Support matrices for Defender for Servers
This article provides information about the environments where you can protect servers and virtual machines with Defender for Servers and the endpoint protections that you can use to protect them.
Supported features for virtual machines and servers
The following tables show the features that are supported for virtual machines and servers in Azure, Azure Arc, and other clouds.
Windows machines
| Feature | Azure Virtual Machines and Virtual Machine Scale Sets with Flexible orchestration | Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔(on supported versions) | ✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
| Fileless security alerts | ✔ | ✔ | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Adaptive application controls | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Adaptive network hardening | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | - | - | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Disk encryption assessment | ✔(for supported scenarios) | - | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
Linux machines
| Feature | Azure Virtual Machines and Virtual Machine Scale Sets with Flexible orchestration | Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔(on supported versions) | ✔ | Yes |
| Fileless security alerts | - | - | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Adaptive application controls | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Adaptive network hardening | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | ✔ | ✔ | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | - | - | No |
| Disk encryption assessment | ✔(for supported scenarios) | - | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
Multicloud machines
| Feature | Availability in AWS | Availability in GCP |
|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
| Fileless security alerts | ✔ | ✔ |
| Network-based security alerts | - | - |
| Just-in-time VM access | ✔ | - |
| Integrated Qualys vulnerability scanner | ✔ | ✔ |
| File Integrity Monitoring | ✔ | ✔ |
| Adaptive application controls | ✔ | ✔ |
| Network map | - | - |
| Adaptive network hardening | - | - |
| Regulatory compliance dashboard & reports | ✔ | ✔ |
| Docker host hardening | ✔ | ✔ |
| Missing OS patches assessment | ✔ | ✔ |
| Security misconfigurations assessment | ✔ | ✔ |
| Endpoint protection assessment | ✔ | ✔ |
| Disk encryption assessment | ✔(for supported scenarios) | ✔(for supported scenarios) |
| Third-party vulnerability assessment | - | - |
| Network security assessment | - | - |
| Cloud security explorer | ✔ | - |
Tip
To experiment with features that are only available with enhanced security features enabled, you can enroll in a 30-day trial. For more information, see the pricing page.
Supported endpoint protection solutions
The following table provides a matrix of supported endpoint protection solutions and whether you can use Microsoft Defender for Cloud to install each solution for you.
For information about when recommendations are generated for each of these solutions, see Endpoint Protection Assessment and Recommendations.
| Solution | Supported platforms | Defender for Cloud installation |
|---|---|---|
| Microsoft Defender Antivirus | Windows Server 2016 or later | No (built into OS) |
| System Center Endpoint Protection (Microsoft Antimalware) | Windows Server 2012 R2 | Via extension |
| Trend Micro – Deep Security | Windows Server (all) | No |
| Symantec v12.1.1100+ | Windows Server (all) | No |
| McAfee v10+ | Windows Server (all) | No |
| McAfee v10+ | Linux (GA) | No |
| Microsoft Defender for Endpoint for Linux1 | Linux (GA) | Via extension |
| Microsoft Defender for Endpoint Unified Solution2 | Windows Server 2012 R2 and Windows 2016 | Via extension |
| Sophos V9+ | Linux (GA) | No |
1 It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.
2 With the MDE unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.
Next steps
Feedback
Submit and view feedback for