Anthropic-Cybersecurity-Skills/skills/securing-azure-with-microsoft-defender/references/api-reference.md

API Reference: Securing Azure with Microsoft Defender

Azure CLI Security Commands

Defender Plans

az security pricing list                    # List all Defender plan statuses
az security pricing create --name <plan> --tier Standard  # Enable a plan

Secure Score

az security secure-score list               # Get current secure score
az security secure-score-controls list      # List score control categories

Assessments

az security assessment list                 # List all security assessments
az security assessment show --name <id>     # Get assessment details

Alerts

az security alert list                      # List active security alerts
az security alert update --name <id> --status Dismissed  # Update alert status

Security Contacts

az security contact create --name default --email soc@company.com --alert-notifications on

Azure Resource Graph (Attack Paths)

az graph query -q "securityresources | where type == 'microsoft.security/attackpaths'"

Defender Plan Names

Plan Name	Protection Scope
VirtualMachines	Servers (P1/P2)
Containers	AKS, ACR, container runtime
StorageAccounts	Blob, File, Queue storage
SqlServers	Azure SQL Database
CosmosDbs	Cosmos DB accounts
KeyVaults	Key Vault operations
AppServices	App Service/Functions
Dns	DNS layer protection
Arm	Azure Resource Manager

JIT VM Access

az security jit-policy create --resource-group <rg> --location <loc> --name default \
  --virtual-machines '[{"id": "<vm-resource-id>", "ports": [{"number": 22, ...}]}]'

References

• Defender for Cloud docs: https://learn.microsoft.com/en-us/azure/defender-for-cloud/
• Azure CLI security reference: https://learn.microsoft.com/en-us/cli/azure/security
• Secure Score overview: https://learn.microsoft.com/en-us/azure/defender-for-cloud/secure-score-security-controls