Support matrices for Defender for Cloud

This article indicates the Azure clouds, Azure services, and client operating systems that are supported by Microsoft Defender for Cloud.

Security benefits for Azure services

Defender for Cloud provides recommendations, security alerts, and vulnerability assessment for these Azure services:

Service	Recommendations free with Foundational CSPM	Security alerts	Vulnerability assessment
Azure App Service	✔	✔	-
Azure Automation account	✔	-	-
Azure Batch account	✔	-	-
Azure Blob Storage	✔	✔	-
Azure Cache for Redis	✔	-	-
Azure Cloud Services	✔	-	-
Azure Cognitive Search	✔	-	-
Azure Container Registry	✔	✔	Defender for Containers
Azure Cosmos DB*	✔	✔	-
Azure Data Lake Analytics	✔	-	-
Azure Data Lake Storage	✔	✔	-
Azure Database for MySQL*	-	✔	-
Azure Database for PostgreSQL*	-	✔	-
Azure Event Hubs namespace	✔	-	-
Azure Functions app	✔	-	-
Azure Key Vault	✔	✔	-
Azure Kubernetes Service	✔	✔	-
Azure Load Balancer	✔	-	-
Azure Logic Apps	✔	-	-
Azure SQL Database	✔	✔	Defender for Azure SQL
Azure SQL Managed Instance	✔	✔	Defender for Azure SQL
Azure Service Bus namespace	✔	-	-
Azure Service Fabric account	✔	-	-
Azure Storage accounts	✔	✔	-
Azure Stream Analytics	✔	-	-
Azure Subscription	✔ **	✔	-
Azure Virtual Network (incl. subnets, NICs, and network security groups)	✔	-	-

* These features are currently supported in preview.

** Azure Active Directory (Azure AD) recommendations are available only for subscriptions with enhanced security features enabled.

Features supported in different Azure cloud environments

Microsoft Defender for Cloud is available in the following Azure cloud environments:

Feature/Service	Azure	Azure Government	Azure China 21Vianet
Defender for Cloud free features
- Continuous export	GA	GA	GA
- Workflow automation	GA	GA	GA
- Recommendation exemption rules	Public Preview	Not Available	Not Available
- Alert suppression rules	GA	GA	GA
- Email notifications for security alerts	GA	GA	GA
- Deployment of agents and extensions	GA	GA	GA
- Asset inventory	GA	GA	GA
- Azure Monitor Workbooks reports in Microsoft Defender for Cloud's workbooks gallery	GA	GA	GA
- Integration with Microsoft Defender for Cloud Apps	GA	GA	Not Available
Microsoft Defender plans and extensions
- Microsoft Defender for Servers	GA	GA	GA
- Microsoft Defender for App Service	GA	Not Available	Not Available
- Microsoft Defender for DNS	GA	GA	GA
- Microsoft Defender for Kubernetes 1	GA	GA	GA
- Microsoft Defender for Containers 7	GA	GA	GA
- Defender extension for Azure Arc-enabled Kubernetes clusters, servers or data services 2	Public Preview	Not Available	Not Available
- Microsoft Defender for Azure SQL database servers	GA	GA	GA 6
- Microsoft Defender for SQL servers on machines	GA	GA	Not Available
- Microsoft Defender for open-source relational databases	GA	Not Available	Not Available
- Microsoft Defender for Key Vault	GA	Not Available	Not Available
- Microsoft Defender for Resource Manager	GA	GA	GA
- Microsoft Defender for Storage 3	GA	GA	Not Available
- Microsoft Defender for Azure Cosmos DB	Public Preview	Not Available	Not Available
- Kubernetes workload protection	GA	GA	GA
- Bi-directional alert synchronization with Sentinel	Public Preview	Not Available	Not Available
Microsoft Defender for Servers features 4
- Just-in-time VM access	GA	GA	GA
- File Integrity Monitoring	GA	GA	GA
- Adaptive application controls	GA	GA	GA
- Adaptive network hardening	GA	GA	Not Available
- Docker host hardening	GA	GA	GA
- Integrated Qualys vulnerability scanner	GA	Not Available	Not Available
- Regulatory compliance dashboard & reports 5	GA	GA	GA
- Microsoft Defender for Endpoint deployment and integrated license	GA	GA	Not Available
- Connect AWS account	GA	Not Available	Not Available
- Connect GCP project	GA	Not Available	Not Available

¹ Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.

² Requires Microsoft Defender for Kubernetes or Microsoft Defender for Containers.

³ Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.

⁴ These features all require Microsoft Defender for Servers.

⁵ There may be differences in the standards offered per cloud type.

⁶ Partially GA: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.

⁷ Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.

Supported operating systems

Defender for Cloud depends on the Azure Monitor Agent or the Log Analytics agent. Make sure that your machines are running one of the supported operating systems as described on the following pages:

• Azure Monitor Agent
  • Azure Monitor Agent for Windows supported operating systems
  • Azure Monitor Agent for Linux supported operating systems
• Log Analytics agent
  • Log Analytics agent for Windows supported operating systems
  • Log Analytics agent for Linux supported operating systems

Also ensure your Log Analytics agent is properly configured to send data to Defender for Cloud.

To learn more about the specific Defender for Cloud features available on Windows and Linux, see:

• Defender for Servers support for Windows and Linux machines
• Defender for Containers support for Windows and Linux containers

Note

Even though Microsoft Defender for Servers is designed to protect servers, most of its features are supported for Windows 10 machines. One feature that isn't currently supported is Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint.

Next steps

This article explained how Microsoft Defender for Cloud is supported in the Azure, Azure Government, and Azure China 21Vianet clouds. Now that you're familiar with the Defender for Cloud capabilities supported in your cloud, learn how to:

• Manage security recommendations in Defender for Cloud
• Manage and respond to security alerts in Defender for Cloud