Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Attention: All Microsoft Defender for Cloud features will be officially retired in Azure in China region on August 18, 2026 per the announcement posted by 21Vianet.
Cloud Security Posture Management (CSPM) is a core feature of Microsoft Defender for Cloud. CSPM provides continuous visibility into the security state of your cloud assets and workloads, offering actionable guidance to improve your security posture across Azure.
Defender for Cloud continually assesses your cloud infrastructure against security standards defined for your Azure subscriptions projects. Defender for Cloud issues security recommendations to help you identify and reduce cloud misconfigurations and security risks.
By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) standard is enabled and provides recommendations to secure your environment. The secure score based on some of the MCSB recommendations helps you monitor cloud compliance. A higher score indicates a lower identified risk level.
CSPM Plans
Defender for Cloud provides the following CSPM offerings currently:
- Foundational CSPM (free): Enabled by default for all onboarded subscriptions and accounts.
Plan availability
Defender CSPM is available across multiple deployment models:
- Multi-cloud: Support for Azure environment
- Hybrid: On-premises resources through Azure Arc
For specific regional availability and government cloud support details, see the support matrix for cloud environments.
| Feature | Foundational CSPM | Defender CSPM | Cloud availability |
|---|---|---|---|
| Asset inventory | 
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Data exporting |
|
|
Azure, on-premises |
| Data visualization and reporting with Azure Workbooks |
|
|
Azure, on-premises |
| Microsoft Cloud Security Benchmark |
|
|
Azure |
| Secure score |
|
|
Azure, on-premises, Docker Hub, JFrog Artifactory |
| Security recommendations |
|
|
Azure, on-premises |
| Tools for remediation |
|
|
Azure, on-premises |
| Workflow automation |
|
|
Azure, on-premises |
| Agentless code-to-cloud containers vulnerability assessment | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Custom Recommendations | - |
|
Azure |
| Internet exposure analysis | - |
|
Azure, Docker Hub, JFrog Artifactory |
| Regulatory compliance assessments | - |
|
Azure, Docker Hub, JFrog Artifactory |
Plan Pricing
- See Defender for Cloud pricing and use the cost calculator to estimate costs.
Azure Cloud Support
For commercial and national cloud coverage, see Azure cloud environment support matrix.
Next Steps
- Learn about security standards and recommendations
- Learn about secure score