Defender for Servers support
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Network requirements
Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:
For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.
For deployments with GCP connectors, open port 443 to these URLs:
osconfig.googleapis.comcompute.googleapis.comcontaineranalysis.googleapis.comagentonboarding.defenderforservers.security.azure.comgbl.his.arc.azure.com
For deployments with AWS connectors, open port 443 to these URLs:
ssm.<region>.amazonaws.comssmmessages.<region>.amazonaws.comec2messages.<region>.amazonaws.comgbl.his.arc.azure.com
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
| Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | GA | GA | NA |
| Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
| Microsoft Cloud Security Benchmark recommendations for OS hardening | GA | GA | GA |
| VM vulnerability scanning-agentless | GA | NA | NA |
| VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | NA | NA |
| VM vulnerability scanning - Qualys | GA | NA | NA |
| Just-in-time VM access | GA | GA | GA |
| File integrity monitoring | GA | GA | GA |
| Adaptive application controls | GA | GA | GA |
| Adaptive network hardening | GA | NA | NA |
| Docker host hardening | GA | GA | GA |
| Agentless secret scanning | GA | NA | NA |
| Agentless malware scanning | Preview | NA | NA |
| Endpoint detection and response | Preview | NA | NA |
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
| Feature | *Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session (formerly Enterprise for Virtual Desktops) Not available on: Azure VMs running Windows 10 or Windows 11 (except if running Windows 10/11 Enterprise multi-session) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
| Fileless security alerts | ✔ | ✔ | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Adaptive application controls | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Adaptive network hardening | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | - | - | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Disk encryption assessment | ✔(supported scenarios) | - | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ (supported versions) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions | ✔ | Yes |
| Fileless security alerts | - | - | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Adaptive application controls | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Adaptive network hardening | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | ✔ | ✔ | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | - | - | No |
| Disk encryption assessment | ✔ supported scenarios) | - | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
Multicloud machines
The following table shows feature support for AWS and GCP machines.
| Feature | Availability in AWS | Availability in GCP |
|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
| Fileless security alerts | ✔ | ✔ |
| Network-based security alerts | - | - |
| Just-in-time VM access | ✔ | - |
| Integrated Qualys vulnerability scanner | ✔ | ✔ |
| File Integrity Monitoring | ✔ | ✔ |
| Adaptive application controls | ✔ | ✔ |
| Network map | - | - |
| Adaptive network hardening | - | - |
| Regulatory compliance dashboard & reports | ✔ | ✔ |
| Docker host hardening | ✔ | ✔ |
| Missing OS patches assessment | ✔ | ✔ |
| Security misconfigurations assessment | ✔ | ✔ |
| Endpoint protection assessment | ✔ | ✔ |
| Disk encryption assessment | ✔(for supported scenarios) | ✔(for supported scenarios) |
| Third-party vulnerability assessment | - | - |
| Network security assessment | - | - |
| Cloud security explorer | ✔ | - |
| Agentless secret scanning | ✔ | ✔ |
| Agentless malware scanning | ✔ | ✔ |
| Endpoint detection and response | ✔ | ✔ |
Endpoint protection support
The following table provides a matrix of supported endpoint protection solutions. The table indicates whether you can use Defender for Cloud to install each solution for you.
| Solution | Supported platforms | Defender for Cloud installation |
|---|---|---|
| Microsoft Defender Antivirus | Windows Server 2016 or later | No (built into OS) |
| System Center Endpoint Protection (Microsoft Antimalware) | Windows Server 2012 R2 | Via extension |
| Trend Micro – Deep Security | Windows Server (all) | No |
| Symantec v12.1.1100+ | Windows Server (all) | No |
| McAfee v10+ | Windows Server (all) | No |
| McAfee v10+ | Linux (GA) | No |
| Microsoft Defender for Endpoint for Linux1 | Linux (GA) | Via extension |
| Microsoft Defender for Endpoint Unified Solution2 | Windows Server 2012 R2 and Windows 2016 | Via extension |
| Sophos V9+ | Linux (GA) | No |
1 It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.
2 With the Defender for Endpoint unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.
Next steps
Start planning your Defender for Servers deployment.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for