtensionProperties

Name Description Value

Microsoft.Security/pricings

Name Description Value
apiVersion The api version '2024-01-01'
name The resource name string (required)
properties Pricing data PricingProperties
type The resource type 'Microsoft.Security/pricings'

PricingProperties

Name Description Value
enforce If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. 'False'
'True'
extensions Optional. List of extensions offered under a plan. Extension[]
pricingTier Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. 'Free'
'Standard' (required)
subPlan The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. string

Terraform (AzAPI provider) resource definition

The pricings resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.Security/pricings resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.Security/pricings@2024-01-01"
  name = "string"
  parent_id = "string"
  body = jsonencode({
    properties = {
      enforce = "string"
      extensions = [
        {
          additionalExtensionProperties = {
            {customized property} = ?
          }
          isEnabled = "string"
          name = "string"
        }
      ]
      pricingTier = "string"
      subPlan = "string"
    }
  })
}

Property values

Extension

Name Description Value
additionalExtensionProperties Property values associated with the extension. ExtensionAdditionalExtensionProperties
isEnabled Indicates whether the extension is enabled. 'False'
'True' (required)
name The extension name. Supported values are:

AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.
Available for CloudPosture plan and Containers plan.

OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
Available for StorageAccounts plan (DefenderForStorageV2 sub plans).

SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.

ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.
Available for CloudPosture plan and Containers plan.

MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure
Available for VirtualMachines plan (P1 and P2 sub plans).

AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here /azure/defender-for-cloud/concept-agentless-data-collection.
Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.

EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.
Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here /azure/defender-for-cloud/permissions-management.
Available for CloudPosture plan.

FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.
Windows registries, Linux system files, in real time, for changes that might indicate an attack.
Available for VirtualMachines plan (P2 sub plan).

ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.
Available for Containers plan.

AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.
Available for AI plan.

string (required)

ExtensionAdditionalExtensionProperties

Name Description Value

Microsoft.Security/pricings

Name Description Value
name The resource name string (required)
parent_id The ID of the resource to apply this extension resource to. string (required)
properties Pricing data PricingProperties
type The resource type "Microsoft.Security/pricings@2024-01-01"

PricingProperties

Name Description Value
enforce If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing. 'False'
'True'
extensions Optional. List of extensions offered under a plan. Extension[]
pricingTier Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. 'Free'
'Standard' (required)
subPlan The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported. string