diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/common/v1/types.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/common/v1/types.json
new file mode 100644
index 000000000000..485504fe76f6
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/common/v1/types.json
@@ -0,0 +1,482 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "version": "v1",
+ "title": "Common types"
+ },
+ "paths": {},
+ "definitions": {
+ "CloudError": {
+ "x-ms-external": true,
+ "type": "object",
+ "description": "Common error response for all Azure Resource Manager APIs to return error details for failed operations. (This also follows the OData error response format.).",
+ "properties": {
+ "error": {
+ "x-ms-client-flatten": true,
+ "description": "The error object.",
+ "$ref": "#/definitions/CloudErrorBody"
+ }
+ }
+ },
+ "CloudErrorBody": {
+ "x-ms-external": true,
+ "type": "object",
+ "description": "The error detail.",
+ "properties": {
+ "code": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The error code."
+ },
+ "message": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The error message."
+ },
+ "target": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The error target."
+ },
+ "details": {
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/CloudErrorBody"
+ },
+ "description": "The error details."
+ },
+ "additionalInfo": {
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/ErrorAdditionalInfo"
+ },
+ "description": "The error additional info."
+ }
+ }
+ },
+ "ErrorAdditionalInfo": {
+ "properties": {
+ "type": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The additional info type."
+ },
+ "info": {
+ "readOnly": true,
+ "type": "object",
+ "description": "The additional info."
+ }
+ },
+ "description": "The resource management error additional info."
+ },
+ "Resource": {
+ "type": "object",
+ "description": "Describes an Azure resource.",
+ "properties": {
+ "id": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Resource Id"
+ },
+ "name": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Resource name"
+ },
+ "type": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Resource type"
+ }
+ },
+ "x-ms-azure-resource": true
+ },
+ "TrackedResource": {
+ "type": "object",
+ "description": "Describes an Azure tracked resource.",
+ "allOf": [
+ {
+ "$ref": "#/definitions/Resource"
+ },
+ {
+ "$ref": "#/definitions/AzureTrackedResourceLocation"
+ },
+ {
+ "$ref": "#/definitions/Kind"
+ },
+ {
+ "$ref": "#/definitions/ETag"
+ },
+ {
+ "$ref": "#/definitions/Tags"
+ }
+ ]
+ },
+ "ETag": {
+ "type": "object",
+ "description": "Entity tag is used for comparing two or more entities from the same requested resource.",
+ "properties": {
+ "etag": {
+ "type": "string",
+ "description": "Entity tag is used for comparing two or more entities from the same requested resource."
+ }
+ }
+ },
+ "Tags": {
+ "type": "object",
+ "description": "A list of key value pairs that describe the resource.",
+ "properties": {
+ "tags": {
+ "type": "object",
+ "description": "A list of key value pairs that describe the resource.",
+ "additionalProperties": {
+ "type": "string"
+ }
+ }
+ }
+ },
+ "Kind": {
+ "type": "object",
+ "description": "Describes an Azure resource with kind",
+ "properties": {
+ "kind": {
+ "type": "string",
+ "description": "Kind of the resource"
+ }
+ }
+ },
+ "Location": {
+ "type": "object",
+ "description": "Describes an Azure resource with location",
+ "properties": {
+ "location": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Location where the resource is stored"
+ }
+ }
+ },
+ "AzureTrackedResourceLocation": {
+ "type": "object",
+ "description": "Describes an Azure resource with location",
+ "properties": {
+ "location": {
+ "type": "string",
+ "description": "Location where the resource is stored"
+ }
+ }
+ },
+ "AscLocationList": {
+ "type": "object",
+ "description": "List of locations where ASC saves your data",
+ "properties": {
+ "value": {
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/AscLocation"
+ }
+ },
+ "nextLink": {
+ "readOnly": true,
+ "type": "string",
+ "description": "The URI to fetch the next page."
+ }
+ }
+ },
+ "AscLocation": {
+ "type": "object",
+ "description": "The ASC location of the subscription is in the \"name\" field",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "$ref": "#/definitions/AscLocationProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "#/definitions/Resource"
+ }
+ ]
+ },
+ "AscLocationProperties": {
+ "type": "object",
+ "description": "An empty set of properties"
+ },
+ "ResourceDetails": {
+ "type": "object",
+ "description": "Details of the resource that was assessed",
+ "discriminator": "source",
+ "properties": {
+ "source": {
+ "type": "string",
+ "description": "The platform where the assessed resource resides",
+ "enum": [
+ "Azure",
+ "OnPremise",
+ "OnPremiseSql"
+ ],
+ "x-ms-enum": {
+ "name": "source",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Azure",
+ "description": "Resource is in Azure"
+ },
+ {
+ "value": "OnPremise",
+ "description": "Resource in an on premise machine connected to Azure cloud"
+ },
+ {
+ "value": "OnPremiseSql",
+ "description": "SQL Resource in an on premise machine connected to Azure cloud"
+ }
+ ]
+ }
+ }
+ },
+ "required": [
+ "source"
+ ]
+ },
+ "AzureResourceDetails": {
+ "type": "object",
+ "description": "Details of the Azure resource that was assessed",
+ "x-ms-discriminator-value": "Azure",
+ "allOf": [
+ {
+ "$ref": "#/definitions/ResourceDetails"
+ }
+ ],
+ "properties": {
+ "id": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Azure resource Id of the assessed resource"
+ }
+ }
+ },
+ "OnPremiseResourceDetails": {
+ "type": "object",
+ "description": "Details of the On Premise resource that was assessed",
+ "x-ms-discriminator-value": "OnPremise",
+ "allOf": [
+ {
+ "$ref": "#/definitions/ResourceDetails"
+ }
+ ],
+ "properties": {
+ "workspaceId": {
+ "type": "string",
+ "description": "Azure resource Id of the workspace the machine is attached to"
+ },
+ "vmuuid": {
+ "type": "string",
+ "description": "The unique Id of the machine"
+ },
+ "sourceComputerId": {
+ "type": "string",
+ "description": "The oms agent Id installed on the machine"
+ },
+ "machineName": {
+ "type": "string",
+ "description": "The name of the machine"
+ }
+ },
+ "required": [
+ "workspaceId",
+ "vmuuid",
+ "sourceComputerId",
+ "machineName"
+ ]
+ },
+ "OnPremiseSqlResourceDetails": {
+ "type": "object",
+ "description": "Details of the On Premise Sql resource that was assessed",
+ "x-ms-discriminator-value": "OnPremiseSql",
+ "allOf": [
+ {
+ "$ref": "#/definitions/OnPremiseResourceDetails"
+ }
+ ],
+ "properties": {
+ "serverName": {
+ "type": "string",
+ "description": "The Sql server name installed on the machine"
+ },
+ "databaseName": {
+ "type": "string",
+ "description": "The Sql database name installed on the machine"
+ }
+ },
+ "required": [
+ "serverName",
+ "databaseName"
+ ]
+ },
+ "AzureResourceLinks": {
+ "description": "array of azure resource IDs",
+ "readOnly": true,
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/AzureResourceLink"
+ }
+ },
+ "AzureResourceLink": {
+ "type": "object",
+ "description": "Describes an Azure resource with kind",
+ "properties": {
+ "id": {
+ "readOnly": true,
+ "type": "string",
+ "description": "Azure resource Id"
+ }
+ }
+ },
+ "ExternalSecuritySolutionKind": {
+ "type": "object",
+ "description": "Describes an Azure resource with kind",
+ "properties": {
+ "kind": {
+ "type": "string",
+ "description": "The kind of the external solution",
+ "enum": [
+ "CEF",
+ "ATA",
+ "AAD"
+ ],
+ "x-ms-enum": {
+ "name": "ExternalSecuritySolutionKind",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "CEF"
+ },
+ {
+ "value": "ATA"
+ },
+ {
+ "value": "AAD"
+ }
+ ]
+ }
+ }
+ }
+ }
+ },
+ "parameters": {
+ "SubscriptionId": {
+ "name": "subscriptionId",
+ "in": "path",
+ "required": true,
+ "pattern": "^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$",
+ "type": "string",
+ "description": "Azure subscription ID"
+ },
+ "ManagementGroupId": {
+ "name": "managementGroupId",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "Azure Management Group ID"
+ },
+ "ResourceGroupName": {
+ "name": "resourceGroupName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The name of the resource group within the user's subscription. The name is case insensitive.",
+ "pattern": "^[-\\w\\._\\(\\)]+$",
+ "minLength": 1,
+ "maxLength": 90,
+ "x-ms-parameter-location": "method"
+ },
+ "ApiVersion": {
+ "name": "api-version",
+ "in": "query",
+ "required": true,
+ "type": "string",
+ "description": "API version for the operation"
+ },
+ "AscLocation": {
+ "name": "ascLocation",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The location where ASC stores the data of the subscription. can be retrieved from Get locations",
+ "x-ms-parameter-location": "method"
+ },
+ "ResourceId": {
+ "name": "resourceId",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The identifier of the resource.",
+ "x-ms-parameter-location": "method",
+ "x-ms-skip-url-encoding": true
+ },
+ "Scope": {
+ "name": "scope",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "Scope of the query, can be subscription (/subscriptions/0b06d9ea-afe6-4779-bd59-30e5c2d9d13f) or management group (/providers/Microsoft.Management/managementGroups/mgName).",
+ "x-ms-parameter-location": "method",
+ "x-ms-skip-url-encoding": true
+ },
+ "ScopeResourceId": {
+ "name": "scopeId",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The identifier of the resource, (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName})",
+ "x-ms-parameter-location": "method",
+ "x-ms-skip-url-encoding": true
+ },
+ "ScopeId": {
+ "name": "scopeId",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The scope id of the pricing. Valid scopes are: subscription (format: 'subscriptions/{subscriptionId}'), or a specific resource (format: 'subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}) - Supported resources are (VirtualMachines)",
+ "x-ms-parameter-location": "method",
+ "x-ms-skip-url-encoding": true
+ },
+ "ScopeIdSubscriptionOnly": {
+ "name": "scopeId",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "The subscription scope id for batch pricing operations. Only subscription-level scopes are supported for batch operations (format: 'subscriptions/{subscriptionId}')",
+ "x-ms-parameter-location": "method",
+ "x-ms-skip-url-encoding": true
+ },
+ "ODataFilter": {
+ "name": "$filter",
+ "in": "query",
+ "required": false,
+ "type": "string",
+ "description": "OData filter. Optional.",
+ "x-ms-parameter-location": "method"
+ },
+ "ODataSelect": {
+ "name": "$select",
+ "in": "query",
+ "required": false,
+ "type": "string",
+ "description": "OData select. Optional.",
+ "x-ms-parameter-location": "method"
+ },
+ "ODataExpand": {
+ "name": "$expand",
+ "in": "query",
+ "required": false,
+ "type": "string",
+ "description": "OData expand. Optional.",
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_PartialSuccess_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_PartialSuccess_example.json
new file mode 100644
index 000000000000..0b81145023a9
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_PartialSuccess_example.json
@@ -0,0 +1,120 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "batchPricingRequest": {
+ "plansConfigurations": [
+ {
+ "planName": "VirtualMachines",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "planName": "SqlServers",
+ "properties": {
+ "pricingTier": "Standard",
+ "extensions": [
+ {
+ "name": "InvalidExtension",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "planName": "CloudPosture",
+ "properties": {
+ "pricingTier": "Standard",
+ "extensions": [
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ }
+ ]
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "results": [
+ {
+ "planName": "VirtualMachines",
+ "success": true,
+ "result": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "planName": "SqlServers",
+ "success": false,
+ "errorMessage": "Extension 'InvalidExtension' is not supported for plan 'SqlServers'. Supported extensions: [AgentlessVmScanning, FileIntegrityMonitoring]"
+ },
+ {
+ "planName": "CloudPosture",
+ "success": true,
+ "result": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ }
+ }
+ ],
+ "summary": {
+ "totalRequested": 3,
+ "successfulUpdates": 2,
+ "failedUpdates": 1
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_Success_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_Success_example.json
new file mode 100644
index 000000000000..ed5e05d8324e
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/BatchUpdatePricings_Success_example.json
@@ -0,0 +1,205 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "batchPricingRequest": {
+ "plansConfigurations": [
+ {
+ "planName": "VirtualMachines",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True"
+ },
+ {
+ "name": "FileIntegrityMonitoring",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "detectionType": "WindowsFiles",
+ "workspace": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
+ }
+ }
+ ]
+ }
+ },
+ {
+ "planName": "StorageAccounts",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "DefenderForStorageV2",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "capGBPerMonth": "5000"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "planName": "CloudPosture",
+ "properties": {
+ "pricingTier": "Standard",
+ "extensions": [
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ }
+ ]
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "results": [
+ {
+ "planName": "VirtualMachines",
+ "success": true,
+ "result": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "FileIntegrityMonitoring",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "detectionType": "WindowsFiles",
+ "workspace": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/myRg/providers/Microsoft.OperationalInsights/workspaces/myWorkspace"
+ },
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "planName": "StorageAccounts",
+ "success": true,
+ "result": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts",
+ "name": "StorageAccounts",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "DefenderForStorageV2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "capGBPerMonth": "5000"
+ },
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ {
+ "planName": "CloudPosture",
+ "success": true,
+ "result": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ }
+ }
+ ],
+ "summary": {
+ "totalRequested": 3,
+ "successfulUpdates": 3,
+ "failedUpdates": 0
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricingByNameContainers_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricingByNameContainers_example.json
new file mode 100644
index 000000000000..0e4b5ea9f157
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricingByNameContainers_example.json
@@ -0,0 +1,15 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster",
+ "pricingName": "Containers"
+ },
+ "responses": {
+ "200": {
+ "message": "OK"
+ },
+ "204": {
+ "message": "Pricing does not exist"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricing_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricing_example.json
new file mode 100644
index 000000000000..166a29a1f0cf
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/DeleteResourcePricing_example.json
@@ -0,0 +1,15 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
+ "pricingName": "VirtualMachines"
+ },
+ "responses": {
+ "200": {
+ "message": "OK"
+ },
+ "204": {
+ "message": "Pricing does not exist"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameCloudPosture_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameCloudPosture_example.json
new file mode 100644
index 000000000000..38bbc8666bde
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameCloudPosture_example.json
@@ -0,0 +1,48 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "CloudPosture"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameContainers_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameContainers_example.json
new file mode 100644
index 000000000000..8b1c8986baf7
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameContainers_example.json
@@ -0,0 +1,30 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "Containers"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Containers",
+ "name": "Containers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameDns_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameDns_example.json
new file mode 100644
index 000000000000..9a5389e2017a
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameDns_example.json
@@ -0,0 +1,27 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "Dns"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/Dns",
+ "name": "Dns",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "deprecated": true,
+ "replacedBy": [
+ "VirtualMachines"
+ ],
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameExternallyUpdated_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameExternallyUpdated_example.json
new file mode 100644
index 000000000000..59dad2e89262
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameExternallyUpdated_example.json
@@ -0,0 +1,51 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "CloudPosture"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator",
+ "originatedFrom": "M365",
+ "managedBy": "M365 security rule: /management/rules/b6e2e7e2-2c7a-4e2e-9b7d-2e2e7e2b6e2e"
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameStorageAccounts_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameStorageAccounts_example.json
new file mode 100644
index 000000000000..7f777ea5ae40
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameStorageAccounts_example.json
@@ -0,0 +1,37 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "StorageAccounts"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts",
+ "name": "StorageAccounts",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "PerStorageAccount",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "capGBPerMonthPerStorageAccount": 10
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameVirtualMachines_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameVirtualMachines_example.json
new file mode 100644
index 000000000000..3e815b328fc2
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetPricingByNameVirtualMachines_example.json
@@ -0,0 +1,37 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "VirtualMachines"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "PartiallyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ },
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameContainers_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameContainers_example.json
new file mode 100644
index 000000000000..b23756be5bf2
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameContainers_example.json
@@ -0,0 +1,48 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster",
+ "pricingName": "Containers"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster/providers/Microsoft.Security/pricings/Containers",
+ "name": "Containers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "P26DT17H24M",
+ "enablementTime": "2025-01-13T10:30:45.1234567Z",
+ "inherited": "False",
+ "inheritedFrom": null,
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "ContainerSensor",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerIntegrityContribution",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json
new file mode 100644
index 000000000000..241fdc1cdfb2
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json
@@ -0,0 +1,37 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
+ "pricingName": "VirtualMachines"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "inherited": "True",
+ "inheritedFrom": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ },
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricingsWithPlanFilter_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricingsWithPlanFilter_example.json
new file mode 100644
index 000000000000..2b60946a4f80
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricingsWithPlanFilter_example.json
@@ -0,0 +1,55 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "$Filter": "name in (VirtualMachines,KeyVaults)"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "PartiallyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ },
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/KeyVaults",
+ "name": "KeyVaults",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "PerKeyVault",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricings_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricings_example.json
new file mode 100644
index 000000000000..8cb12c2e59f6
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListPricings_example.json
@@ -0,0 +1,254 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "PartiallyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ },
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/SqlServers",
+ "name": "SqlServers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/AppServices",
+ "name": "AppServices",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Free",
+ "freeTrialRemainingTime": "PT0S",
+ "enforce": "False",
+ "resourcesCoverageStatus": "NotCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/StorageAccounts",
+ "name": "StorageAccounts",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "DefenderForStorageV2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "capGBPerMonthPerStorageAccount": 10
+ },
+ "securityOperatorResourceId": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/SqlServerVirtualMachines",
+ "name": "SqlServerVirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/KubernetesService",
+ "name": "KubernetesService",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Free",
+ "freeTrialRemainingTime": "PT0S",
+ "enforce": "False",
+ "resourcesCoverageStatus": "NotCovered",
+ "deprecated": true,
+ "replacedBy": [
+ "Containers"
+ ]
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/ContainerRegistry",
+ "name": "ContainerRegistry",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Free",
+ "freeTrialRemainingTime": "PT0S",
+ "enforce": "False",
+ "resourcesCoverageStatus": "NotCovered",
+ "deprecated": true,
+ "replacedBy": [
+ "Containers"
+ ]
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/KeyVaults",
+ "name": "KeyVaults",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "PerKeyVault",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/Dns",
+ "name": "Dns",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "deprecated": true,
+ "replacedBy": [
+ "VirtualMachines"
+ ],
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/Arm",
+ "name": "Arm",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "PerSubscription",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/OpenSourceRelationalDatabases",
+ "name": "OpenSourceRelationalDatabases",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/Containers",
+ "name": "Containers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True"
+ }
+ ],
+ "securityOperatorResourceId": "/providers/Microsoft.Management/managementGroups/ContosoGroup/providers/Microsoft.Security/securityOperators/ContosoOperator"
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/providers/Microsoft.Security/pricings/Api",
+ "name": "Api",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P1",
+ "freeTrialRemainingTime": "PT0S"
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListResourcePricings_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListResourcePricings_example.json
new file mode 100644
index 000000000000..ac4744e7f023
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/ListResourcePricings_example.json
@@ -0,0 +1,50 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1"
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "value": [
+ {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "inherited": "True",
+ "inheritedFrom": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ },
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "id": "/subscriptions/d34fd44c-ebfa-4a9c-bceb-9eeafe72ac15/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Free",
+ "inherited": "False",
+ "inheritedFrom": null
+ }
+ }
+ ]
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByNamePartialSuccess_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByNamePartialSuccess_example.json
new file mode 100644
index 000000000000..2a9efda10905
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByNamePartialSuccess_example.json
@@ -0,0 +1,126 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "CloudPosture",
+ "pricing": {
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed find dedicated first party application client ID for extension"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed assigning roles {d5a2ae44-610b-4500-93be-660a0c5f5ca6} to {identityName} for plan"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed assigning roles {f58310d9-a9f6-439a-9e8d-f62e7b41a168} to {identityName} for plan"
+ }
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed find dedicated first party application client ID for extension"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed assigning roles {d5a2ae44-610b-4500-93be-660a0c5f5ca6} to {identityName} for plan"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Failed",
+ "message": "Failed assigning roles {f58310d9-a9f6-439a-9e8d-f62e7b41a168} to {identityName} for plan"
+ }
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByName_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByName_example.json
new file mode 100644
index 000000000000..fe6f6c1e530e
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingByName_example.json
@@ -0,0 +1,126 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "CloudPosture",
+ "pricing": {
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/CloudPosture",
+ "name": "CloudPosture",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "False",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ },
+ {
+ "name": "EntraPermissionsManagement",
+ "isEnabled": "True",
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingVMsByName_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingVMsByName_example.json
new file mode 100644
index 000000000000..2745c8749791
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutPricingVMsByName_example.json
@@ -0,0 +1,80 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23",
+ "pricingName": "VirtualMachines",
+ "pricing": {
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "enforce": "True"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "True",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "False"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ },
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/pricings/VirtualMachines",
+ "name": "VirtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "enforce": "True",
+ "resourcesCoverageStatus": "FullyCovered",
+ "extensions": [
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "False"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ },
+ "operationStatus": {
+ "code": "Succeeded",
+ "message": "Successfully enabled extension"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameContainers_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameContainers_example.json
new file mode 100644
index 000000000000..bf5c7aeec957
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameContainers_example.json
@@ -0,0 +1,117 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster",
+ "pricingName": "Containers",
+ "pricing": {
+ "properties": {
+ "pricingTier": "Standard",
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerSensor",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "ContainerIntegrityContribution",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster/providers/Microsoft.Security/pricings/Containers",
+ "name": "Containers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "P29DT23H55M",
+ "enablementTime": "2025-01-14T16:35:12.4567890Z",
+ "inherited": "False",
+ "inheritedFrom": null,
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerSensor",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "ContainerIntegrityContribution",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/demo-containers-rg/providers/Microsoft.ContainerService/managedClusters/demo-aks-cluster/providers/Microsoft.Security/pricings/Containers",
+ "name": "Containers",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "freeTrialRemainingTime": "P30DT0H0M",
+ "enablementTime": "2025-01-14T16:35:12.4567890Z",
+ "inherited": "False",
+ "inheritedFrom": null,
+ "extensions": [
+ {
+ "name": "ContainerRegistriesVulnerabilityAssessments",
+ "isEnabled": "True"
+ },
+ {
+ "name": "ContainerSensor",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessDiscoveryForKubernetes",
+ "isEnabled": "True"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[]"
+ }
+ },
+ {
+ "name": "ContainerIntegrityContribution",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json
new file mode 100644
index 000000000000..eb8d0c32fd8f
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json
@@ -0,0 +1,71 @@
+{
+ "parameters": {
+ "api-version": "2025-10-01-preview",
+ "scopeId": "subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1",
+ "pricingName": "virtualMachines",
+ "pricing": {
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P1"
+ }
+ }
+ },
+ "responses": {
+ "200": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines",
+ "name": "virtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P1",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "inherited": "False",
+ "inheritedFrom": null,
+ "extensions": [
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "False"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{\"Key\":\"TestKey1\",\"Value\":\"TestValue1\"},{\"Key\":\"TestKey2\",\"Value\":\"TestValue2\"}]"
+ }
+ }
+ ]
+ }
+ }
+ },
+ "201": {
+ "body": {
+ "id": "/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/resourceGroups/DEMO/providers/Microsoft.Compute/virtualMachines/VM-1/providers/Microsoft.Security/pricings/virtualMachines",
+ "name": "virtualMachines",
+ "type": "Microsoft.Security/pricings",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P1",
+ "freeTrialRemainingTime": "PT0S",
+ "enablementTime": "2023-03-01T12:42:42.1921106Z",
+ "inherited": "False",
+ "inheritedFrom": null,
+ "extensions": [
+ {
+ "name": "MdeDesignatedSubscription",
+ "isEnabled": "False"
+ },
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "ExclusionTags": "[{'Key':'TestKey1','Value':'TestValue1'},{'Key':'TestKey2','Value':'TestValue2'}]"
+ }
+ }
+ ]
+ }
+ }
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/pricings.json b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/pricings.json
new file mode 100644
index 000000000000..92aa1100aa4c
--- /dev/null
+++ b/specification/security/resource-manager/Microsoft.Security/Security/preview/2025-10-01-preview/pricings.json
@@ -0,0 +1,766 @@
+{
+ "swagger": "2.0",
+ "info": {
+ "title": "Microsoft Defender for Cloud",
+ "description": "API spec for Microsoft.Security (Microsoft Defender for Cloud) resource provider",
+ "version": "2025-10-01-preview"
+ },
+ "host": "management.azure.com",
+ "schemes": [
+ "https"
+ ],
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "security": [
+ {
+ "azure_auth": [
+ "user_impersonation"
+ ]
+ }
+ ],
+ "securityDefinitions": {
+ "azure_auth": {
+ "type": "oauth2",
+ "authorizationUrl": "https://login.microsoftonline.com/common/oauth2/authorize",
+ "flow": "implicit",
+ "description": "Azure Active Directory OAuth2 Flow",
+ "scopes": {
+ "user_impersonation": "impersonate your user account"
+ }
+ }
+ },
+ "paths": {
+ "/{scopeId}/providers/Microsoft.Security/pricings/{pricingName}": {
+ "get": {
+ "x-ms-examples": {
+ "Get pricings on subscription - VirtualMachines plan": {
+ "$ref": "./examples/Pricings/GetPricingByNameVirtualMachines_example.json"
+ },
+ "Get pricings on resource - VirtualMachines plan": {
+ "$ref": "./examples/Pricings/GetResourcePricingByNameVirtualMachines_example.json"
+ },
+ "Get pricings on resource - Containers plan": {
+ "$ref": "./examples/Pricings/GetResourcePricingByNameContainers_example.json"
+ },
+ "Get pricings on subscription - Dns plan": {
+ "$ref": "./examples/Pricings/GetPricingByNameDns_example.json"
+ },
+ "Get pricings on subscription - StorageAccounts plan": {
+ "$ref": "./examples/Pricings/GetPricingByNameStorageAccounts_example.json"
+ },
+ "Get pricings on subscription - Containers plan": {
+ "$ref": "./examples/Pricings/GetPricingByNameContainers_example.json"
+ },
+ "Get pricings on subscription - CloudPosture plan": {
+ "$ref": "./examples/Pricings/GetPricingByNameCloudPosture_example.json"
+ },
+ "Get pricings on subscription - Managed by M365 security rule": {
+ "$ref": "./examples/Pricings/GetPricingByNameExternallyUpdated_example.json"
+ }
+ },
+ "tags": [
+ "Pricings"
+ ],
+ "description": "Get the Defender plans pricing configurations of the selected scope (valid scopes are resource id or a subscription id). At the resource level, supported resource types are 'VirtualMachines, VMSS and ARC Machines'.",
+ "operationId": "Pricings_Get",
+ "parameters": [
+ {
+ "$ref": "./common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ScopeId"
+ },
+ {
+ "$ref": "#/parameters/PricingName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/Pricing"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "./common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "put": {
+ "x-ms-examples": {
+ "Update pricing on subscription (example for CloudPosture plan)": {
+ "$ref": "./examples/Pricings/PutPricingByName_example.json"
+ },
+ "Update pricing on subscription (example for VirtualMachines plan)": {
+ "$ref": "./examples/Pricings/PutPricingVMsByName_example.json"
+ },
+ "Update pricing on resource (example for VirtualMachines plan)": {
+ "$ref": "./examples/Pricings/PutResourcePricingByNameVirtualMachines_example.json"
+ },
+ "Update pricing on resource (example for Containers plan)": {
+ "$ref": "./examples/Pricings/PutResourcePricingByNameContainers_example.json"
+ },
+ "Update pricing on subscription (example for CloudPosture plan) - partial success": {
+ "$ref": "./examples/Pricings/PutPricingByNamePartialSuccess_example.json"
+ }
+ },
+ "tags": [
+ "Pricings"
+ ],
+ "description": "Updates a provided Microsoft Defender for Cloud pricing configuration in the scope. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines', 'VMSS', 'ARC Machines', (only for plan='VirtualMachines' and subPlan='P1'), and 'Containers').",
+ "operationId": "Pricings_Update",
+ "parameters": [
+ {
+ "$ref": "./common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ScopeId"
+ },
+ {
+ "$ref": "#/parameters/PricingName"
+ },
+ {
+ "$ref": "#/parameters/Pricing"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully updated",
+ "schema": {
+ "$ref": "#/definitions/Pricing"
+ }
+ },
+ "201": {
+ "description": "Successfully created.",
+ "schema": {
+ "$ref": "#/definitions/Pricing"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "./common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ },
+ "delete": {
+ "x-ms-examples": {
+ "Delete a pricing on resource": {
+ "$ref": "./examples/Pricings/DeleteResourcePricing_example.json"
+ },
+ "Delete a pricing on resource (example for Containers plan)": {
+ "$ref": "./examples/Pricings/DeleteResourcePricingByNameContainers_example.json"
+ }
+ },
+ "tags": [
+ "Pricings"
+ ],
+ "description": "Deletes a provided Microsoft Defender for Cloud pricing configuration in a specific resource. Valid only for resource scope (Supported resources are: 'VirtualMachines', 'VMSS', 'ARC Machines' and 'Containers').",
+ "operationId": "Pricings_Delete",
+ "parameters": [
+ {
+ "$ref": "./common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ScopeResourceId"
+ },
+ {
+ "$ref": "#/parameters/PricingName"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Successfully deleted the pricing configuration of the resource."
+ },
+ "204": {
+ "description": "No Content - Pricing does not exist"
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "./common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ },
+ "/{scopeId}/providers/Microsoft.Security/pricings": {
+ "get": {
+ "x-ms-examples": {
+ "Get pricings on subscription": {
+ "$ref": "./examples/Pricings/ListPricings_example.json"
+ },
+ "Get pricings on subscription with plans filter": {
+ "$ref": "./examples/Pricings/ListPricingsWithPlanFilter_example.json"
+ },
+ "Get pricings on resource": {
+ "$ref": "./examples/Pricings/ListResourcePricings_example.json"
+ }
+ },
+ "tags": [
+ "Pricings"
+ ],
+ "description": "Lists Microsoft Defender for Cloud pricing configurations of the scopeId, that match the optional given $filter. Valid scopes are: subscription id or a specific resource id (Supported resources are: 'VirtualMachines', 'VMSS', 'ARC Machines' and 'Containers'). Valid $filter is: 'name in ({planName1},{planName2},...)'. If $filter is not provided, the unfiltered list will be returned. If '$filter=name in (planName1,planName2)' is provided, the returned list includes the pricings set for 'planName1' and 'planName2' only.",
+ "operationId": "Pricings_List",
+ "x-ms-pageable": {
+ "nextLinkName": null
+ },
+ "parameters": [
+ {
+ "$ref": "./common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ScopeId"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ODataFilter"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "OK",
+ "schema": {
+ "$ref": "#/definitions/PricingList"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "./common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ },
+ "/{scopeId}/providers/Microsoft.Security/pricings/default/batch": {
+ "post": {
+ "x-ms-examples": {
+ "Batch update multiple pricing plans - success": {
+ "$ref": "./examples/Pricings/BatchUpdatePricings_Success_example.json"
+ },
+ "Batch update with partial success": {
+ "$ref": "./examples/Pricings/BatchUpdatePricings_PartialSuccess_example.json"
+ }
+ },
+ "tags": [
+ "Pricings"
+ ],
+ "description": "Updates multiple Microsoft Defender for Cloud pricing configurations for the specified subscription scope. This operation uses a best-effort approach where valid plans are saved atomically, while invalid plans return detailed error information. Only subscription-level scopes are supported for batch operations. Maximum of 30 pricing plans can be updated in a single batch request.",
+ "operationId": "Pricings_BatchUpdate",
+ "parameters": [
+ {
+ "$ref": "./common/v1/types.json#/parameters/ApiVersion"
+ },
+ {
+ "$ref": "./common/v1/types.json#/parameters/ScopeIdSubscriptionOnly"
+ },
+ {
+ "$ref": "#/parameters/BatchPricingUpdateRequest"
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "Batch update completed. Check the response body for individual plan results and summary statistics.",
+ "schema": {
+ "$ref": "#/definitions/BatchPricingUpdateResponse"
+ }
+ },
+ "default": {
+ "description": "Error response describing why the operation failed.",
+ "schema": {
+ "$ref": "./common/v1/types.json#/definitions/CloudError"
+ }
+ }
+ }
+ }
+ }
+ },
+ "definitions": {
+ "PricingList": {
+ "type": "object",
+ "description": "List of pricing configurations response.",
+ "required": [
+ "value"
+ ],
+ "properties": {
+ "value": {
+ "type": "array",
+ "description": "List of pricing configurations",
+ "items": {
+ "$ref": "#/definitions/Pricing"
+ }
+ }
+ }
+ },
+ "Pricing": {
+ "type": "object",
+ "description": "Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.",
+ "properties": {
+ "properties": {
+ "x-ms-client-flatten": true,
+ "description": "Pricing data",
+ "$ref": "#/definitions/PricingProperties"
+ }
+ },
+ "allOf": [
+ {
+ "$ref": "./common/v1/types.json#/definitions/Resource"
+ }
+ ]
+ },
+ "PricingProperties": {
+ "type": "object",
+ "description": "Pricing properties for the relevant scope",
+ "properties": {
+ "pricingTier": {
+ "type": "string",
+ "description": "Indicates whether the Defender plan is enabled on the selected scope. Microsoft Defender for Cloud is provided in two pricing tiers: free and standard. The standard tier offers advanced security capabilities, while the free tier offers basic security features.",
+ "enum": [
+ "Free",
+ "Standard"
+ ],
+ "x-ms-enum": {
+ "name": "pricingTier",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Free",
+ "description": "Get free Microsoft Defender for Cloud experience with basic security features"
+ },
+ {
+ "value": "Standard",
+ "description": "Get the standard Microsoft Defender for Cloud experience with advanced security features"
+ }
+ ]
+ }
+ },
+ "subPlan": {
+ "type": "string",
+ "description": "The sub-plan selected for a Standard pricing configuration, when more than one sub-plan is available. Each sub-plan enables a set of security features. When not specified, full plan is applied. For VirtualMachines plan, available sub plans are 'P1' & 'P2', where for resource level only 'P1' sub plan is supported."
+ },
+ "freeTrialRemainingTime": {
+ "type": "string",
+ "format": "duration",
+ "readOnly": true,
+ "description": "The duration left for the subscriptions free trial period - in ISO 8601 format (e.g. P3Y6M4DT12H30M5S)."
+ },
+ "enablementTime": {
+ "type": "string",
+ "format": "date-time",
+ "readOnly": true,
+ "description": "Optional. If `pricingTier` is `Standard` then this property holds the date of the last time the `pricingTier` was set to `Standard`, when available (e.g 2023-03-01T12:42:42.1921106Z)."
+ },
+ "enforce": {
+ "type": "string",
+ "description": "If set to \"False\", it allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited=\"False\"). If set to \"True\", it prevents overrides and forces this pricing configuration on all the descendants of this scope. This field is only available for subscription-level pricing.",
+ "enum": [
+ "False",
+ "True"
+ ],
+ "x-ms-enum": {
+ "name": "enforce",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "False",
+ "description": "Allows the descendants of this scope to override the pricing configuration set on this scope (allows setting inherited=\"False\")"
+ },
+ {
+ "value": "True",
+ "description": "Prevents overrides and forces the current scope's pricing configuration to all descendants"
+ }
+ ]
+ }
+ },
+ "inherited": {
+ "type": "string",
+ "readOnly": true,
+ "description": "\"inherited\" = \"True\" indicates that the current scope inherits its pricing configuration from its parent. The ID of the parent scope that provides the inherited configuration is displayed in the \"inheritedFrom\" field. On the other hand, \"inherited\" = \"False\" indicates that the current scope has its own pricing configuration explicitly set, and does not inherit from its parent. This field is read only and available only for resource-level pricing.",
+ "enum": [
+ "True",
+ "False"
+ ],
+ "x-ms-enum": {
+ "name": "inherited",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "True",
+ "description": "Indicates that the current scope is inheriting its pricing configuration from its parent"
+ },
+ {
+ "value": "False",
+ "description": "Indicates that the current scope sets its own pricing configuration and does not inherit it from its parent"
+ }
+ ]
+ }
+ },
+ "inheritedFrom": {
+ "type": "string",
+ "readOnly": true,
+ "description": "The id of the scope inherited from. \"Null\" if not inherited."
+ },
+ "resourcesCoverageStatus": {
+ "type": "string",
+ "readOnly": true,
+ "description": "This field is available for subscription-level only, and reflects the coverage status of the resources under the subscription. Please note: The \"pricingTier\" field reflects the plan status of the subscription. However, since the plan status can also be defined at the resource level, there might be misalignment between the subscription's plan status and the resource status. This field helps indicate the coverage status of the resources.",
+ "enum": [
+ "FullyCovered",
+ "PartiallyCovered",
+ "NotCovered"
+ ],
+ "x-ms-enum": {
+ "name": "resourcesCoverageStatus",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "FullyCovered",
+ "description": "This value indicates that all resources associated with the subscription have the Defender plan enabled."
+ },
+ {
+ "value": "PartiallyCovered",
+ "description": "This value indicates that some resources under the subscription have the Defender plan enabled, while others have it disabled. There is a mixed coverage status among resources."
+ },
+ {
+ "value": "NotCovered",
+ "description": "This value indicates that the Defender plan is disabled for all resources under the subscription. None of the resources are protected by the Defender plan."
+ }
+ ]
+ }
+ },
+ "extensions": {
+ "type": "array",
+ "items": {
+ "$ref": "#/definitions/Extension"
+ },
+ "description": "Optional. List of extensions offered under a plan.",
+ "x-ms-identifiers": []
+ },
+ "deprecated": {
+ "type": "boolean",
+ "readOnly": true,
+ "description": "Optional. True if the plan is deprecated. If there are replacing plans they will appear in `replacedBy` property"
+ },
+ "replacedBy": {
+ "type": "array",
+ "items": {
+ "type": "string"
+ },
+ "readOnly": true,
+ "description": "Optional. List of plans that replace this plan. This property exists only if this plan is deprecated."
+ },
+ "securityOperatorResourceId": {
+ "type": "string",
+ "description": "Resource Id of Microsoft.Security/SecurityOperator, as an extension resource of Subscription (format: /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityOperators/{operatorName}) or Management Group (format: /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/securityOperators/{operatorName}).
The Security Operator should be created with a System Managed Identity which is used by Microsoft Defender for Cloud to operate on scope according to Plan configuration."
+ },
+ "originatedFrom": {
+ "type": "string",
+ "readOnly": true,
+ "description": "Optional. Indicates the origin of the most recent configuration change when the update was performed by a management system other than direct Azure Resource Manager (ARM).",
+ "enum": [
+ "M365"
+ ],
+ "x-ms-enum": {
+ "name": "originatedFrom",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "M365",
+ "description": "Indicates that the configuration change originated from Microsoft 365."
+ }
+ ]
+ }
+ },
+ "managedBy": {
+ "type": "string",
+ "readOnly": true,
+ "description": "Optional. Indicates who exclusively manage the configuration when the last update was performed by a management system other than direct Azure Resource Manager (ARM)."
+ }
+ },
+ "required": [
+ "pricingTier"
+ ]
+ },
+ "Extension": {
+ "type": "object",
+ "description": "A plan's extension properties",
+ "properties": {
+ "name": {
+ "type": "string",
+ "description": "The extension name. Supported values are:
**AgentlessDiscoveryForKubernetes** - Provides zero footprint, API-based discovery of Kubernetes clusters, their configurations and deployments. The collected data is used to create a contextualized security graph for Kubernetes clusters, provide risk hunting capabilities, and visualize risks and threats to Kubernetes environments and workloads.
Available for CloudPosture plan and Containers plan.
**OnUploadMalwareScanning** - Limits the GB to be scanned per month for each storage account within the subscription. Once this limit reached on a given storage account, Blobs won't be scanned during current calendar month.
Available for StorageAccounts plan (DefenderForStorageV2 sub plans).
**SensitiveDataDiscovery** - Sensitive data discovery identifies Blob storage container with sensitive data such as credentials, credit cards, and more, to help prioritize and investigate security events.
Available for StorageAccounts plan (DefenderForStorageV2 sub plan) and CloudPosture plan.
**ContainerRegistriesVulnerabilityAssessments** - Provides vulnerability management for images stored in your container registries.
Available for CloudPosture plan and Containers plan.
**MdeDesignatedSubscription** - Direct onboarding is a seamless integration between Defender for Endpoint and Defender for Cloud that doesn’t require extra software deployment on your servers. The onboarded resources will be presented under a designated Azure Subscription you configure
Available for VirtualMachines plan (P1 and P2 sub plans).
**AgentlessVmScanning** - Scans your machines for installed software, vulnerabilities, malware and secret scanning without relying on agents or impacting machine performance. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/concept-agentless-data-collection.
Available for CloudPosture plan, VirtualMachines plan (P2 sub plan) and Containers plan.
**EntraPermissionsManagement** - Permissions Management provides Cloud Infrastructure Entitlement Management (CIEM) capabilities that helps organizations to manage and control user access and entitlements in their cloud infrastructure - important attack vector for cloud environments.
Permissions Management analyzes all permissions and active usage, and suggests recommendations to reduce permissions to enforce the principle of least privilege. Learn more here https://learn.microsoft.com/en-us/azure/defender-for-cloud/permissions-management.
Available for CloudPosture plan.
**FileIntegrityMonitoring** - File integrity monitoring (FIM), examines operating system files.
Windows registries, Linux system files, in real time, for changes that might indicate an attack.
Available for VirtualMachines plan (P2 sub plan).
**ContainerSensor** - The sensor is based on IG and provides a rich threat detection suite for Kubernetes clusters, nodes, and workloads, powered by Microsoft leading threat intelligence, provides mapping to MITRE ATT&CK framework.
Available for Containers plan.
**AIPromptEvidence** - Exposes the prompts passed between the user and the AI model as alert evidence. This helps classify and triage the alerts with relevant user context. The prompt snippets will include only segments of the user prompt or model response that were deemed suspicious and relevant for security classifications. The prompt evidence will be available through Defender portal as part of each alert.
Available for AI plan.
"
+ },
+ "isEnabled": {
+ "type": "string",
+ "description": "Indicates whether the extension is enabled.",
+ "enum": [
+ "True",
+ "False"
+ ],
+ "x-ms-enum": {
+ "name": "isEnabled",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "True",
+ "description": "Indicates the extension is enabled"
+ },
+ {
+ "value": "False",
+ "description": "Indicates the extension is disabled"
+ }
+ ]
+ }
+ },
+ "additionalExtensionProperties": {
+ "type": "object",
+ "description": "Property values associated with the extension.",
+ "additionalProperties": {}
+ },
+ "operationStatus": {
+ "type": "object",
+ "$ref": "#/definitions/OperationStatus",
+ "readOnly": true,
+ "description": "Optional. A status describing the success/failure of the extension's enablement/disablement operation."
+ },
+ "securityOperatorResourceId": {
+ "type": "string",
+ "description": "Resource Id of Microsoft.Security/SecurityOperator, as an extension resource of Subscription (format: /subscriptions/{subscriptionId}/providers/Microsoft.Security/securityOperators/{operatorName}) or Management Group (format: /providers/Microsoft.Management/managementGroups/{managementGroupId}/providers/Microsoft.Security/securityOperators/{operatorName}).
The Security Operator should be created with a System Managed Identity which is used by Microsoft Defender for Cloud to operate on scope according to Extension configuration."
+ }
+ },
+ "required": [
+ "name",
+ "isEnabled"
+ ]
+ },
+ "OperationStatus": {
+ "type": "object",
+ "description": "A status describing the success/failure of the extension's enablement/disablement operation.",
+ "properties": {
+ "code": {
+ "type": "string",
+ "description": "The operation status code.",
+ "enum": [
+ "Succeeded",
+ "Failed"
+ ],
+ "x-ms-enum": {
+ "name": "code",
+ "modelAsString": true,
+ "values": [
+ {
+ "value": "Succeeded",
+ "description": "Extension was created/updated successfully."
+ },
+ {
+ "value": "Failed",
+ "description": "Extension was not created/updated successfully. See operation status message for more details."
+ }
+ ]
+ }
+ },
+ "message": {
+ "type": "string",
+ "description": "Additional information regarding the success/failure of the operation."
+ }
+ }
+ },
+ "BatchPricingUpdateRequest": {
+ "type": "object",
+ "description": "Request for updating multiple pricing configurations in a single operation",
+ "required": [
+ "plansConfigurations"
+ ],
+ "properties": {
+ "plansConfigurations": {
+ "type": "array",
+ "description": "Array of pricing plan configurations to update. Maximum of 30 plans allowed per batch request.",
+ "items": {
+ "$ref": "#/definitions/BatchPlanItem"
+ },
+ "x-ms-identifiers": [
+ "planName"
+ ],
+ "minItems": 1,
+ "maxItems": 30
+ }
+ },
+ "example": {
+ "plansConfigurations": [
+ {
+ "planName": "VirtualMachines",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "enforce": "False",
+ "extensions": [
+ {
+ "name": "AgentlessVmScanning",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "planName": "StorageAccounts",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "DefenderForStorageV2",
+ "enforce": "False",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "capGBPerMonth": "5000"
+ }
+ }
+ ]
+ }
+ }
+ ]
+ }
+ },
+ "BatchPlanItem": {
+ "type": "object",
+ "description": "Individual pricing plan configuration for batch update operation",
+ "required": [
+ "planName",
+ "properties"
+ ],
+ "properties": {
+ "planName": {
+ "type": "string",
+ "description": "Name of the pricing plan (e.g., VirtualMachines, StorageAccounts, CloudPosture, Containers, etc.)",
+ "example": "VirtualMachines"
+ },
+ "properties": {
+ "$ref": "#/definitions/PricingProperties",
+ "description": "Pricing configuration properties for this plan"
+ }
+ }
+ },
+ "BatchPricingUpdateResponse": {
+ "type": "object",
+ "description": "Response from batch pricing update operation containing results for each plan and operation summary",
+ "required": [
+ "results",
+ "summary"
+ ],
+ "properties": {
+ "results": {
+ "type": "array",
+ "description": "Results for each individual pricing plan update within the batch operation",
+ "items": {
+ "$ref": "#/definitions/BatchPricingResult"
+ },
+ "x-ms-identifiers": [
+ "planName"
+ ]
+ },
+ "summary": {
+ "$ref": "#/definitions/BatchOperationSummary",
+ "description": "Summary statistics for the batch operation including total, successful, and failed update counts"
+ }
+ }
+ },
+ "BatchPricingResult": {
+ "type": "object",
+ "description": "Result of updating a single pricing plan within a batch operation",
+ "required": [
+ "planName",
+ "success"
+ ],
+ "properties": {
+ "planName": {
+ "type": "string",
+ "description": "Name of the pricing plan that was processed in this batch operation"
+ },
+ "success": {
+ "type": "boolean",
+ "description": "Whether the update for this pricing plan was successful"
+ },
+ "errorMessage": {
+ "type": "string",
+ "description": "Detailed error message if the update failed (only present when success=false). Contains specific validation or authorization error details."
+ },
+ "result": {
+ "$ref": "#/definitions/Pricing",
+ "description": "Updated pricing configuration resource (only present when success=true). Contains the complete pricing configuration with all properties populated."
+ }
+ }
+ },
+ "BatchOperationSummary": {
+ "type": "object",
+ "description": "Summary statistics for batch operation results providing overview of operation success",
+ "required": [
+ "totalRequested",
+ "successfulUpdates",
+ "failedUpdates"
+ ],
+ "properties": {
+ "totalRequested": {
+ "type": "integer",
+ "format": "int32",
+ "description": "Total number of pricing configurations requested for update in this batch",
+ "minimum": 1,
+ "maximum": 30
+ },
+ "successfulUpdates": {
+ "type": "integer",
+ "format": "int32",
+ "description": "Number of pricing configurations successfully updated",
+ "minimum": 0
+ },
+ "failedUpdates": {
+ "type": "integer",
+ "format": "int32",
+ "description": "Number of pricing configurations that failed to update due to validation or authorization errors",
+ "minimum": 0
+ }
+ },
+ "example": {
+ "totalRequested": 2,
+ "successfulUpdates": 1,
+ "failedUpdates": 1
+ }
+ }
+ },
+ "parameters": {
+ "PricingName": {
+ "name": "pricingName",
+ "in": "path",
+ "required": true,
+ "type": "string",
+ "description": "name of the pricing configuration",
+ "x-ms-parameter-location": "method"
+ },
+ "Pricing": {
+ "name": "pricing",
+ "in": "body",
+ "required": true,
+ "description": "Pricing object",
+ "schema": {
+ "$ref": "#/definitions/Pricing"
+ },
+ "x-ms-parameter-location": "method"
+ },
+ "BatchPricingUpdateRequest": {
+ "name": "batchPricingRequest",
+ "in": "body",
+ "required": true,
+ "description": "Batch pricing update request containing multiple plan configurations (maximum 30 plans per batch)",
+ "schema": {
+ "$ref": "#/definitions/BatchPricingUpdateRequest"
+ },
+ "x-ms-parameter-location": "method"
+ }
+ }
+}
diff --git a/specification/security/resource-manager/Microsoft.Security/Security/readme.md b/specification/security/resource-manager/Microsoft.Security/Security/readme.md
index d586e4c8197d..de2c0ce603e4 100644
--- a/specification/security/resource-manager/Microsoft.Security/Security/readme.md
+++ b/specification/security/resource-manager/Microsoft.Security/Security/readme.md
@@ -77,6 +77,30 @@ suppressions:
- code: GetCollectionOnlyHasValueAndNextLink
from: Microsoft.Security\stable\2024-01-01\pricings.json
reason: The collections is limited to 13 items maximum. No need for paging. Also old versions did not have these fields as well.
+ - code: ResourceNameRestriction
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.parameters.PricingName
+ reason: Old versions do not have pattern as well, and if I add a pattern to this version, I get another error about breaking the last version's pattern.
+ - code: PutRequestResponseSchemeArm
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.paths["/{scopeId}/providers/Microsoft.Security/pricings/{pricingName}"].put
+ reason: The models are the same, but one is a parameter and the other is a definition! old versions of this API have the same configurations.
+ - code: GetCollectionOnlyHasValueAndNextLink
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.definitions.PricingList
+ reason: The collection is limited to 13 items maximum. No need for paging. Also old versions did not have these fields as well.
+ - code: PathForResourceAction
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.paths["/{scopeId}/providers/Microsoft.Security/pricings/batch"].post
+ reason: The pricings API uses a {scopeId} parameter instead of the standard /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/... path pattern. This is by design as the endpoint supports multiple scope types (subscription and resource-level scopes). The batch action is a POST on the pricings collection.
+ - code: ParameterNotDefinedInGlobalParameters
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.paths["/{scopeId}/providers/Microsoft.Security/pricings/{pricingName}"].get.parameters[0]
+ reason: api-version parameter is referenced from common types v1, which is the recommended pattern.
+ - code: EnumInsteadOfBoolean
+ from: Microsoft.Security\preview\2025-10-01-preview\pricings.json
+ where: $.definitions.BatchPricingResult.properties.success
+ reason: The success property is a simple success/failure indicator for batch results that will not need additional states.
- code: ResourceNameRestriction
from: Microsoft.Security\preview\2024-03-01\securityConnectors.json
reason: Old versions do not have pattern as well, and if I add a pattern to this version, I get another error about breaking the last version's pattern.
@@ -133,6 +157,7 @@ input-file:
- preview/2025-10-01-preview/operations.json
- preview/2025-10-01-preview/operationResults.json
- preview/2025-10-01-preview/operationStatuses.json
+ - preview/2025-10-01-preview/pricings.json
```
### Tag: package-preview-2025-09-01-preview
@@ -672,7 +697,7 @@ input-file:
- stable/2022-05-01/settings.json
- stable/2023-05-01/ServerVulnerabilityAssessmentsSettings.json
- stable/2023-11-15/apiCollections.json
-- stable/2024-01-01/pricings.json
+- preview/2025-10-01-preview/pricings.json
- stable/2024-08-01/securityStandards.json
- stable/2024-08-01/standardAssignments.json
- stable/2024-08-01/customRecommedations.json
@@ -1201,4 +1226,4 @@ See configuration in [readme.ruby.md](./readme.ruby.md)
## Java
-See configuration in [readme.java.md](./readme.java.md)
+See configuration in [readme.java.md](./readme.java.md)
\ No newline at end of file