Feature Request: Enable Defender for APIs

[w3b3rf]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Is your feature request related to a problem?

The default policy Deploy-MDFC-Config_20240319 seems to enable Defender for Cloud for every resource type except APIs. Some of the example docs mention a specific configuration parameter to enable / disable Defender for APIs (see https://github.com/Azure/terraform-azurerm-caf-enterprise-scale/wiki/%5BExamples%5D-Deploy-ZT-Network#:~:text=enable_defender_for_apis) but even if I specify this to be true manually (I think the other defender-related parameters are true by default) no changes will be deployed meaning this parameter is simply ignored.

Describe the solution you'd like

Defender for APIs should be enabled by default (like the rest of the defenders) and it should be possible to control it via aforementioned configuration parameter.

Is there a workaround / policy to enable Defender for APIs in the mean time?

Additional context