Feature coverage for machines

The tabs below show the features of Microsoft Defender for Cloud that are available for Windows and Linux machines.

Supported features for virtual machines and servers

Windows machines

Feature	Azure Virtual Machines and Virtual Machine Scale Sets with Flexible orchestration	Azure Arc-enabled machines	Defender for Servers required
Microsoft Defender for Endpoint integration	✔ (on supported versions)	✔	Yes
Virtual machine behavioral analytics (and security alerts)	✔	✔	Yes
Fileless security alerts	✔	✔	Yes
Network-based security alerts	✔	-	Yes
Just-in-time VM access	✔	-	Yes
Integrated Qualys vulnerability scanner	✔	✔	Yes
File Integrity Monitoring	✔	✔	Yes
Adaptive application controls	✔	✔	Yes
Network map	✔	-	Yes
Adaptive network hardening	✔	-	Yes
Regulatory compliance dashboard & reports	✔	✔	Yes
Docker host hardening	-	-	Yes
Missing OS patches assessment	✔	✔	Azure: No Azure Arc-enabled: Yes
Security misconfigurations assessment	✔	✔	Azure: No Azure Arc-enabled: Yes
Endpoint protection assessment	✔	✔	Azure: No Azure Arc-enabled: Yes
Disk encryption assessment	✔ (for supported scenarios)	-	No
Third-party vulnerability assessment	✔	✔	No
Network security assessment	✔	-	No

Linux machines

Feature	Azure Virtual Machines and Virtual Machine Scale Sets with Flexible orchestration	Azure Arc-enabled machines	Defender for Servers required
Microsoft Defender for Endpoint integration	✔	✔	Yes
Virtual machine behavioral analytics (and security alerts)	✔ (on supported versions)	✔	Yes
Fileless security alerts	-	-	Yes
Network-based security alerts	✔	-	Yes
Just-in-time VM access	✔	-	Yes
Integrated Qualys vulnerability scanner	✔	✔	Yes
File Integrity Monitoring	✔	✔	Yes
Adaptive application controls	✔	✔	Yes
Network map	✔	-	Yes
Adaptive network hardening	✔	-	Yes
Regulatory compliance dashboard & reports	✔	✔	Yes
Docker host hardening	✔	✔	Yes
Missing OS patches assessment	✔	✔	Azure: No Azure Arc-enabled: Yes
Security misconfigurations assessment	✔	✔	Azure: No Azure Arc-enabled: Yes
Endpoint protection assessment	-	-	No
Disk encryption assessment	✔ (for supported scenarios)	-	No
Third-party vulnerability assessment	✔	✔	No
Network security assessment	✔	-	No

Multicloud machines

Feature	Availability in AWS	Availability in GCP
Microsoft Defender for Endpoint integration	✔	✔
Virtual machine behavioral analytics (and security alerts)	✔	✔
Fileless security alerts	✔	✔
Network-based security alerts	-	-
Just-in-time VM access	✔	-
Integrated Qualys vulnerability scanner	✔	✔
File Integrity Monitoring	✔	✔
Adaptive application controls	✔	✔
Network map	-	-
Adaptive network hardening	-	-
Regulatory compliance dashboard & reports	✔	✔
Docker host hardening	✔	✔
Missing OS patches assessment	✔	✔
Security misconfigurations assessment	✔	✔
Endpoint protection assessment	✔	✔
Disk encryption assessment	✔ (for supported scenarios)	✔ (for supported scenarios)
Third-party vulnerability assessment	-	-
Network security assessment	-	-

Tip

To experiment with features that are only available with enhanced security features enabled, you can enroll in a 30-day trial. For more information, see the pricing page.

Supported endpoint protection solutions

The following table provides a matrix of supported endpoint protection solutions and whether you can use Microsoft Defender for Cloud to install each solution for you.

For information about when recommendations are generated for each of these solutions, see Endpoint Protection Assessment and Recommendations.

Solution	Supported platforms	Defender for Cloud installation
Microsoft Defender Antivirus	Windows Server 2016 or later	No (built into OS)
System Center Endpoint Protection (Microsoft Antimalware)	Windows Server 2012 R2	Via extension
Trend Micro – Deep Security	Windows Server (all)	No
Symantec v12.1.1100+	Windows Server (all)	No
McAfee v10+	Windows Server (all)	No
McAfee v10+	Linux (GA)	No
Microsoft Defender for Endpoint for Linux1	Linux (GA)	Via extension
Microsoft Defender for Endpoint Unified Solution2	Windows Server 2012 R2 and Windows 2016	Via extension
Sophos V9+	Linux (GA)	No

¹ It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.

² With the MDE unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.

Feature support in government and national clouds

Feature/Service	Azure	Azure Government	Azure China 21Vianet
Defender for Cloud free features
- Continuous export	GA	GA	GA
- Workflow automation	GA	GA	GA
- Recommendation exemption rules	Public Preview	Not Available	Not Available
- Alert suppression rules	GA	GA	GA
- Email notifications for security alerts	GA	GA	GA
- Deployment of agents and extensions	GA	GA	GA
- Asset inventory	GA	GA	GA
- Azure Monitor Workbooks reports in Microsoft Defender for Cloud's workbooks gallery	GA	GA	GA
- Integration with Microsoft Defender for Cloud Apps	GA	GA	Not Available
Microsoft Defender plans and extensions
- Microsoft Defender for Servers	GA	GA	GA
- Microsoft Defender for App Service	GA	Not Available	Not Available
- Microsoft Defender for DNS	GA	GA	GA
- Microsoft Defender for container registries 1	GA	GA 2	GA 2
- Microsoft Defender for Kubernetes 4	GA	GA	GA
- Microsoft Defender for Containers 10	GA	GA	GA
- Defender extension for Azure Arc-enabled Kubernetes clusters, servers or data services 5	Public Preview	Not Available	Not Available
- Microsoft Defender for Azure SQL database servers	GA	GA	GA 9
- Microsoft Defender for SQL servers on machines	GA	GA	Not Available
- Microsoft Defender for open-source relational databases	GA	Not Available	Not Available
- Microsoft Defender for Key Vault	GA	Not Available	Not Available
- Microsoft Defender for Resource Manager	GA	GA	GA
- Microsoft Defender for Storage 6	GA	GA	Not Available
- Microsoft Defender for Azure Cosmos DB	Public Preview	Not Available	Not Available
- Kubernetes workload protection	GA	GA	GA
- Bi-directional alert synchronization with Sentinel	Public Preview	Not Available	Not Available
Microsoft Defender for Servers features 7
- Just-in-time VM access	GA	GA	GA
- File Integrity Monitoring	GA	GA	GA
- Adaptive application controls	GA	GA	GA
- Adaptive network hardening	GA	GA	Not Available
- Docker host hardening	GA	GA	GA
- Integrated Qualys vulnerability scanner	GA	Not Available	Not Available
- Regulatory compliance dashboard & reports 8	GA	GA	GA
- Microsoft Defender for Endpoint deployment and integrated license	GA	GA	Not Available
- Connect AWS account	GA	Not Available	Not Available
- Connect GCP project	GA	Not Available	Not Available

¹ Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

² Vulnerability scans of container registries on the Azure Government cloud can only be performed with the scan on push feature.

³ Requires Microsoft Defender for container registries.

⁴ Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.

⁵ Requires Microsoft Defender for Kubernetes or Microsoft Defender for Containers.

⁶ Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.

⁷ These features all require Microsoft Defender for Servers.

⁸ There may be differences in the standards offered per cloud type.

⁹ Partially GA: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.

¹⁰ Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.

Next steps

• Learn how Defender for Cloud collects data using the Log Analytics Agent.
• Learn how Defender for Cloud manages and safeguards data.
• Review the platforms that support Defender for Cloud.