Edit

Share via


Defender for Servers support

This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.

Note

This article references CentOS, a Linux distribution that is end of life (EOL) as of June 30, 2024. See EOL guidance.

Network requirements

Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:

  • For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.

  • For deployments with GCP connectors, open port 443 to these URLs:

    • osconfig.googleapis.com
    • compute.googleapis.com
    • containeranalysis.googleapis.com
    • agentonboarding.defenderforservers.security.azure.com
    • gbl.his.arc.azure.com
  • For deployments with AWS connectors, open port 443 to these URLs:

    • ssm.<region>.amazonaws.com
    • ssmmessages.<region>.amazonaws.com
    • ec2messages.<region>.amazonaws.com
    • gbl.his.arc.azure.com

Azure cloud support

This table summarizes Azure cloud support for Defender for Servers features.

Windows machine support

The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.

Feature *Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session
Yes
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
File Integrity Monitoring Yes
Network map - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening - - Yes
Missing OS patches assessment Azure: Yes

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment Azure: No

Azure Arc-enabled: Yes
Disk encryption assessment
supported scenarios
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No
System updates and patches Yes (Plan 2)

Linux machine support

The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.

Feature Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
(supported versions)
Yes
Virtual machine behavioral analytics (and security alerts)
Supported versions
Yes
Fileless security alerts - - Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
File Integrity Monitoring Yes
Network map - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening Yes
Missing OS patches assessment Azure: Yes

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment - - No
Disk encryption assessment
supported scenarios
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No
System updates and patches Yes (Plan 2)

Multicloud machines

The following table shows feature support for AWS and GCP machines.

Next steps

Start planning your Defender for Servers deployment.