Feature coverage for machines
The tabs below show the features of Microsoft Defender for Cloud that are available for Windows and Linux machines.
Supported features for virtual machines and servers
Feature | Azure Virtual Machines and Virtual Machine Scale Sets with Flexible orchestration | Azure Arc-enabled machines | Defender for Servers required |
---|---|---|---|
Microsoft Defender for Endpoint integration | ✔(on supported versions) | ✔ | Yes |
Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
Fileless security alerts | ✔ | ✔ | Yes |
Network-based security alerts | ✔ | - | Yes |
Just-in-time VM access | ✔ | - | Yes |
Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
File Integrity Monitoring | ✔ | ✔ | Yes |
Adaptive application controls | ✔ | ✔ | Yes |
Network map | ✔ | - | Yes |
Adaptive network hardening | ✔ | - | Yes |
Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
Docker host hardening | - | - | Yes |
Missing OS patches assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Disk encryption assessment | ✔(for supported scenarios) | - | No |
Third-party vulnerability assessment | ✔ | ✔ | No |
Network security assessment | ✔ | - | No |
Tip
To experiment with features that are only available with enhanced security features enabled, you can enroll in a 30-day trial. For more information, see the pricing page.
Supported endpoint protection solutions
The following table provides a matrix of supported endpoint protection solutions and whether you can use Microsoft Defender for Cloud to install each solution for you.
For information about when recommendations are generated for each of these solutions, see Endpoint Protection Assessment and Recommendations.
Solution | Supported platforms | Defender for Cloud installation |
---|---|---|
Microsoft Defender Antivirus | Windows Server 2016 or later | No (built into OS) |
System Center Endpoint Protection (Microsoft Antimalware) | Windows Server 2012 R2 | Via extension |
Trend Micro – Deep Security | Windows Server (all) | No |
Symantec v12.1.1100+ | Windows Server (all) | No |
McAfee v10+ | Windows Server (all) | No |
McAfee v10+ | Linux (GA) | No |
Microsoft Defender for Endpoint for Linux1 | Linux (GA) | Via extension |
Microsoft Defender for Endpoint Unified Solution2 | Windows Server 2012 R2 and Windows 2016 | Via extension |
Sophos V9+ | Linux (GA) | No |
1 It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.
2 With the MDE unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.
Feature support in government and national clouds
1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.
2 Vulnerability scans of container registries on the Azure Government cloud can only be performed with the scan on push feature.
3 Requires Microsoft Defender for container registries.
4 Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.
5 Requires Microsoft Defender for Kubernetes or Microsoft Defender for Containers.
6 Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.
7 These features all require Microsoft Defender for Servers.
8 There may be differences in the standards offered per cloud type.
9 Partially GA: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.
10 Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.
Next steps
Feedback
Submit and view feedback for