Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
One of the main features of Microsoft Defender for Cloud is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of your assets and workloads and offers hardening guidance to help you improve your security posture.
Defender for Cloud continually assesses your resources against security standards defined for your Azure subscriptions. Defender for Cloud issues security recommendations based on these assessments.
By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) compliance standard is enabled and provides recommendations to secure your environments. Defender for Cloud provides an aggregated secure score based on some of the MCSB recommendations. A higher score indicates a lower identified risk level.
CSPM plans
Defender for Cloud provides the following CSPM offerings currently:
- Foundational CSPM - A free plan enabled by default for subscriptions and accounts that onboard to Defender for Cloud.
Plan availability
Learn more about Defender CSPM pricing.
The following table summarizes each plan and their cloud availability.
| Feature | Foundational CSPM | Defender CSPM | Cloud availability |
|---|---|---|---|
| Security recommendations | 
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Asset inventory |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Secure score |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Data visualization and reporting with Azure Workbooks |
|
|
Azure, on-premises |
| Data exporting |
|
|
Azure, on-premises |
| Workflow automation |
|
|
Azure, on-premises |
| Tools for remediation |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Microsoft Cloud Security Benchmark |
|
|
Azure |
| Internet exposure analysis | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Regulatory compliance assessments | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Custom Recommendations | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Agentless code-to-cloud containers vulnerability assessment | - |
|
Azure, Docker Hub, JFrog Artifactory |
Plan pricing
- Review the Defender for Cloud pricing page to learn about Defender CSPM pricing.
Azure cloud support
For commercial and national cloud coverage, review the features supported in Azure cloud environments.
Next steps
- Learn about security standards and recommendations.
- Learn about secure score.