Defender for Servers support
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Note
This article references CentOS, a Linux distribution that is end of life (EOL) as of June 30, 2024. See EOL guidance.
Network requirements
Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:
For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.
For deployments with GCP connectors, open port 443 to these URLs:
osconfig.googleapis.com
compute.googleapis.com
containeranalysis.googleapis.com
agentonboarding.defenderforservers.security.azure.com
gbl.his.arc.azure.com
For deployments with AWS connectors, open port 443 to these URLs:
ssm.<region>.amazonaws.com
ssmmessages.<region>.amazonaws.com
ec2messages.<region>.amazonaws.com
gbl.his.arc.azure.com
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
---|---|---|---|
Microsoft Defender for Endpoint integration | GA | GA | NA |
Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
Machine OS misconfiguration | GA | GA | GA |
VM vulnerability scanning-agentless | GA | NA | NA |
VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | NA | NA |
Just-in-time VM access | GA | GA | GA |
File integrity monitoring | GA | GA | GA |
Docker host hardening | GA | GA | GA |
Agentless secret scanning | GA | NA | NA |
Agentless malware scanning | GA | NA | NA |
Agentless assessment checks for endpoint detection and response solutions | GA | NA | NA |
System updates and patches | GA | GA | GA |
Kubernetes node protection | GA | NA | NA |
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
Feature | *Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
---|---|---|---|
Microsoft Defender for Endpoint integration | ✔ Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session |
✔ | Yes |
Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
Fileless security alerts | ✔ | ✔ | Yes |
Network-based security alerts | ✔ | - | Yes |
Just-in-time VM access | ✔ | - | Yes |
File Integrity Monitoring | ✔ | ✔ | Yes |
Network map | ✔ | - | Yes |
Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
Docker host hardening | - | - | Yes |
Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Disk encryption assessment | ✔ supported scenarios |
- | No |
Third-party vulnerability assessment (BYOL) | ✔ | - | No |
Network security assessment | ✔ | - | No |
System updates and patches | ✔ | ✔ | Yes (Plan 2) |
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
Feature | Azure VMs VM Scale Sets (Flexible orchestration |
Azure Arc-enabled machines | Defender for Servers required |
---|---|---|---|
Microsoft Defender for Endpoint integration | ✔ (supported versions) |
✔ | Yes |
Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions |
✔ | Yes |
Fileless security alerts | - | - | Yes |
Network-based security alerts | ✔ | - | Yes |
Just-in-time VM access | ✔ | - | Yes |
File Integrity Monitoring | ✔ | ✔ | Yes |
Network map | ✔ | - | Yes |
Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
Docker host hardening | ✔ | ✔ | Yes |
Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
Endpoint protection assessment | - | - | No |
Disk encryption assessment | ✔ supported scenarios |
- | No |
Third-party vulnerability assessment (BYOL) | ✔ | - | No |
Network security assessment | ✔ | - | No |
System updates and patches | ✔ | ✔ | Yes (Plan 2) |
Multicloud machines
The following table shows feature support for AWS and GCP machines.
Feature | Availability in AWS | Availability in GCP |
---|---|---|
Microsoft Defender for Endpoint integration | ✔ | ✔ |
Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
Fileless security alerts | ✔ | ✔ |
Network-based security alerts | - | - |
Just-in-time VM access | ✔ | - |
File Integrity Monitoring | ✔ | ✔ |
Network map | - | - |
Regulatory compliance dashboard & reports | ✔ | ✔ |
Docker host hardening | ✔ | ✔ |
Missing OS patches assessment | ✔ | ✔ |
Security misconfigurations assessment | ✔ | ✔ |
Endpoint protection assessment | ✔ | ✔ |
Disk encryption assessment | ✔ for supported scenarios |
✔ for supported scenarios |
Third-party vulnerability assessment | - | - |
Network security assessment | - | - |
Cloud security explorer | ✔ | - |
Agentless secret scanning | ✔ | ✔ |
Agentless malware scanning | ✔ | ✔ |
Endpoint detection and response | ✔ | ✔ |
System updates and patches | ✔ (With Azure Arc) |
✔ (With Azure Arc) |
Next steps
Start planning your Defender for Servers deployment.