Microsoft Defender for API Security – Estimate Your Plan Cost Easily

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

With cyber threats becoming more sophisticated, ensuring the security of your business-critical APIs is non-negotiable.

Microsoft Defender for Cloud introduces an efficient solution with its Defender for APIs feature, designed to provide comprehensive lifecycle protection, detection, and response coverage for your APIs. Defender for APIs is designed to help you protect your APIs from OWASP top API risks and empower you with the visibility needed to enhance your API security posture. With the ability to detect real-time threats swiftly, you're always a step ahead in responding to API security threats and triage.


The Importance of Selecting the Right Plan

To have comprehensive coverage of your APIs, It is crucial to onboard your APIM APIs into Defender for APIs plan by selecting the right entitlement and completing the second step of onboarding by actioning the onboarding recommendation, detailed here.

With five distinct pricing plans, each catering to varying entitlement limits and monthly fees, selecting the right plan for your Subscription(s) is vital. These plans are billed at the subscription level based on the total API traffic monitored monthly, ensuring that you're only billed for what you use, with a reset at the start of each billing cycle.


Estimating Your API Traffic for Optimal Pricing

Determining the most suitable plan requires an understanding of your historical Azure API Management (APIM) traffic usage.

To avoid such overages, accurately estimating your monthly API traffic is key.

Here's how to estimate your monthly API traffic within Azure API Management:

  • Navigate to the Azure API Management portal and access Metrics under the Monitoring menu.
  • Set the time range to the last 30 days and configure the following parameters:
    • Scope: Azure API Management Service Name
    • Metric Namespace: API Management service standard metrics
    • Metric: Requests
    • Aggregation: Sum

After these parameters are set, the system will automatically calculate the total number of requests for the past 30 days.

Understanding the structure of Microsoft Defender for APIs' plans and their respective overage costs is crucial for effective budgeting. Here's a detailed look at each plan and what you can expect in terms of overage pricing:


  • Defender for APIs Plan 1: Priced at $200 per month for up to 1 million API calls. For usage exceeding this limit, an overage price of $0.00020 per API transaction is applied.
  1. Microsoft Defender for APIs Plan 2: Available at $700 per month, this plan covers up to 5 million API calls. Should your subscription exceed this entitlement, you'll be charged an overage rate of $0.00014 per API transaction.
  2. Microsoft Defender for APIs Plan 3: This plan is set at $5,000 per month, accommodating up to 50 million API calls. For any amount over this cap, the overage cost is $0.00010 per API transaction.
  3. Microsoft Defender for APIs Plan 4: At $7,000 per month, this plan allows for up to 100 million API calls, with an overage charge of $0.00007 per API transaction for volumes beyond the plan's entitlement.
  4. Microsoft Defender for APIs Plan 5: The most extensive plan, priced at $50,000 per month, supports up to 1 billion API calls. Exceeding this limit incurs an overage fee of $0.00005 per API transaction.

These overage prices ensure that while you have the flexibility to exceed your plan's entitlement limit, you remain informed of the additional charges. It's advisable to regularly monitor your API traffic to manage costs effectively and consider upgrading your plan if your API usage consistently exceeds the allotted amount.

For organizations with multiple subscriptions and API Management services, estimating the total cost can be complex and time consuming. To facilitate this process, we've developed a PowerShell script that simplifies the estimation of monthly API traffic and associated costs. This script, available on our GitHub repository, is an important tool for forecasting your expenditure and selecting the most cost-effective plan for your needs.
The results are derived from data extracted from the past month, and the estimation is for the monthly cost. At the end of the script execution CSV file (AllSubscriptionsPlanRecommendation.csv) will be saved in the current directory.


You can find the PowerShell script here: Microsoft Defender for Cloud - Defender for APIs Plan Cost Estimator.


In conclusion, Microsoft Defender for Cloud's Defender for APIs feature is a game-changer in API security and cost management. By following the guidelines provided and utilizing the PowerShell script for cost estimations, you can ensure optimal protection and pricing for your API traffic. Embrace this opportunity to enhance your API security posture while effectively managing your expenses.



Preetham Anand Naik, Senior Product Manager, Microsoft Defender for Cloud

Walner Dort, Product Manager 2, Microsoft Defender for Cloud

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.