azure-native.security.Pricing
Explore with Pulumi AI
Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features. Azure REST API version: 2024-01-01.
Example Usage
Update pricing on resource (example for VirtualMachines plan)
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var pricing = new AzureNative.Security.Pricing("pricing", new()
{
PricingName = "virtualMachines",
PricingTier = AzureNative.Security.PricingTier.Standard,
ScopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
SubPlan = "P1",
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewPricing(ctx, "pricing", &security.PricingArgs{
PricingName: pulumi.String("virtualMachines"),
PricingTier: pulumi.String(security.PricingTierStandard),
ScopeId: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1"),
SubPlan: pulumi.String("P1"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.Pricing;
import com.pulumi.azurenative.security.PricingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pricing = new Pricing("pricing", PricingArgs.builder()
.pricingName("virtualMachines")
.pricingTier("Standard")
.scopeId("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1")
.subPlan("P1")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
pricing = azure_native.security.Pricing("pricing",
pricing_name="virtualMachines",
pricing_tier=azure_native.security.PricingTier.STANDARD,
scope_id="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
sub_plan="P1")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const pricing = new azure_native.security.Pricing("pricing", {
pricingName: "virtualMachines",
pricingTier: azure_native.security.PricingTier.Standard,
scopeId: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
subPlan: "P1",
});
resources:
pricing:
type: azure-native:security:Pricing
properties:
pricingName: virtualMachines
pricingTier: Standard
scopeId: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1
subPlan: P1
Update pricing on subscription (example for CloudPosture plan)
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var pricing = new AzureNative.Security.Pricing("pricing", new()
{
PricingName = "CloudPosture",
PricingTier = AzureNative.Security.PricingTier.Standard,
ScopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewPricing(ctx, "pricing", &security.PricingArgs{
PricingName: pulumi.String("CloudPosture"),
PricingTier: pulumi.String(security.PricingTierStandard),
ScopeId: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.Pricing;
import com.pulumi.azurenative.security.PricingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pricing = new Pricing("pricing", PricingArgs.builder()
.pricingName("CloudPosture")
.pricingTier("Standard")
.scopeId("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
pricing = azure_native.security.Pricing("pricing",
pricing_name="CloudPosture",
pricing_tier=azure_native.security.PricingTier.STANDARD,
scope_id="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const pricing = new azure_native.security.Pricing("pricing", {
pricingName: "CloudPosture",
pricingTier: azure_native.security.PricingTier.Standard,
scopeId: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
});
resources:
pricing:
type: azure-native:security:Pricing
properties:
pricingName: CloudPosture
pricingTier: Standard
scopeId: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
Update pricing on subscription (example for CloudPosture plan) - partial success
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var pricing = new AzureNative.Security.Pricing("pricing", new()
{
PricingName = "CloudPosture",
PricingTier = AzureNative.Security.PricingTier.Standard,
ScopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewPricing(ctx, "pricing", &security.PricingArgs{
PricingName: pulumi.String("CloudPosture"),
PricingTier: pulumi.String(security.PricingTierStandard),
ScopeId: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.Pricing;
import com.pulumi.azurenative.security.PricingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pricing = new Pricing("pricing", PricingArgs.builder()
.pricingName("CloudPosture")
.pricingTier("Standard")
.scopeId("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
pricing = azure_native.security.Pricing("pricing",
pricing_name="CloudPosture",
pricing_tier=azure_native.security.PricingTier.STANDARD,
scope_id="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const pricing = new azure_native.security.Pricing("pricing", {
pricingName: "CloudPosture",
pricingTier: azure_native.security.PricingTier.Standard,
scopeId: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
});
resources:
pricing:
type: azure-native:security:Pricing
properties:
pricingName: CloudPosture
pricingTier: Standard
scopeId: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
Update pricing on subscription (example for VirtualMachines plan)
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureNative = Pulumi.AzureNative;
return await Deployment.RunAsync(() =>
{
var pricing = new AzureNative.Security.Pricing("pricing", new()
{
Enforce = AzureNative.Security.Enforce.True,
PricingName = "VirtualMachines",
PricingTier = AzureNative.Security.PricingTier.Standard,
ScopeId = "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
SubPlan = "P2",
});
});
package main
import (
security "github.com/pulumi/pulumi-azure-native-sdk/security/v2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := security.NewPricing(ctx, "pricing", &security.PricingArgs{
Enforce: pulumi.String(security.EnforceTrue),
PricingName: pulumi.String("VirtualMachines"),
PricingTier: pulumi.String(security.PricingTierStandard),
ScopeId: pulumi.String("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"),
SubPlan: pulumi.String("P2"),
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azurenative.security.Pricing;
import com.pulumi.azurenative.security.PricingArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var pricing = new Pricing("pricing", PricingArgs.builder()
.enforce("True")
.pricingName("VirtualMachines")
.pricingTier("Standard")
.scopeId("subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23")
.subPlan("P2")
.build());
}
}
import pulumi
import pulumi_azure_native as azure_native
pricing = azure_native.security.Pricing("pricing",
enforce=azure_native.security.Enforce.TRUE,
pricing_name="VirtualMachines",
pricing_tier=azure_native.security.PricingTier.STANDARD,
scope_id="subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
sub_plan="P2")
import * as pulumi from "@pulumi/pulumi";
import * as azure_native from "@pulumi/azure-native";
const pricing = new azure_native.security.Pricing("pricing", {
enforce: azure_native.security.Enforce.True,
pricingName: "VirtualMachines",
pricingTier: azure_native.security.PricingTier.Standard,
scopeId: "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
subPlan: "P2",
});
resources:
pricing:
type: azure-native:security:Pricing
properties:
enforce: True
pricingName: VirtualMachines
pricingTier: Standard
scopeId: subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23
subPlan: P2
Create Pricing Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Pricing(name: string, args: PricingArgs, opts?: CustomResourceOptions);
@overload
def Pricing(resource_name: str,
args: PricingArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Pricing(resource_name: str,
opts: Optional[ResourceOptions] = None,
pricing_tier: Optional[Union[str, PricingTier]] = None,
scope_id: Optional[str] = None,
enforce: Optional[Union[str, Enforce]] = None,
extensions: Optional[Sequence[ExtensionArgs]] = None,
pricing_name: Optional[str] = None,
sub_plan: Optional[str] = None)
func NewPricing(ctx *Context, name string, args PricingArgs, opts ...ResourceOption) (*Pricing, error)
public Pricing(string name, PricingArgs args, CustomResourceOptions? opts = null)
public Pricing(String name, PricingArgs args)
public Pricing(String name, PricingArgs args, CustomResourceOptions options)
type: azure-native:security:Pricing
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args PricingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args PricingArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args PricingArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args PricingArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args PricingArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var pricingResource = new AzureNative.Security.Pricing("pricingResource", new()
{
PricingTier = "string",
ScopeId = "string",
Enforce = "string",
Extensions = new[]
{
new AzureNative.Security.Inputs.ExtensionArgs
{
IsEnabled = "string",
Name = "string",
AdditionalExtensionProperties = "any",
},
},
PricingName = "string",
SubPlan = "string",
});
example, err := security.NewPricing(ctx, "pricingResource", &security.PricingArgs{
PricingTier: pulumi.String("string"),
ScopeId: pulumi.String("string"),
Enforce: pulumi.String("string"),
Extensions: security.ExtensionArray{
&security.ExtensionArgs{
IsEnabled: pulumi.String("string"),
Name: pulumi.String("string"),
AdditionalExtensionProperties: pulumi.Any("any"),
},
},
PricingName: pulumi.String("string"),
SubPlan: pulumi.String("string"),
})
var pricingResource = new Pricing("pricingResource", PricingArgs.builder()
.pricingTier("string")
.scopeId("string")
.enforce("string")
.extensions(ExtensionArgs.builder()
.isEnabled("string")
.name("string")
.additionalExtensionProperties("any")
.build())
.pricingName("string")
.subPlan("string")
.build());
pricing_resource = azure_native.security.Pricing("pricingResource",
pricing_tier="string",
scope_id="string",
enforce="string",
extensions=[{
"is_enabled": "string",
"name": "string",
"additional_extension_properties": "any",
}],
pricing_name="string",
sub_plan="string")
const pricingResource = new azure_native.security.Pricing("pricingResource", {
pricingTier: "string",
scopeId: "string",
enforce: "string",
extensions: [{
isEnabled: "string",
name: "string",
additionalExtensionProperties: "any",
}],
pricingName: "string",
subPlan: "string",
});
type: azure-native:security:Pricing
properties:
enforce: string
extensions:
- additionalExtensionProperties: any
isEnabled: string
name: string
pricingName: string
pricingTier: string
scopeId: string
subPlan: string
Pricing Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Pricing resource accepts the following input properties:
- Pricing
Tier string | Pulumi.Azure Native. Security. Pricing Tier - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- Scope
Id string - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- Enforce
string | Pulumi.
Azure Native. Security. Enforce - If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- Extensions
List<Pulumi.
Azure Native. Security. Inputs. Extension> - Optional. List of extensions offered under a plan.
- Pricing
Name string - name of the pricing configuration
- Sub
Plan string - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
- Pricing
Tier string | PricingTier - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- Scope
Id string - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- Enforce string | Enforce
- If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- Extensions
[]Extension
Args - Optional. List of extensions offered under a plan.
- Pricing
Name string - name of the pricing configuration
- Sub
Plan string - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
- pricing
Tier String | PricingTier - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- scope
Id String - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- enforce String | Enforce
- If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- extensions List<Extension>
- Optional. List of extensions offered under a plan.
- pricing
Name String - name of the pricing configuration
- sub
Plan String - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
- pricing
Tier string | PricingTier - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- scope
Id string - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- enforce string | Enforce
- If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- extensions Extension[]
- Optional. List of extensions offered under a plan.
- pricing
Name string - name of the pricing configuration
- sub
Plan string - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
- pricing_
tier str | PricingTier - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- scope_
id str - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- enforce str | Enforce
- If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- extensions
Sequence[Extension
Args] - Optional. List of extensions offered under a plan.
- pricing_
name str - name of the pricing configuration
- sub_
plan str - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
- pricing
Tier String | "Free" | "Standard" - Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
- scope
Id String - The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)
- enforce String | "False" | "True"
- If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
- extensions List<Property Map>
- Optional. List of extensions offered under a plan.
- pricing
Name String - name of the pricing configuration
- sub
Plan String - The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
Outputs
All input properties are implicitly available as output properties. Additionally, the Pricing resource produces the following output properties:
- Deprecated bool
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - Enablement
Time string - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - Free
Trial stringRemaining Time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- Id string
- The provider-assigned unique ID for this managed resource.
- Inherited string
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- Inherited
From string - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- Name string
- Resource name
- Replaced
By List<string> - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- Resources
Coverage stringStatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- Type string
- Resource type
- Deprecated bool
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - Enablement
Time string - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - Free
Trial stringRemaining Time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- Id string
- The provider-assigned unique ID for this managed resource.
- Inherited string
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- Inherited
From string - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- Name string
- Resource name
- Replaced
By []string - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- Resources
Coverage stringStatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- Type string
- Resource type
- deprecated Boolean
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - enablement
Time String - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - free
Trial StringRemaining Time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- id String
- The provider-assigned unique ID for this managed resource.
- inherited String
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- inherited
From String - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- name String
- Resource name
- replaced
By List<String> - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- resources
Coverage StringStatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- type String
- Resource type
- deprecated boolean
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - enablement
Time string - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - free
Trial stringRemaining Time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- id string
- The provider-assigned unique ID for this managed resource.
- inherited string
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- inherited
From string - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- name string
- Resource name
- replaced
By string[] - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- resources
Coverage stringStatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- type string
- Resource type
- deprecated bool
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - enablement_
time str - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - free_
trial_ strremaining_ time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- id str
- The provider-assigned unique ID for this managed resource.
- inherited str
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- inherited_
from str - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- name str
- Resource name
- replaced_
by Sequence[str] - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- resources_
coverage_ strstatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- type str
- Resource type
- deprecated Boolean
- Optional. True if the plan is deprecated. If there are replacing plans they will appear in
replacedBy
property - enablement
Time String - Optional. If
pricingTier
isStandard
then this property holds the date of the last time thepricingTier
was set toStandard
, when available (e.g 2023-03-01T12:42:42.1921106Z). - free
Trial StringRemaining Time - The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
- id String
- The provider-assigned unique ID for this managed resource.
- inherited String
- "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
- inherited
From String - The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
- name String
- Resource name
- replaced
By List<String> - Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
- resources
Coverage StringStatus - This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
- type String
- Resource type
Supporting Types
Enforce, EnforceArgs
- False
- FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- True
- TruePrevents overrides and forces the current scope's pricing configuration to all descendants
- Enforce
False - FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- Enforce
True - TruePrevents overrides and forces the current scope's pricing configuration to all descendants
- False
- FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- True
- TruePrevents overrides and forces the current scope's pricing configuration to all descendants
- False
- FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- True
- TruePrevents overrides and forces the current scope's pricing configuration to all descendants
- FALSE
- FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- TRUE
- TruePrevents overrides and forces the current scope's pricing configuration to all descendants
- "False"
- FalseAllows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False")
- "True"
- TruePrevents overrides and forces the current scope's pricing configuration to all descendants
Extension, ExtensionArgs
- Is
Enabled string | Pulumi.Azure Native. Security. Is Enabled - Indicates whether the extension is enabled.
- Name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- Additional
Extension objectProperties - Property values associated with the extension.
- Is
Enabled string | IsEnabled - Indicates whether the extension is enabled.
- Name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- Additional
Extension interface{}Properties - Property values associated with the extension.
- is
Enabled String | IsEnabled - Indicates whether the extension is enabled.
- name String
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- additional
Extension ObjectProperties - Property values associated with the extension.
- is
Enabled string | IsEnabled - Indicates whether the extension is enabled.
- name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- additional
Extension anyProperties - Property values associated with the extension.
- is_
enabled str | IsEnabled - Indicates whether the extension is enabled.
- name str
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- additional_
extension_ Anyproperties - Property values associated with the extension.
- is
Enabled String | "True" | "False" - Indicates whether the extension is enabled.
- name String
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- additional
Extension AnyProperties - Property values associated with the extension.
ExtensionResponse, ExtensionResponseArgs
- Is
Enabled string - Indicates whether the extension is enabled.
- Name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- Operation
Status Pulumi.Azure Native. Security. Inputs. Operation Status Response - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- Additional
Extension objectProperties - Property values associated with the extension.
- Is
Enabled string - Indicates whether the extension is enabled.
- Name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- Operation
Status OperationStatus Response - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- Additional
Extension interface{}Properties - Property values associated with the extension.
- is
Enabled String - Indicates whether the extension is enabled.
- name String
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- operation
Status OperationStatus Response - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- additional
Extension ObjectProperties - Property values associated with the extension.
- is
Enabled string - Indicates whether the extension is enabled.
- name string
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- operation
Status OperationStatus Response - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- additional
Extension anyProperties - Property values associated with the extension.
- is_
enabled str - Indicates whether the extension is enabled.
- name str
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- operation_
status OperationStatus Response - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- additional_
extension_ Anyproperties - Property values associated with the extension.
- is
Enabled String - Indicates whether the extension is enabled.
- name String
- The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
- operation
Status Property Map - Optional. A status describing the success/failure of the extension's enablement/disablement operation.
- additional
Extension AnyProperties - Property values associated with the extension.
IsEnabled, IsEnabledArgs
- True
- TrueIndicates the extension is enabled
- False
- FalseIndicates the extension is disabled
- Is
Enabled True - TrueIndicates the extension is enabled
- Is
Enabled False - FalseIndicates the extension is disabled
- True
- TrueIndicates the extension is enabled
- False
- FalseIndicates the extension is disabled
- True
- TrueIndicates the extension is enabled
- False
- FalseIndicates the extension is disabled
- TRUE
- TrueIndicates the extension is enabled
- FALSE
- FalseIndicates the extension is disabled
- "True"
- TrueIndicates the extension is enabled
- "False"
- FalseIndicates the extension is disabled
OperationStatusResponse, OperationStatusResponseArgs
PricingTier, PricingTierArgs
- Free
- FreeGet free Microsoft Defender for Cloud experience with basic security features
- Standard
- StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
- Pricing
Tier Free - FreeGet free Microsoft Defender for Cloud experience with basic security features
- Pricing
Tier Standard - StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
- Free
- FreeGet free Microsoft Defender for Cloud experience with basic security features
- Standard
- StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
- Free
- FreeGet free Microsoft Defender for Cloud experience with basic security features
- Standard
- StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
- FREE
- FreeGet free Microsoft Defender for Cloud experience with basic security features
- STANDARD
- StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
- "Free"
- FreeGet free Microsoft Defender for Cloud experience with basic security features
- "Standard"
- StandardGet the standard Microsoft Defender for Cloud experience with advanced security features
Import
An existing resource can be imported using its type token, name, and identifier, e.g.
$ pulumi import azure-native:security:Pricing VirtualMachines /{scopeId}/providers/Microsoft.Security/pricings/{pricingName}
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure Native pulumi/pulumi-azure-native
- License
- Apache-2.0