Edit

Share via

Defender for Cloud support matrices for Azure commercial/other clouds

  • Article

This article indicates which Defender for Cloud features are supported in Azure commercial and government clouds.

Cloud support

In the support table, NA indicates that the feature isn't available.

Feature/Plan Azure Azure Government Microsoft Azure operated by 21Vianet
GENERAL FEATURES
Continuous data export GA GA GA
Response automation with Azure Logic Apps GA GA GA
Security alerts
Generated when one or more Defender for Cloud plans is enabled.		 GA GA GA
Alert email notifications GA GA GA
Alert suppression rules GA GA GA
Alert bi-directional synchronization with Microsoft Sentinel GA GA NA
Azure Workbooks integration for reporting GA GA GA
Automatic component/agent/extension provisioning GA GA GA
Copilot in Defender for Cloud GA NA NA
FOUNDATIONAL CSPM FEATURES (FREE)
Asset inventory GA GA GA
Security recommendations based on the Microsoft Cloud Security Benchmark GA GA GA
Recommendation exemptions Preview NA NA
Secure score GA GA GA
DevOps security posture Preview NA NA
DEFENDER CSPM FEATURES
Data and AI security dashboard GA NA NA
Attack path GA NA NA
AI security posture management GA NA NA
DEFENDER FOR CLOUD PLANS
Defender CSPM GA NA NA
Defender for AI Services GA NA NA
Defender for APIs GA NA NA
Defender for App Service GA NA GA
Defender for Containers
Review detailed feature support		 GA GA GA
DevOps Security GA NA NA
Defender for DNS GA GA GA
Defender for Key Vault GA NA NA
Defender for Resource Manager GA GA GA
Defender for Servers
Review detailed feature support.		 GA GA GA
Defender for Storage GA GA GA
DEFENDER FOR STORAGE FEATURES
Activity monitoring (security alerts) GA GA GA
Malware scanning GA1 GA GA
Sensitive data threat detection (Sensitive Data Discovery) GA1 NA NA
DEFENDER FOR DATABASES FEATURES
Defender for Azure SQL database servers GA GA GA

A subset of alerts/vulnerability assessments is available.
Behavioral threat protection isn't available.
Defender for SQL servers on machines GA GA GA
Defender for SQL Servers on Machines GA GA GA
Vulnerability assessment Express and Classic configurations GA GA GA
Advanced threat protection GA GA GA
Defender for Open-Source Relational Databases GA GA GA
Defender for Azure Cosmos DB GA NA NA
DEFENDER FOR SERVERS FEATURES
File Integrity Monitoring GA GA2 NA

1: Azure DNS Zone isn't supported for malware scanning and sensitive data threat detection. 2: GovCon Cloud Moderate (GCCM) doesn't support File Integrity Monitoring.

Important

  • As of August 1, 2023, customers with an existing subscription to Defender for DNS can continue to use the service as a standalone plan.
  • For new subscriptions, alerts about suspicious DNS activity are included as part of Defender for Servers Plan 2 (P2).
  • There's no change to the protection scope: Defender for DNS continues to protect all Azure resources connected to Azure's default DNS resolvers. The change affects how DNS protection is billed and bundled, not what resources are covered.

Next steps

Start reading about Defender for Cloud features.