Cloud security posture management (CSPM)

One of the main features of Microsoft Defender for Cloud is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of your assets and workloads and offers hardening guidance to help you improve your security posture.

Defender for Cloud continually assesses your resources against security standards defined for your Azure subscriptions. Defender for Cloud issues security recommendations based on these assessments.

By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) compliance standard is enabled and provides recommendations to secure your environments. Defender for Cloud provides an aggregated secure score based on some of the MCSB recommendations. A higher score indicates a lower identified risk level.

CSPM plans

Defender for Cloud provides the following CSPM offerings currently:

  • Foundational CSPM - A free plan enabled by default for subscriptions and accounts that onboard to Defender for Cloud.

Plan availability

Learn more about Defender CSPM pricing.

The following table summarizes each plan and their cloud availability.

Feature Foundational CSPM Defender CSPM Cloud availability
Security recommendations Azure, on-premises, Docker Hub, JFrog Artifactory
Asset inventory Azure, on-premises, Docker Hub, JFrog Artifactory
Secure score Azure, on-premises, Docker Hub, JFrog Artifactory
Data visualization and reporting with Azure Workbooks Azure, on-premises
Data exporting Azure, on-premises
Workflow automation Azure, on-premises
Tools for remediation Azure, on-premises, Docker Hub, JFrog Artifactory
Microsoft Cloud Security Benchmark Azure
Internet exposure analysis - Azure, Docker Hub, JFrog Artifactory
Regulatory compliance assessments - Azure, Docker Hub, JFrog Artifactory
Custom Recommendations - Azure, Docker Hub, JFrog Artifactory
Agentless code-to-cloud containers vulnerability assessment - Azure, Docker Hub, JFrog Artifactory

Plan pricing

Azure cloud support

For commercial and national cloud coverage, review the features supported in Azure cloud environments.

Next steps