Cloud security posture management (CSPM)
One of Microsoft Defender for Cloud's main pillars is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of your assets and workloads, and provides hardening guidance to help you efficiently and effectively improve your security posture.
Defender for Cloud continually assesses your resources against security standards that are defined for your Azure subscriptions. Defender for Cloud issues security recommendations based on these assessments.
By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) compliance standard is turned on. It provides recommendations. Defender for Cloud provides an aggregated secure score based on some of the MCSB recommendations. The higher the score, the lower the identified risk level.
CSPM features
Defender for Cloud provides the following CSPM offerings currently:
- Foundational CSPM - Defender for Cloud offers foundational multicloud CSPM capabilities for free. These capabilities are automatically enabled by default for subscriptions and accounts that onboard to Defender for Cloud.
Plan availability
Learn more about Defender CSPM pricing.
The following table summarizes each plan and their cloud availability.
| Feature | Foundational CSPM | Defender CSPM | Cloud availability |
|---|---|---|---|
| Security recommendations | 
|
|
Azure, on-premises |
| Asset inventory |
|
|
Azure, on-premises |
| Secure score |
|
|
Azure, on-premises |
| Data visualization and reporting with Azure Workbooks |
|
|
Azure, on-premises |
| Data exporting |
|
|
Azure, on-premises |
| Workflow automation |
|
|
Azure, on-premises |
| Tools for remediation |
|
|
Azure, on-premises |
| Microsoft Cloud Security Benchmark |
|
|
Azure |
| Regulatory compliance standards | - |
|
Azure, on-premises |
| Agentless scanning for machines | - |
|
Azure |
| Agentless container security posture | - |
|
Azure |
| Data aware security posture | - |
|
Azure |
| EASM insights in network exposure | - |
|
Azure |
Plan pricing
- Review the Defender for Cloud pricing page to learn about Defender CSPM pricing.
Azure cloud support
For commercial and national cloud coverage, review the features supported in Azure cloud environments.
Next steps
- Learn about security standards and recommendations.
- Learn about secure score.