Defender for Servers support
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Network requirements
Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:
For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.
For deployments with GCP connectors, open port 443 to these URLs:
osconfig.googleapis.comcompute.googleapis.comcontaineranalysis.googleapis.comagentonboarding.defenderforservers.security.azure.comgbl.his.arc.azure.com
For deployments with AWS connectors, open port 443 to these URLs:
ssm.<region>.amazonaws.comssmmessages.<region>.amazonaws.comec2messages.<region>.amazonaws.comgbl.his.arc.azure.com
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
| Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | GA | GA | NA |
| Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
| Microsoft Cloud Security Benchmark recommendations for OS hardening | GA | GA | GA |
| VM vulnerability scanning-agentless | GA | NA | NA |
| VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | NA | NA |
| VM vulnerability scanning - Qualys | GA | NA | NA |
| Just-in-time VM access | GA | GA | GA |
| File integrity monitoring | GA | GA | GA |
| Docker host hardening | GA | GA | GA |
| Agentless secret scanning | GA | NA | NA |
| Agentless malware scanning | GA | NA | NA |
| Agentless assessment checks for endpoint detection and response solutions | GA | NA | NA |
| System updates and patches | GA | GA | GA |
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
| Feature | *Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session (formerly Enterprise for Virtual Desktops) Not available on: Azure VMs running Windows 10 or Windows 11 (except if running Windows 10/11 Enterprise multi-session) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
| Fileless security alerts | ✔ | ✔ | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | - | - | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Disk encryption assessment | ✔ (supported scenarios) |
- | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ (supported versions) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions |
✔ | Yes |
| Fileless security alerts | - | - | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| Integrated Qualys vulnerability scanner | ✔ | ✔ | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | ✔ | ✔ | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | - | - | No |
| Disk encryption assessment | ✔ supported scenarios) |
- | No |
| Third-party vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
Multicloud machines
The following table shows feature support for AWS and GCP machines.
| Feature | Availability in AWS | Availability in GCP |
|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
| Fileless security alerts | ✔ | ✔ |
| Network-based security alerts | - | - |
| Just-in-time VM access | ✔ | - |
| Integrated Qualys vulnerability scanner | ✔ | ✔ |
| File Integrity Monitoring | ✔ | ✔ |
| Network map | - | - |
| Regulatory compliance dashboard & reports | ✔ | ✔ |
| Docker host hardening | ✔ | ✔ |
| Missing OS patches assessment | ✔ | ✔ |
| Security misconfigurations assessment | ✔ | ✔ |
| Endpoint protection assessment | ✔ | ✔ |
| Disk encryption assessment | ✔ (for supported scenarios) |
✔ (for supported scenarios) |
| Third-party vulnerability assessment | - | - |
| Network security assessment | - | - |
| Cloud security explorer | ✔ | - |
| Agentless secret scanning | ✔ | ✔ |
| Agentless malware scanning | ✔ | ✔ |
| Endpoint detection and response | ✔ | ✔ |
| System updates and patches | ✔ (With Azure Arc) |
✔ (With Azure Arc) |
Next steps
Start planning your Defender for Servers deployment.