Defender for Servers support

This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.

Network requirements

Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:

  • For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.

  • For deployments with GCP connectors, open port 443 to these URLs:

    • osconfig.googleapis.com
    • compute.googleapis.com
    • containeranalysis.googleapis.com
    • agentonboarding.defenderforservers.security.azure.com
    • gbl.his.arc.azure.com
  • For deployments with AWS connectors, open port 443 to these URLs:

    • ssm.<region>.amazonaws.com
    • ssmmessages.<region>.amazonaws.com
    • ec2messages.<region>.amazonaws.com
    • gbl.his.arc.azure.com

Azure cloud support

This table summarizes Azure cloud support for Defender for Servers features.

Feature/Plan Azure Azure Government Microsoft Azure operated by 21Vianet
21Vianet
Microsoft Defender for Endpoint integration GA GA NA
Compliance standards
Compliance standards might differ depending on the cloud type.
GA GA GA
Microsoft Cloud Security Benchmark recommendations for OS hardening GA GA GA
VM vulnerability scanning-agentless GA NA NA
VM vulnerability scanning - Microsoft Defender for Endpoint sensor GA NA NA
VM vulnerability scanning - Qualys GA NA NA
Just-in-time VM access GA GA GA
File integrity monitoring GA GA GA
Adaptive application controls GA GA GA
Adaptive network hardening GA NA NA
Docker host hardening GA GA GA
Agentless secret scanning GA NA NA
Agentless malware scanning Preview NA NA
Endpoint detection and response Preview NA NA

Windows machine support

The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.

Feature *Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session (formerly Enterprise for Virtual Desktops)
Not available on: Azure VMs running Windows 10 or Windows 11 (except if running Windows 10/11 Enterprise multi-session)
Yes
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
Integrated Qualys vulnerability scanner Yes
File Integrity Monitoring Yes
Adaptive application controls Yes
Network map - Yes
Adaptive network hardening - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening - - Yes
Missing OS patches assessment Azure: No

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment Azure: No

Azure Arc-enabled: Yes
Disk encryption assessment
(supported scenarios)
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No

Linux machine support

The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.

Feature Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
(supported versions)
Yes
Virtual machine behavioral analytics (and security alerts)
(on supported versions)
Yes
Fileless security alerts - - Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
Integrated Qualys vulnerability scanner Yes
File Integrity Monitoring Yes
Adaptive application controls Yes
Network map - Yes
Adaptive network hardening - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening Yes
Missing OS patches assessment Azure: No

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment - - No
Disk encryption assessment
(for supported scenarios)
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No

Multicloud machines

The following table shows feature support for AWS and GCP machines.

Feature Availability in AWS Availability in GCP
Microsoft Defender for Endpoint integration
Virtual machine behavioral analytics (and security alerts)
Fileless security alerts
Network-based security alerts - -
Just-in-time VM access -
Integrated Qualys vulnerability scanner
File Integrity Monitoring
Adaptive application controls
Network map - -
Adaptive network hardening - -
Regulatory compliance dashboard & reports
Docker host hardening
Missing OS patches assessment
Security misconfigurations assessment
Endpoint protection assessment
Disk encryption assessment
(for supported scenarios)

(for supported scenarios)
Third-party vulnerability assessment - -
Network security assessment - -
Cloud security explorer -
Agentless secret scanning
Agentless malware scanning
Endpoint detection and response

Endpoint protection support

The following table provides a matrix of supported endpoint protection solutions. The table indicates whether you can use Defender for Cloud to install each solution for you.

Solution Supported platforms Defender for Cloud installation
Microsoft Defender Antivirus Windows Server 2016 or later No (built into OS)
System Center Endpoint Protection (Microsoft Antimalware) Windows Server 2012 R2 Via extension
Trend Micro – Deep Security Windows Server (all) No
Symantec v12.1.1100+ Windows Server (all) No
McAfee v10+ Windows Server (all) No
McAfee v10+ Linux (GA) No
Microsoft Defender for Endpoint for Linux1 Linux (GA) Via extension
Microsoft Defender for Endpoint Unified Solution2 Windows Server 2012 R2 and Windows 2016 Via extension
Sophos V9+ Linux (GA) No

1 It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.

2 With the Defender for Endpoint unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.

Next steps

Start planning your Defender for Servers deployment.