Defender for Servers support

This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.

Note

This article references CentOS, a Linux distribution that is end of life (EOL) as of June 30, 2024. See EOL guidance.

Network requirements

Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:

  • For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.

  • For deployments with GCP connectors, open port 443 to these URLs:

    • osconfig.googleapis.com
    • compute.googleapis.com
    • containeranalysis.googleapis.com
    • agentonboarding.defenderforservers.security.azure.com
    • gbl.his.arc.azure.com
  • For deployments with AWS connectors, open port 443 to these URLs:

    • ssm.<region>.amazonaws.com
    • ssmmessages.<region>.amazonaws.com
    • ec2messages.<region>.amazonaws.com
    • gbl.his.arc.azure.com

Azure cloud support

This table summarizes Azure cloud support for Defender for Servers features.

Feature/Plan Azure Azure Government Microsoft Azure operated by 21Vianet
21Vianet
Microsoft Defender for Endpoint integration GA GA NA
Compliance standards
Compliance standards might differ depending on the cloud type.
GA GA GA
Machine OS misconfiguration GA GA GA
VM vulnerability scanning-agentless GA NA NA
VM vulnerability scanning - Microsoft Defender for Endpoint sensor GA NA NA
Just-in-time VM access GA GA GA
File integrity monitoring GA GA GA
Docker host hardening GA GA GA
Agentless secret scanning GA NA NA
Agentless malware scanning GA NA NA
Agentless assessment checks for endpoint detection and response solutions GA NA NA
System updates and patches GA GA GA
Kubernetes node protection GA NA NA

Windows machine support

The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.

Feature *Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
Available on: Windows Server 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session
Yes
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
File Integrity Monitoring Yes
Network map - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening - - Yes
Missing OS patches assessment Azure: Yes

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment Azure: No

Azure Arc-enabled: Yes
Disk encryption assessment
supported scenarios
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No
System updates and patches Yes (Plan 2)

Linux machine support

The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.

Feature Azure VMs
VM Scale Sets (Flexible orchestration
Azure Arc-enabled machines Defender for Servers required
Microsoft Defender for Endpoint integration
(supported versions)
Yes
Virtual machine behavioral analytics (and security alerts)
Supported versions
Yes
Fileless security alerts - - Yes
Network-based security alerts - Yes
Just-in-time VM access - Yes
File Integrity Monitoring Yes
Network map - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening Yes
Missing OS patches assessment Azure: Yes

Azure Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Azure Arc-enabled: Yes
Endpoint protection assessment - - No
Disk encryption assessment
supported scenarios
- No
Third-party vulnerability assessment (BYOL) - No
Network security assessment - No
System updates and patches Yes (Plan 2)

Multicloud machines

The following table shows feature support for AWS and GCP machines.

Feature Availability in AWS Availability in GCP
Microsoft Defender for Endpoint integration
Virtual machine behavioral analytics (and security alerts)
Fileless security alerts
Network-based security alerts - -
Just-in-time VM access -
File Integrity Monitoring
Network map - -
Regulatory compliance dashboard & reports
Docker host hardening
Missing OS patches assessment
Security misconfigurations assessment
Endpoint protection assessment
Disk encryption assessment
for supported scenarios

for supported scenarios
Third-party vulnerability assessment - -
Network security assessment - -
Cloud security explorer -
Agentless secret scanning
Agentless malware scanning
Endpoint detection and response
System updates and patches
(With Azure Arc)
✔ (With Azure Arc)

Next steps

Start planning your Defender for Servers deployment.