Cloud security posture management (CSPM)

One of Microsoft Defender for Cloud's main pillars is cloud security posture management (CSPM). CSPM provides detailed visibility into the security state of your assets and workloads, and provides hardening guidance to help you efficiently and effectively improve your security posture.

Defender for Cloud continually assesses your resources against security standards that are defined for your Azure subscriptions. Defender for Cloud issues security recommendations based on these assessments.

By default, when you enable Defender for Cloud on an Azure subscription, the Microsoft Cloud Security Benchmark (MCSB) compliance standard is turned on. It provides recommendations. Defender for Cloud provides an aggregated secure score based on some of the MCSB recommendations. The higher the score, the lower the identified risk level.

CSPM features

Defender for Cloud provides the following CSPM offerings currently:

  • Foundational CSPM - Defender for Cloud offers foundational multicloud CSPM capabilities for free. These capabilities are automatically enabled by default for subscriptions and accounts that onboard to Defender for Cloud.

Plan availability

Learn more about Defender CSPM pricing.

The following table summarizes each plan and their cloud availability.

Feature Foundational CSPM Defender CSPM Cloud availability
Security recommendations Azure, on-premises
Asset inventory Azure, on-premises
Secure score Azure, on-premises
Data visualization and reporting with Azure Workbooks Azure, on-premises
Data exporting Azure, on-premises
Workflow automation Azure, on-premises
Tools for remediation Azure, on-premises
Microsoft Cloud Security Benchmark Azure
Internet exposure analysis - Azure
Regulatory compliance assessments - Azure
Custom Recommendations - Azure
Agentless code-to-cloud containers vulnerability assessment - Azure

Plan pricing

Azure cloud support

For commercial and national cloud coverage, review the features supported in Azure cloud environments.

Next steps