Feature coverage for machines

The two tabs below show the features of Azure Security Center that are available for Windows and Linux machines.

Supported features for virtual machines and servers

Feature Azure Virtual Machines Azure Virtual Machine Scale Sets Azure Arc enabled machines Azure Defender required
Microsoft Defender for Endpoint integration
(on supported versions)

(on supported versions)
Yes
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - - Yes
Native vulnerability assessment - Yes
File integrity monitoring Yes
Adaptive application controls - Yes
Network map - Yes
Adaptive network hardening - - Yes
Regulatory compliance dashboard & reports Yes
Docker host hardening - - - Yes
Missing OS patches assessment Azure: No

Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Arc-enabled: Yes
Endpoint protection assessment Azure: No

Arc-enabled: Yes
Disk encryption assessment
(for supported scenarios)
- No
Third-party vulnerability assessment - No
Network security assessment - No

Tip

To experiment with features that are only available with Azure Defender, you can enroll in a 30-day trial. For more information, see the pricing page.

Supported endpoint protection solutions

The following table provides a matrix of:

  • Whether you can use Azure Security Center to install each solution for you.
  • Which endpoint protection solutions Security Center can discover. If an endpoint protection solution from this list is discovered, Security Center won't recommend installing one.

For information about when recommendations are generated for each of these protections, see Endpoint Protection Assessment and Recommendations.

Solution Supported platforms Security Center installation Security Center discovery
Microsoft Defender Antivirus Windows Server 2016 or later No (built into OS) Yes
System Center Endpoint Protection (Microsoft Antimalware) Windows Server 2012 R2 Via extension Yes
Trend Micro – Deep Security Windows Server (all) No Yes
Symantec v12.1.1100+ Windows Server (all) No Yes
McAfee v10+ Windows Server (all) No Yes
McAfee v10+ Linux (preview) No Yes
Sophos V9+ Linux (preview) No Yes

Feature support in government and sovereign clouds

Feature/Service Azure Azure Government Azure China 21Vianet
Security Center free features
- Continuous export GA GA GA
- Workflow automation GA GA GA
- Recommendation exemption rules Public Preview Not Available Not Available
- Alert suppression rules GA GA GA
- Email notifications for security alerts GA GA GA
- Auto provisioning for agents and extensions GA GA GA
- Asset inventory GA GA GA
- Azure Monitor Workbooks reports in Azure Security Center's workbooks gallery GA GA GA
Azure Defender plans and extensions
- Azure Defender for servers GA GA GA
- Azure Defender for App Service GA Not Available Not Available
- Azure Defender for DNS GA GA GA
- Azure Defender for container registries 1 GA GA 2 GA 2
- Azure Defender for container registries scanning of images in CI/CD workflows 3 Public Preview Not Available Not Available
- Azure Defender for Kubernetes 4 GA GA GA
- Azure Defender extension for Azure Arc enabled Kubernetes clusters 5 Public Preview Not Available Not Available
- Azure Defender for Azure SQL database servers GA GA GA 9
- Azure Defender for SQL servers on machines GA GA Not Available
- Azure Defender for open-source relational databases GA Not Available Not Available
- Azure Defender for Key Vault GA Not Available Not Available
- Azure Defender for Resource Manager GA GA GA
- Azure Defender for Storage 6 GA GA Not Available
- Threat protection for Cosmos DB Public Preview Not Available Not Available
- Kubernetes workload protection GA GA GA
- Bi-directional alert synchronization with Sentinel Public Preview Not Available Not Available
Azure Defender for servers features 7
- Just-in-time VM access GA GA GA
- File integrity monitoring GA GA GA
- Adaptive application controls GA GA GA
- Adaptive network hardening GA Not Available Not Available
- Docker host hardening GA GA GA
- Integrated vulnerability assessment for machines GA Not Available Not Available
- Regulatory compliance dashboard & reports 8 GA GA GA
- Microsoft Defender for Endpoint deployment and integrated license GA GA Not Available
- Connect AWS account GA Not Available Not Available
- Connect GCP account GA Not Available Not Available

1 Partially GA: The ability to disable specific findings from vulnerability scans is in public preview.

2 Vulnerability scans of container registries on the Azure Government cloud can only be performed with the scan on push feature.

3 Requires Azure Defender for container registries.

4 Partially GA: Support for Arc enabled clusters is in public preview and not available on Azure Government.

5 Requires Azure Defender for Kubernetes.

6 Partially GA: Some of the threat protection alerts from Azure Defender for Storage are in public preview.

7 These features all require Azure Defender for servers.

8 There may be differences in the standards offered per cloud type.

9 Partially GA: Subset of alerts and vulnerability assessment for SQL servers. Behavioral threat protections aren't available.

Next steps