Onboard APIs

Implementation Effort: Medium
Onboarding APIs involves enabling the Defender for APIs plan at the subscription level and configuring API Management instances, which requires coordination between security and platform teams.

User Impact: Low
Only administrators and security teams are involved in onboarding; no end-user action is required.

Overview

Onboarding APIs into Microsoft Defender for APIs is a two-step process that ensures your APIs are monitored and protected against threats. First, you must enable the Defender for APIs plan at the Azure subscription level. This activates the protection service and allows you to select a pricing plan based on your expected API traffic volume. Second, you must onboard the APIs themselves by addressing onboarding recommendations in Microsoft Defender for Cloud or directly through Azure API Management.

Only APIs published through Azure API Management are eligible for protection. Once onboarded, Defender for APIs provides visibility into API usage, detects threats, and offers security posture recommendations. If APIs are not onboarded, they remain unprotected, leaving potential gaps in your API security strategy.

This onboarding process supports the Zero Trust principle of "Assume breach" by ensuring all APIs are monitored for anomalies and threats in real time.

Reference

• Protect your APIs with Defender for APIs
• Protect APIs in API Management with Defender for APIs
• Overview of the Microsoft Defender for APIs plan