Defender for Servers support
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Note
This article references CentOS, a Linux distribution that is end of life (EOL) as of June 30, 2024. See EOL guidance.
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
---|---|---|---|
Microsoft Defender for Endpoint integration | GA | GA | NA |
Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
Machine OS misconfiguration | GA | GA | GA |
VM vulnerability scanning-agentless | GA | NA | NA |
VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | NA | NA |
Just-in-time VM access | GA | GA | GA |
File integrity monitoring | GA | GA | GA |
Docker host hardening | GA | GA | GA |
Agentless secret scanning | GA | NA | NA |
Agentless malware scanning | GA | NA | NA |
Agentless assessment checks for endpoint detection and response solutions | GA | NA | NA |
System updates and patches | GA | GA | GA |
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
Feature | Azure VMs VM Scale Sets (Flexible orchestration1 |
Azure Arc-enabled servers | Defender for Servers required |
---|---|---|---|
Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
Fileless security alerts | ✔ | ✔ | Yes |
Just-in-time VM access | ✔ | - | Yes |
File Integrity Monitoring | ✔ | ✔ | Yes |
Network map | ✔ | - | Yes |
Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
Docker host hardening | - | - | Yes |
Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Disk encryption assessment | ✔ supported scenarios |
- | No |
Third-party vulnerability assessment (BYOL) | ✔ | - | No |
Network security assessment | ✔ | - | No |
System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1 Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, DNS alerts, and control plane alerts.
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
Feature | Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
---|---|---|---|
Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions |
✔ | Yes |
Fileless security alerts | - | - | Yes |
Just-in-time VM access | ✔ | - | Yes |
File Integrity Monitoring | ✔ | ✔ | Yes |
Network map | ✔ | - | Yes |
Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
Docker host hardening | ✔ | ✔ | Yes |
Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Endpoint protection assessment | - | - | No |
Disk encryption assessment | ✔ supported scenarios |
- | No |
Third-party vulnerability assessment (BYOL) | ✔ | - | No |
Network security assessment | ✔ | - | No |
System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1 Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, DNS alerts, and control plane alerts.
Next steps
Start planning your Defender for Servers deployment.