Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Note
This article references CentOS, a Linux distribution that is end of life (EOL) as of June 30, 2024. See EOL guidance.
Network requirements
Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:
For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.
For deployments with GCP connectors, open port 443 to these URLs:
osconfig.googleapis.comcompute.googleapis.comcontaineranalysis.googleapis.comagentonboarding.defenderforservers.security.azure.comgbl.his.arc.azure.com
For deployments with AWS connectors, open port 443 to these URLs:
ssm.<region>.amazonaws.comssmmessages.<region>.amazonaws.comec2messages.<region>.amazonaws.comgbl.his.arc.azure.com
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
| Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | GA | GA | NA |
| Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
| Machine OS misconfiguration | GA | GA | GA |
| VM vulnerability scanning-agentless | GA | NA | NA |
| VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | NA | NA |
| Just-in-time VM access | GA | GA | GA |
| File integrity monitoring | GA | GA | GA |
| Docker host hardening | GA | GA | GA |
| Agentless secret scanning | GA | NA | NA |
| Agentless malware scanning | GA | NA | NA |
| Agentless assessment checks for endpoint detection and response solutions | GA | NA | NA |
| System updates and patches | GA | GA | GA |
| Kubernetes node protection | GA | NA | NA |
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs VM Scale Sets (Flexible orchestration)1 |
Azure Arc-enabled servers (including Azure VMware solution) | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ Available on: Windows Server 2025, 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
| Fileless security alerts | ✔ | ✔ | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | - | - | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Disk encryption assessment | ✔ supported scenarios |
- | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1 Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, DNS alerts, and control plane alerts.
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs VM Scale Sets (Flexible orchestration)1 |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ (supported versions) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions |
✔ | Yes |
| Fileless security alerts | - | - | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | ✔ | ✔ | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | - | - | No |
| Disk encryption assessment | ✔ supported scenarios |
- | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1 Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, DNS alerts, and control plane alerts.
Multicloud machines
The following table shows feature support for AWS and GCP machines.
| Feature | Availability in AWS | Availability in GCP |
|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
| Fileless security alerts | ✔ | ✔ |
| Network-based security alerts | - | - |
| Just-in-time VM access | ✔ | - |
| File Integrity Monitoring | ✔ | ✔ |
| Network map | - | - |
| Regulatory compliance dashboard & reports | ✔ | ✔ |
| Docker host hardening | ✔ | ✔ |
| Missing OS patches assessment | ✔ | ✔ |
| Security misconfigurations assessment | ✔ | ✔ |
| Endpoint protection assessment | ✔ | ✔ |
| Disk encryption assessment | ✔ for supported scenarios |
✔ for supported scenarios |
| Third-party vulnerability assessment | - | - |
| Network security assessment | - | - |
| Cloud security explorer | ✔ | - |
| Agentless secret scanning | ✔ | ✔ |
| Agentless malware scanning | ✔ | ✔ |
| Endpoint detection and response | ✔ | ✔ |
| System updates and patches | ✔ (With Azure Arc) |
✔ (With Azure Arc) |
Next steps
Start planning your Defender for Servers deployment.