Advanced Threat Protection REST API Not Working

183 views Asked by At

We are trying to get the Advanced Threat Protection status of several resources in Azure, in order to achieve this we find out this API Advanced Threat Protection REST API - Get. However when we attempt to use is we get the following error message for all the resources except for Storage Accounts

"message": "Azure Defender for Data Services settings are not supported on resources of xxxxx"

Do you know if we should point to another API? Based on the following Azure Defender for Cloud we should have ATP available for the following resources:

  • Virtual Machines
  • Storage Accounts
  • SQL
  • Containers
  • App Service
  • Key Vault
  • Resource Manager
  • DNS
  • Open Source Relational Databases

But we were not able to query any of them

1

There are 1 answers

0
Matan Shabtay On

Advanced Threat Protection API is in only fact relevant for Azure Storage and CosmosDB resources, the API documentation needs an update.

For other resource types (.e.g. Virtual Machines), there is no central API for advanced threat protection. Instead, there's a bundle of features / APIs that is part of the advanced protection suite for that resource type.

In case of Virtual Machines, the bundle contains Just-in-time network access policies, Adaptive application controls, Adaptive network hardening, Network map. You see the full list here: https://learn.microsoft.com/en-us/azure/defender-for-cloud/supported-machines-endpoint-solutions-clouds?tabs=features-windows