Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article indicates which Defender for Cloud features are supported in Azure commercial and government clouds.
Cloud support
In the support table, NA indicates that the feature isn't available.
| Feature/Plan | Azure | Azure Government | Microsoft Azure operated by 21Vianet |
|---|---|---|---|
| GENERAL FEATURES | |||
| Continuous data export | GA | GA | GA |
| Response automation with Azure Logic Apps | GA | GA | GA |
| Security alerts Generated when one or more Defender for Cloud plans is enabled. |
GA | GA | GA |
| Alert email notifications | GA | GA | GA |
| Alert suppression rules | GA | GA | GA |
| Alert bi-directional synchronization with Microsoft Sentinel | GA | GA | NA |
| Azure Workbooks integration for reporting | GA | GA | GA |
| Automatic component/agent/extension provisioning | GA | GA | GA |
| FOUNDATIONAL Cloud Security Posture Management (CSPM) FEATURES (FREE) | |||
| Copilot in Defender for Cloud | GA | NA | NA |
| FOUNDATIONAL CSPM FEATURES (FREE) | |||
| Asset inventory | GA | GA | GA |
| Security recommendations based on the Microsoft Cloud Security Benchmark | GA | GA | GA |
| Recommendation exemptions | Preview | NA | NA |
| Secure score | GA | GA | GA |
| DevOps security posture | Preview | NA | NA |
| DEFENDER Cloud Security Posture Management (CSPM) FEATURES | |||
| Data and AI security dashboard | GA | NA | NA |
| Attack path | GA | NA | NA |
| AI security posture management | GA | GA | NA |
| Active user | Public preview | NA | NA |
| Security recommendations | GA | GA | NA |
| Asset inventory | GA | GA | NA |
| Secure score | GA | GA | NA |
| Workbooks | GA | GA | NA |
| Continues Export | GA | GA | NA |
| Workflow automation | GA | GA | NA |
| Quick Fix | GA | GA | NA |
| Agentless VM vulnerability scanning | GA | GA | NA |
| Agentless VM secrets scanning | GA | GA | NA |
| Attack path analysis | GA | GA | NA |
| Risk prioritization | GA | GA | NA |
| Security Explorer | GA | GA | NA |
| Code-to-cloud mapping for containers | GA | NA | NA |
| Code-to-cloud mapping for IaC | GA | NA | NA |
| PR annotations | GA | NA | NA |
| Internet exposure analysis | GA | GA | NA |
| External attack surface management | GA | NA | NA |
| CIEM | GA | NA | NA |
| Regulatory compliance | GA | GA | NA |
| ServiceNow Integration | GA | NA | NA |
| Critical assets protection | GA | GA | NA |
| Governance | GA | GA | NA |
| Sensitive data scanning (DSPM) | GA | GA | NA |
| Agentless scanning for Kubernetes | GA | GA | NA |
| Custom Recommendations (Preview) | Public Preview | NA | NA |
| Agentless containers vulnerability assessment | GA | GA | NA |
| API security posture management (Preview) | Public Preview | NA | NA |
| DEFENDER FOR CLOUD PLANS | |||
| Defender Cloud Security Posture Management (CSPM) | GA | GA | NA |
| Defender for AI Services | GA | NA | NA |
| Defender for APIs | GA | NA | NA |
| Defender for App Service | GA | NA | GA |
| Defender for Containers Review detailed feature support |
GA | GA | GA |
| DevOps Security | GA | NA | NA |
| Defender for Domain Name System (DNS) | GA | GA | GA |
| Defender for Key Vault | GA | NA | NA |
| Defender for Resource Manager | GA | GA | GA |
| Defender for Servers Plan 1 (P1) and Plan 2 (P2) Review detailed feature support |
GA | GA | GA |
| Defender for Storage | GA | GA | NA |
| DEFENDER FOR STORAGE FEATURES | |||
| Activity monitoring (security alerts) | GA | GA | NA |
| Malware scanning | GA1 | GA | NA |
| Sensitive data threat detection (Sensitive Data Discovery) | GA1 | NA | NA |
| DEFENDER FOR DATABASES FEATURES | |||
| Defender for Azure SQL database servers | GA | GA | GA A subset of alerts/vulnerability assessments is available. Behavioral threat protection isn't available. |
| Defender for SQL servers on machines | GA | GA | GA |
| Defender for SQL Servers on Machines | GA | GA | GA |
| Vulnerability assessment Express and Classic configurations | GA | GA | GA |
| Advanced threat protection | GA | GA | GA |
| Defender for Open-Source Relational Databases | GA | GA | GA |
| Defender for Azure Cosmos DB | GA | NA | NA |
| DEFENDER FOR SERVERS FEATURES | |||
| File Integrity Monitoring | GA | GA2 | NA |
1: Azure DNS Zone isn't supported for malware scanning and sensitive data threat detection. 2: GovCon Cloud Moderate (GCCM) doesn't support File Integrity Monitoring.
Important
- As of August 1, 2023, customers with an existing subscription to Defender for DNS can continue to use the service as a standalone plan.
- For new subscriptions, alerts about suspicious DNS activity are included as part of Defender for Servers Plan 2 (P2).
- There's no change to the protection scope: Defender for DNS continues to protect all Azure resources connected to Azure's default DNS resolvers. The change affects how DNS protection is billed and bundled, not what resources are covered.
Next steps
Start reading about Defender for Cloud features.