1. Packages
  2. Packages
  3. Azure Native
  4. API Docs
  5. security
  6. getPricing
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Viewing docs for Azure Native v3.20.0
published on Thursday, Jul 9, 2026 by Pulumi
azure-native logo
This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
Viewing docs for Azure Native v3.20.0
published on Thursday, Jul 9, 2026 by Pulumi

    Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are ‘VirtualMachines, VMSS and ARC Machines’.

    Uses Azure REST API version 2024-01-01.

    Other available API versions: 2025-10-01-preview. These can be accessed by generating a local SDK package using the CLI command pulumi package add azure-native security [ApiVersion]. See the version guide for details.

    Using getPricing

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getPricing(args: GetPricingArgs, opts?: InvokeOptions): Promise<GetPricingResult>
    function getPricingOutput(args: GetPricingOutputArgs, opts?: InvokeOptions): Output<GetPricingResult>
    def get_pricing(pricing_name: Optional[str] = None,
                    scope_id: Optional[str] = None,
                    opts: Optional[InvokeOptions] = None) -> GetPricingResult
    def get_pricing_output(pricing_name: pulumi.Input[Optional[str]] = None,
                    scope_id: pulumi.Input[Optional[str]] = None,
                    opts: Optional[InvokeOptions] = None) -> Output[GetPricingResult]
    func LookupPricing(ctx *Context, args *LookupPricingArgs, opts ...InvokeOption) (*LookupPricingResult, error)
    func LookupPricingOutput(ctx *Context, args *LookupPricingOutputArgs, opts ...InvokeOption) LookupPricingResultOutput

    > Note: This function is named LookupPricing in the Go SDK.

    public static class GetPricing 
    {
        public static Task<GetPricingResult> InvokeAsync(GetPricingArgs args, InvokeOptions? opts = null)
        public static Output<GetPricingResult> Invoke(GetPricingInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetPricingResult> getPricing(GetPricingArgs args, InvokeOptions options)
    public static Output<GetPricingResult> getPricing(GetPricingArgs args, InvokeOptions options)
    
    fn::invoke:
      function: azure-native:security:getPricing
      arguments:
        # arguments dictionary
    data "azure-native_security_getpricing" "name" {
        # arguments
    }

    The following arguments are supported:

    PricingName string
    name of the pricing configuration
    ScopeId string
    The fully qualified Azure Resource manager identifier of the resource.
    PricingName string
    name of the pricing configuration
    ScopeId string
    The fully qualified Azure Resource manager identifier of the resource.
    pricing_name string
    name of the pricing configuration
    scope_id string
    The fully qualified Azure Resource manager identifier of the resource.
    pricingName String
    name of the pricing configuration
    scopeId String
    The fully qualified Azure Resource manager identifier of the resource.
    pricingName string
    name of the pricing configuration
    scopeId string
    The fully qualified Azure Resource manager identifier of the resource.
    pricing_name str
    name of the pricing configuration
    scope_id str
    The fully qualified Azure Resource manager identifier of the resource.
    pricingName String
    name of the pricing configuration
    scopeId String
    The fully qualified Azure Resource manager identifier of the resource.

    getPricing Result

    The following output properties are available:

    AzureApiVersion string
    The Azure API version of the resource.
    Deprecated bool
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    EnablementTime string
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    FreeTrialRemainingTime string
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    Id string
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    Inherited string
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    InheritedFrom string
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    Name string
    The name of the resource
    PricingTier string
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    ReplacedBy List<string>
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    ResourcesCoverageStatus string
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    SystemData Pulumi.AzureNative.Security.Outputs.SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Enforce string
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    Extensions List<Pulumi.AzureNative.Security.Outputs.ExtensionResponse>
    Optional. List of extensions offered under a plan.
    SubPlan string
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    AzureApiVersion string
    The Azure API version of the resource.
    Deprecated bool
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    EnablementTime string
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    FreeTrialRemainingTime string
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    Id string
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    Inherited string
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    InheritedFrom string
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    Name string
    The name of the resource
    PricingTier string
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    ReplacedBy []string
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    ResourcesCoverageStatus string
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    SystemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    Type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    Enforce string
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    Extensions []ExtensionResponse
    Optional. List of extensions offered under a plan.
    SubPlan string
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    azure_api_version string
    The Azure API version of the resource.
    deprecated bool
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    enablement_time string
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    free_trial_remaining_time string
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    id string
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    inherited string
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    inherited_from string
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    name string
    The name of the resource
    pricing_tier string
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    replaced_by list(string)
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    resources_coverage_status string
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    system_data object
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    enforce string
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    extensions list(object)
    Optional. List of extensions offered under a plan.
    sub_plan string
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    azureApiVersion String
    The Azure API version of the resource.
    deprecated Boolean
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    enablementTime String
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    freeTrialRemainingTime String
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    id String
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    inherited String
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    inheritedFrom String
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    name String
    The name of the resource
    pricingTier String
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    replacedBy List<String>
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    resourcesCoverageStatus String
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    enforce String
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    extensions List<ExtensionResponse>
    Optional. List of extensions offered under a plan.
    subPlan String
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    azureApiVersion string
    The Azure API version of the resource.
    deprecated boolean
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    enablementTime string
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    freeTrialRemainingTime string
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    id string
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    inherited string
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    inheritedFrom string
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    name string
    The name of the resource
    pricingTier string
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    replacedBy string[]
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    resourcesCoverageStatus string
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    systemData SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type string
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    enforce string
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    extensions ExtensionResponse[]
    Optional. List of extensions offered under a plan.
    subPlan string
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    azure_api_version str
    The Azure API version of the resource.
    deprecated bool
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    enablement_time str
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    free_trial_remaining_time str
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    id str
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    inherited str
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    inherited_from str
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    name str
    The name of the resource
    pricing_tier str
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    replaced_by Sequence[str]
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    resources_coverage_status str
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    system_data SystemDataResponse
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type str
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    enforce str
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    extensions Sequence[ExtensionResponse]
    Optional. List of extensions offered under a plan.
    sub_plan str
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.
    azureApiVersion String
    The Azure API version of the resource.
    deprecated Boolean
    Optional. True if the plan is deprecated. If there are replacing plans they will appear in replacedBy property
    enablementTime String
    Optional. If pricingTier is Standard then this property holds the date of the last time the pricingTier was set to Standard, when available (e.g 2023-03-01T12:42:42.1921106Z).
    freeTrialRemainingTime String
    The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S).
    id String
    Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
    inherited String
    "inherited" = "True" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the "inheritedFrom" field. On the other hand, "inherited" = "False" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.
    inheritedFrom String
    The id of the scope inherited from. "Null" if not inherited. This field is only available for resource-level pricing.
    name String
    The name of the resource
    pricingTier String
    Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.
    replacedBy List<String>
    Optional. List of plans that replace this plan. This property exists only if this plan is deprecated.
    resourcesCoverageStatus String
    This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The "pricingTier" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.
    systemData Property Map
    Azure Resource Manager metadata containing createdBy and modifiedBy information.
    type String
    The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"
    enforce String
    If set to "False", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited="False"). If set to "True", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.
    extensions List<Property Map>
    Optional. List of extensions offered under a plan.
    subPlan String
    The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported.

    Supporting Types

    CommonOperationStatusResponse

    Code string
    The operation status code.
    Message string
    Additional information regarding the success/failure of the operation.
    Code string
    The operation status code.
    Message string
    Additional information regarding the success/failure of the operation.
    code string
    The operation status code.
    message string
    Additional information regarding the success/failure of the operation.
    code String
    The operation status code.
    message String
    Additional information regarding the success/failure of the operation.
    code string
    The operation status code.
    message string
    Additional information regarding the success/failure of the operation.
    code str
    The operation status code.
    message str
    Additional information regarding the success/failure of the operation.
    code String
    The operation status code.
    message String
    Additional information regarding the success/failure of the operation.

    ExtensionResponse

    IsEnabled string
    Indicates whether the extension is enabled.
    Name string
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    OperationStatus Pulumi.AzureNative.Security.Inputs.CommonOperationStatusResponse
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    AdditionalExtensionProperties object
    Property values associated with the extension.
    IsEnabled string
    Indicates whether the extension is enabled.
    Name string
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    OperationStatus CommonOperationStatusResponse
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    AdditionalExtensionProperties interface{}
    Property values associated with the extension.
    is_enabled string
    Indicates whether the extension is enabled.
    name string
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    operation_status object
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    additional_extension_properties any
    Property values associated with the extension.
    isEnabled String
    Indicates whether the extension is enabled.
    name String
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    operationStatus CommonOperationStatusResponse
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    additionalExtensionProperties Object
    Property values associated with the extension.
    isEnabled string
    Indicates whether the extension is enabled.
    name string
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    operationStatus CommonOperationStatusResponse
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    additionalExtensionProperties any
    Property values associated with the extension.
    is_enabled str
    Indicates whether the extension is enabled.
    name str
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    operation_status CommonOperationStatusResponse
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    additional_extension_properties Any
    Property values associated with the extension.
    isEnabled String
    Indicates whether the extension is enabled.
    name String
    The extension name. Supported values are: AgentlessDiscoveryForKubernetes - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.Available for CloudPosture plan and Containers plan.OnUploadMalwareScanning - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.Available for StorageAccounts plan (DefenderForStorageV2 sub plans).SensitiveDataDiscovery - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.ContainerRegistriesVulnerabilityAssessments - Provides vulnerability management for images stored in your container registries.Available for CloudPosture plan and Containers plan.MdeDesignatedSubscription - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn't require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configureAvailable for VirtualMachines plan (P1 and P2 sub plans).AgentlessVmScanning - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.EntraPermissionsManagement - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.Available for CloudPosture plan. FileIntegrityMonitoring - File integrity monitoring (FIM), examines operating system files.Windows registries, Linux system files, in real time, for changes that might indicate an attack.Available for VirtualMachines plan (P2 sub plan). ContainerSensor - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.Available for Containers plan. AIPromptEvidence - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.Available for AI plan.
    operationStatus Property Map
    Optional. A status describing the success/failure of the extension's enablement/disablement operation.
    additionalExtensionProperties Any
    Property values associated with the extension.

    SystemDataResponse

    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    CreatedAt string
    The timestamp of resource creation (UTC).
    CreatedBy string
    The identity that created the resource.
    CreatedByType string
    The type of identity that created the resource.
    LastModifiedAt string
    The timestamp of resource last modification (UTC)
    LastModifiedBy string
    The identity that last modified the resource.
    LastModifiedByType string
    The type of identity that last modified the resource.
    created_at string
    The timestamp of resource creation (UTC).
    created_by string
    The identity that created the resource.
    created_by_type string
    The type of identity that created the resource.
    last_modified_at string
    The timestamp of resource last modification (UTC)
    last_modified_by string
    The identity that last modified the resource.
    last_modified_by_type string
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.
    createdAt string
    The timestamp of resource creation (UTC).
    createdBy string
    The identity that created the resource.
    createdByType string
    The type of identity that created the resource.
    lastModifiedAt string
    The timestamp of resource last modification (UTC)
    lastModifiedBy string
    The identity that last modified the resource.
    lastModifiedByType string
    The type of identity that last modified the resource.
    created_at str
    The timestamp of resource creation (UTC).
    created_by str
    The identity that created the resource.
    created_by_type str
    The type of identity that created the resource.
    last_modified_at str
    The timestamp of resource last modification (UTC)
    last_modified_by str
    The identity that last modified the resource.
    last_modified_by_type str
    The type of identity that last modified the resource.
    createdAt String
    The timestamp of resource creation (UTC).
    createdBy String
    The identity that created the resource.
    createdByType String
    The type of identity that created the resource.
    lastModifiedAt String
    The timestamp of resource last modification (UTC)
    lastModifiedBy String
    The identity that last modified the resource.
    lastModifiedByType String
    The type of identity that last modified the resource.

    Package Details

    Repository
    Azure Native pulumi/pulumi-azure-native
    License
    Apache-2.0
    azure-native logo
    This is the latest version of Azure Native. Use the Azure Native v2 docs if using the v2 version of this package.
    Viewing docs for Azure Native v3.20.0
    published on Thursday, Jul 9, 2026 by Pulumi

      Try Pulumi Cloud free.
      Your team will thank you.

      Start free trial