Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
All Microsoft Defender for Cloud features will be officially retired in the Azure in China region on August 18, 2026. Due to this upcoming retirement, Azure in China customers are no longer able to onboard new subscriptions to the service. A new subscription is any subscription that was not already onboarded to the Microsoft Defender for Cloud service prior to August 18, 2025, the date of the retirement announcement. For more information on the retirement, see Microsoft Defender for Cloud Deprecation in Microsoft Azure Operated by 21Vianet Announcement.
Customers should work with their account representatives for Microsoft Azure operated by 21Vianet to assess the impact of this retirement on their own operations.
This article summarizes support information for the Defender for Servers plan in Microsoft Defender for Cloud.
Note
This article references CentOS, a Linux distribution that reaches end of support on June 30, 2024. See End of support guidance.
Network requirements
Validate the following endpoints are configured for outbound access so that Azure Arc extension can connect to Microsoft Defender for Cloud to send security data and events:
For Defender for Server multicloud deployments, make sure that the addresses and ports required by Azure Arc are open.
For deployments with Google Cloud Platform (GCP) connectors, open port 443 to these URLs:
osconfig.googleapis.comcompute.googleapis.comcontaineranalysis.googleapis.comagentonboarding.defenderforservers.security.azure.comgbl.his.arc.azure.com
For deployments with Amazon Web Services (AWS) connectors, open port 443 to these URLs:
ssm.<region>.amazonaws.comssmmessages.<region>.amazonaws.comec2messages.<region>.amazonaws.comgbl.his.arc.azure.com
Azure cloud support
This table summarizes Azure cloud support for Defender for Servers features.
| Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet 21Vianet |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | GA | GA 1 | GA |
| Compliance standards Compliance standards might differ depending on the cloud type. |
GA | GA | GA |
| Machine OS misconfiguration | GA | GA | GA |
| Virtual Machines (VM) vulnerability scanning-agentless | GA | GA | GA |
| VM vulnerability scanning - Microsoft Defender for Endpoint sensor | GA | GA | GA |
| Just-in-time VM access | GA | GA | GA |
| File integrity monitoring | GA | GA | GA |
| Docker host hardening | GA | GA | GA |
| Agentless secret scanning | GA | GA | GA |
| Agentless malware scanning | GA | GA | GA |
| Agentless assessment checks for endpoint detection and response solutions | GA | GA | GA |
| System updates and patches | GA | GA | GA |
| Kubernetes node protection | GA | GA | GA |
1: In Government Community Cloud – Moderate (GCC-M) environments on Azure public cloud, the following Microsoft Defender for Endpoint integrations aren't supported: Direct onboarding, Vulnerability Assessment recommendations, and File Integrity Monitoring (FIM).
Windows machine support
The following table shows feature support for Windows machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs Virtual Machine Scale Sets (Flexible orchestration)1 |
Azure Arc-enabled servers (including Azure VMware solution) | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ Available on: Windows Server 2025, 2022, 2019, 2016, 2012 R2, 2008 R2 SP1, Windows 10/11 Enterprise multi-session |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ | Yes |
| Fileless security alerts | ✔ | ✔ | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | - | - | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Disk encryption assessment | ✔ supported scenarios |
- | No |
| Non-Microsoft vulnerability assessment Bring Your Own License (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1: Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, Domain Name System (DNS) alerts, and control plane alerts.
Linux machine support
The following table shows feature support for Linux machines in Azure, Azure Arc, and other clouds.
| Feature | Azure VMs Virtual Machine Scale Sets (Flexible orchestration)1 |
Azure Arc-enabled machines | Defender for Servers required |
|---|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ (supported versions) |
✔ | Yes |
| Virtual machine behavioral analytics (and security alerts) | ✔ Supported versions |
✔ | Yes |
| Fileless security alerts | - | - | Yes |
| Network-based security alerts | ✔ | - | Yes |
| Just-in-time VM access | ✔ | - | Yes |
| File Integrity Monitoring | ✔ | ✔ | Yes |
| Network map | ✔ | - | Yes |
| Regulatory compliance dashboard & reports | ✔ | ✔ | Yes |
| Docker host hardening | ✔ | ✔ | Yes |
| Missing OS patches assessment | ✔ | ✔ | Azure: Yes Azure Arc-enabled: Yes |
| Security misconfigurations assessment | ✔ | ✔ | Azure: No Azure Arc-enabled: Yes |
| Endpoint protection assessment | - | - | No |
| Disk encryption assessment | ✔ supported scenarios |
- | No |
| Non-Microsoft vulnerability assessment (BYOL) | ✔ | - | No |
| Network security assessment | ✔ | - | No |
| System updates and patches | ✔ | ✔ | Yes (Plan 2) |
1: Currently, VM Scale Sets with Uniform Orchestration have partial feature coverage. The main supported capabilities include agentless detections, such as Network Layer Alerts, DNS alerts, and control plane alerts.
Multicloud machines
The following table shows feature support for AWS and GCP machines.
| Feature | Availability in AWS | Availability in GCP |
|---|---|---|
| Microsoft Defender for Endpoint integration | ✔ | ✔ |
| Virtual machine behavioral analytics (and security alerts) | ✔ | ✔ |
| Fileless security alerts | ✔ | ✔ |
| Network-based security alerts | - | - |
| Just-in-time VM access | ✔ | - |
| File Integrity Monitoring | ✔ | ✔ |
| Network map | - | - |
| Regulatory compliance dashboard & reports | ✔ | ✔ |
| Docker host hardening | ✔ | ✔ |
| Missing OS patches assessment | ✔ | ✔ |
| Security misconfigurations assessment | ✔ | ✔ |
| Endpoint protection assessment | ✔ | ✔ |
| Disk encryption assessment | ✔ for supported scenarios |
✔ for supported scenarios |
| Third-party vulnerability assessment | - | - |
| Network security assessment | - | - |
| Cloud security explorer | ✔ | - |
| Agentless secret scanning | ✔ | ✔ |
| Agentless malware scanning | ✔ | ✔ |
| Endpoint detection and response | ✔ | ✔ |
| System updates and patches | ✔ (With Azure Arc) |
✔ (With Azure Arc) |
Next steps
Start planning your Defender for Servers deployment.