Feature coverage for machines

The tabs below show the features of Microsoft Defender for Cloud that are available for Windows and Linux machines.

Supported features for virtual machines and servers

Feature Azure Virtual Machines Azure Virtual Machine Scale Sets Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
(on supported versions)

(on supported versions)
Yes
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - - Yes
Integrated Qualys vulnerability scanner - Yes
File Integrity Monitoring Yes
Adaptive application controls - Yes
Network map - Yes
Adaptive network hardening - - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening - - - Yes
Missing OS patches assessment Azure: No

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment Azure: No

Azure Arc-enabled: Yes
Disk encryption assessment
(for supported scenarios)
- No
Third-party vulnerability assessment - No
Network security assessment - No

Tip

To experiment with features that are only available with enhanced security features enabled, you can enroll in a 30-day trial. For more information, see the pricing page.

Supported endpoint protection solutions

The following table provides a matrix of supported endpoint protection solutions and whether you can use Microsoft Defender for Cloud to install each solution for you.

For information about when recommendations are generated for each of these solutions, see Endpoint Protection Assessment and Recommendations.

Solution Supported platforms Defender for Cloud installation
Microsoft Defender Antivirus Windows Server 2016 or later No (built into OS)
System Center Endpoint Protection (Microsoft Antimalware) Windows Server 2012 R2 Via extension
Trend Micro – Deep Security Windows Server (all) No
Symantec v12.1.1100+ Windows Server (all) No
McAfee v10+ Windows Server (all) No
McAfee v10+ Linux (GA) No
Microsoft Defender for Endpoint for Linux1 Linux (GA) Via extension
Microsoft Defender for Endpoint Unified Solution2 Windows Server 2012 R2 and Windows 2016 Via extension
Sophos V9+ Linux (GA) No

1 It's not enough to have Microsoft Defender for Endpoint on the Linux machine: the machine will only appear as healthy if the always-on scanning feature (also known as real-time protection (RTP)) is active. By default, the RTP feature is disabled to avoid clashes with other AV software.

2 With the MDE unified solution on Server 2012 R2, it automatically installs Microsoft Defender Antivirus in Active mode. For Windows Server 2016, Microsoft Defender Antivirus is built into the OS.

Feature support in government and national clouds

Feature/Service Azure Azure Government Azure China 21Vianet
Defender for Cloud free features
- Continuous export GA GA GA
- Workflow automation GA GA GA
- Recommendation exemption rules Public Preview Not Available Not Available
- Alert suppression rules GA GA GA
- Email notifications for security alerts GA GA GA
- Deployment of agents and extensions GA GA GA
- Asset inventory GA GA GA
- Azure Monitor Workbooks reports in Microsoft Defender for Cloud's workbooks gallery GA GA GA
- Integration with Microsoft Defender for Cloud Apps GA GA Not Available
Microsoft Defender plans and extensions
- Microsoft Defender for Servers GA GA GA
- Microsoft Defender for App Service GA Not Available Not Available
- Microsoft Defender for DNS GA GA GA
- Microsoft Defender for container registries 1 GA GA 2 GA 2
- Microsoft Defender for Kubernetes 4 GA GA GA
- Microsoft Defender for Containers 10 GA GA GA
- Defender extension for Azure Arc-enabled Kubernetes clusters, servers or data services 5 Public Preview Not Available Not Available
- Microsoft Defender for Azure SQL database servers GA GA GA 9
- Microsoft Defender for SQL servers on machines GA GA Not Available
- Microsoft Defender for open-source relational databases GA Not Available Not Available
- Microsoft Defender for Key Vault GA Not Available Not Available
- Microsoft Defender for Resource Manager GA GA GA
- Microsoft Defender for Storage 6 GA GA Not Available
- Microsoft Defender for Azure Cosmos DB Public Preview Not Available Not Available
- Kubernetes workload protection GA GA GA
- Bi-directional alert synchronization with Sentinel Public Preview Not Available Not Available
Microsoft Defender for Servers features 7
- Just-in-time VM access GA GA GA
- File Integrity Monitoring GA GA GA
- Adaptive application controls GA GA GA
- Adaptive network hardening GA GA Not Available
- Docker host hardening GA GA GA
- Integrated Qualys vulnerability scanner GA Not Available Not Available
- Regulatory compliance dashboard & reports 8 GA GA GA
- Microsoft Defender for Endpoint deployment and integrated license GA GA Not Available
- Connect AWS account GA Not Available Not Available
- Connect GCP project GA Not Available Not Available

1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

2 Vulnerability scans of container registries on the Azure Government cloud can only be performed with the scan on push feature.

3 Requires Microsoft Defender for container registries.

4 Partially GA: Support for Azure Arc-enabled clusters is in public preview and not available on Azure Government.

5 Requires Microsoft Defender for Kubernetes or Microsoft Defender for Containers.

6 Partially GA: Some of the threat protection alerts from Microsoft Defender for Storage are in public preview.

7 These features all require Microsoft Defender for Servers.

8 There may be differences in the standards offered per cloud type.

9 Partially GA: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.

10 Partially GA: Support for Arc-enabled Kubernetes clusters (and therefore AWS EKS too) is in public preview and not available on Azure Government. Run-time visibility of vulnerabilities in container images is also a preview feature.

Next steps