From c945c2816fb841df0367e559f3b831a6c733cd5e Mon Sep 17 00:00:00 2001
From: Or Parnes <orparnes@microsoft.com>
Date: Wed, 25 May 2022 10:01:23 +0200
Subject: [PATCH] 2022-05-02-preview defender updates (#19172)

* 2022-05-02-preview defender updates

* update example

* Typo

* Update sample

* typo

* another typo
---
 ...ManagedClustersCreate_SecurityProfile.json | 24 +++++++++------
 .../2022-05-02-preview/managedClusters.json   | 30 ++++++++++++-------
 2 files changed, 35 insertions(+), 19 deletions(-)

diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/examples/ManagedClustersCreate_SecurityProfile.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/examples/ManagedClustersCreate_SecurityProfile.json
index e7c2fac72358..460671ff92d1 100644
--- a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/examples/ManagedClustersCreate_SecurityProfile.json
+++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/examples/ManagedClustersCreate_SecurityProfile.json
@@ -48,9 +48,11 @@
           }
         },
         "securityProfile": {
-          "azureDefender": {
-            "enabled": true,
-            "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
+          "defender": {
+            "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
+            "securityMonitoring": {
+              "enabled": true
+            }
           }
         }
       }
@@ -143,9 +145,11 @@
             }
           },
           "securityProfile": {
-            "azureDefender": {
-              "enabled": true,
-              "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
+            "defender": {
+              "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
+              "securityMonitoring": {
+                "enabled": true
+              }
             }
           }
         }
@@ -235,9 +239,11 @@
             }
           },
           "securityProfile": {
-            "azureDefender": {
-              "enabled": true,
-              "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME"
+            "defender": {
+              "logAnalyticsWorkspaceResourceId": "/subscriptions/SUB_ID/resourcegroups/RG_NAME/providers/microsoft.operationalinsights/workspaces/WORKSPACE_NAME",
+              "securityMonitoring": {
+                "enabled": true
+              }
             }
           }
         }
diff --git a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/managedClusters.json b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/managedClusters.json
index 8f2fd5b9a41c..5f8a7cad9514 100644
--- a/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/managedClusters.json
+++ b/specification/containerservice/resource-manager/Microsoft.ContainerService/preview/2022-05-02-preview/managedClusters.json
@@ -6006,9 +6006,9 @@
     "ManagedClusterSecurityProfile": {
       "type": "object",
       "properties": {
-        "azureDefender": {
-          "$ref": "#/definitions/ManagedClusterSecurityProfileAzureDefender",
-          "description": "Azure Defender settings for the security profile."
+        "defender": {
+          "$ref": "#/definitions/ManagedClusterSecurityProfileDefender",
+          "description": "Microsoft Defender settings for the security profile."
         },
         "azureKeyVaultKms": {
           "$ref": "#/definitions/AzureKeyVaultKms",
@@ -6021,19 +6021,29 @@
       },
       "description": "Security profile for the container service cluster."
     },
-    "ManagedClusterSecurityProfileAzureDefender": {
+    "ManagedClusterSecurityProfileDefender": {
       "type": "object",
       "properties": {
-        "enabled": {
-          "type": "boolean",
-          "description": "Whether to enable Azure Defender"
-        },
         "logAnalyticsWorkspaceResourceId": {
           "type": "string",
-          "description": "Resource ID of the Log Analytics workspace to be associated with Azure Defender.  When Azure Defender is enabled, this field is required and must be a valid workspace resource ID. When Azure Defender is disabled, leave the field empty."
+          "description": "Resource ID of the Log Analytics workspace to be associated with Microsoft Defender. When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID. When Microsoft Defender is disabled, leave the field empty."
+        },
+        "securityMonitoring": {
+          "$ref": "#/definitions/ManagedClusterSecurityProfileDefenderSecurityMonitoring",
+          "description": "Microsoft Defender threat detection for Cloud settings for the security profile."
+        }
+      },
+      "description": "Microsoft Defender settings for the security profile."
+    },
+    "ManagedClusterSecurityProfileDefenderSecurityMonitoring": {
+      "type": "object",
+      "properties": {
+        "enabled": {
+          "type": "boolean",
+          "description": "Whether to enable Defender threat detection"
         }
       },
-      "description": "Azure Defender settings for the security profile."
+      "description": "Microsoft Defender settings for the security profile threat detection."
     },
     "ManagedClusterStorageProfile": {
       "type": "object",