Review & Remediate API Recommendations

Implementation Effort: Medium
Reviewing and remediating API recommendations requires ongoing collaboration between security teams and API owners to assess findings, prioritize risks, and implement fixes.

User Impact: Low
All actions are handled by administrators and security teams; no direct user involvement is required.

Overview

Microsoft Defender for APIs continuously evaluates onboarded APIs and generates security recommendations to help organizations improve their API security posture. These recommendations are visible in the Microsoft Defender for Cloud portal and are based on real-time analysis of API configurations, traffic patterns, and exposure levels.

Common recommendations include:

• Enable Defender for APIs: Ensures APIs are protected with runtime threat detection 1.
• Onboard APIs to Defender for APIs: Required for visibility and protection 1.
• Remove unused API endpoints: APIs with no traffic for 30+ days should be retired to reduce attack surface 1.
• Enforce authentication: APIs should validate tokens, certificates, or subscription keys to prevent unauthorized access 1.
• Scope API subscriptions properly: Avoid assigning subscriptions to all APIs to minimize data exposure 1.

To remediate:

1. Open Microsoft Defender for Cloud.
2. Navigate to Recommendations under API Security.
3. Review each recommendation’s severity and impact.
4. Follow the guided remediation steps or use automation tools like Azure Policy, Power Automate, or Microsoft Sentinel for enforcement.

Neglecting to review and act on these recommendations can leave APIs vulnerable to misconfigurations, unauthorized access, and data leaks. This capability supports the Zero Trust principle of "Use least privilege access" by enforcing proper access controls and minimizing unnecessary exposure.

Reference

• Reference table for all API security recommendations
• Protect your APIs with Defender for APIs
• Protect APIs in API Management with Defender for APIs