Cloud security posture management (CSPM)
One of Microsoft Defender for Cloud's main pillars is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of your assets and workloads, and provides hardening guidance to help you efficiently and effectively improve your security posture.
Defender for Cloud continually assesses your resources against security standards that are defined for your Azure subscriptions. Defender for Cloud issues security recommendations based on these assessments.
By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) compliance standard is turned on. It provides recommendations. Defender for Cloud provides an aggregated secure score based on some of the MCSB recommendations. The higher the score, the lower the identified risk level.
CSPM features
Defender for Cloud provides the following CSPM offerings currently:
- Foundational CSPM - Defender for Cloud offers foundational multicloud CSPM capabilities for free. These capabilities are automatically enabled by default for subscriptions and accounts that onboard to Defender for Cloud.
Plan availability
Learn more about Defender CSPM pricing.
The following table summarizes each plan and their cloud availability.
| Feature | Foundational CSPM | Defender CSPM | Cloud availability |
|---|---|---|---|
| Security recommendations | 
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Asset inventory |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Secure score |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Data visualization and reporting with Azure Workbooks |
|
|
Azure, on-premises |
| Data exporting |
|
|
Azure, on-premises |
| Workflow automation |
|
|
Azure, on-premises |
| Tools for remediation |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Microsoft Cloud Security Benchmark |
|
|
Azure |
| Internet exposure analysis | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Regulatory compliance assessments | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Custom Recommendations | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Agentless code-to-cloud containers vulnerability assessment | - |
|
Azure, Docker Hub, JFrog Artifactory |
Plan pricing
- Review the Defender for Cloud pricing page to learn about Defender CSPM pricing.
Azure cloud support
For commercial and national cloud coverage, review the features supported in Azure cloud environments.
Next steps
- Learn about security standards and recommendations.
- Learn about secure score.