Feature coverage for machines

The two tabs below show the features of Azure Security Center that are available for Windows and Linux virtual machines and servers.

Supported features for virtual machines and servers

Feature Azure Virtual Machines Azure Virtual Machine Scale Sets Azure Arc enabled machines Azure Defender required
Microsoft Defender for Endpoint integration
(on supported versions)

(on supported versions)
Virtual machine behavioral analytics (and security alerts) Yes
Fileless security alerts Yes
Network-based security alerts - Yes
Just-in-time VM access - - Yes
Native vulnerability assessment - Yes
File integrity monitoring Yes
Adaptive application controls - Yes
Network map - Yes
Adaptive network hardening - - Yes
Regulatory compliance dashboard & reports Yes
Recommendations and threat protection on Docker-hosted IaaS containers - - - Yes
Missing OS patches assessment Azure: No

Arc-enabled: Yes
Security misconfigurations assessment Azure: No

Arc-enabled: Yes
Endpoint protection assessment Azure: No

Arc-enabled: Yes
Disk encryption assessment
(for supported scenarios)
- No
Third-party vulnerability assessment - No
Network security assessment - No


To experiment with features that are only available with Azure Defender, you can enroll in a 30-day trial. For more information, see the pricing page.

Supported endpoint protection solutions

The following table provides a matrix of:

  • Whether you can use Azure Security Center to install each solution for you.
  • Which endpoint protection solutions Security Center can discover. If an endpoint protection solution from this list is discovered, Security Center won't recommend installing one.

For information about when recommendations are generated for each of these protections, see Endpoint Protection Assessment and Recommendations.

Endpoint Protection Platforms Security Center Installation Security Center Discovery
Microsoft Defender Antivirus Windows Server 2016 or later No, Built in to OS Yes
System Center Endpoint Protection (Microsoft Antimalware) Windows Server 2012 R2, 2012, 2008 R2 (see note below) Via Extension Yes
Trend Micro – Deep Security Windows Server Family No Yes
Symantec v12.1.1100+ Windows Server Family No Yes
McAfee v10+ Windows Server Family No Yes
McAfee v10+ Linux Server Family No Yes
Sophos V9+ Linux Server Family No Yes


Detection of System Center Endpoint Protection (SCEP) on a Windows Server 2008 R2 virtual machine requires SCEP to be installed after PowerShell (v3.0 or newer).

Feature support in government clouds

Service / Feature US Gov China Gov
Just-in-time VM access (1)
File integrity monitoring (1)
Adaptive application controls (1)
Adaptive network hardening (1) - -
Docker host hardening (1)
Integrated vulnerability assessment for machines (1) - -
Microsoft Defender for Endpoint (1) -
Connect AWS account (1) - -
Connect GCP account (1) - -
Continuous export
Workflow automation
Recommendation exemption rules - -
Alert suppression rules
Email notifications for security alerts
Asset inventory
Azure Defender for App Service - -
Azure Defender for Storage -
Azure Defender for SQL ✔ (2)
Azure Defender for Key Vault - -
Azure Defender for Resource Manager - -
Azure Defender for DNS - -
Azure Defender for container registries ✔ (2) ✔ (2)
Azure Defender for Kubernetes
Kubernetes workload protection

(1) Requires Azure Defender for servers

(2) Partial

Next steps