Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
All Microsoft Defender for Cloud features will be officially retired in the Azure in China region on August 18, 2026. Due to this upcoming retirement, Azure in China customers are no longer able to onboard new subscriptions to the service. A new subscription is any subscription that was not already onboarded to the Microsoft Defender for Cloud service prior to August 18, 2025, the date of the retirement announcement. For more information on the retirement, see Microsoft Defender for Cloud Deprecation in Microsoft Azure Operated by 21Vianet Announcement. Customers should work with their account representatives for Microsoft Azure operated by 21Vianet to assess the impact of this retirement on their own operations.
Important
Attention: Microsoft Defender for Servers was officially retired in the Azure in China region on August 24, 2025 per the announcements previously posted by 21Vianet.
Defender for Cloud collects data from your Azure virtual machines (VMs), Virtual Machine Scale Sets, IaaS containers, and non-Azure (including on-premises) machines to monitor for security vulnerabilities and threats. Some Defender plans require monitoring components to collect data from your workloads.
Data collection is required to provide visibility into missing updates, misconfigured OS security settings, endpoint protection status, and health and threat protection. Data collection is only needed for compute resources such as VMs, Virtual Machine Scale Sets, IaaS containers, and non-Azure computers.
You can benefit from Microsoft Defender for Cloud even if you don’t provision agents. However, you have limited security and the capabilities listed aren't supported.
Data is collected using:
- Security components, such as the Azure Policy for Kubernetes
Why use Defender for Cloud to deploy monitoring components?
Visibility into the security of your workloads depends on the data that the monitoring components collect. The components ensure security coverage for all supported resources.
To save you the process of manually installing the extensions, Defender for Cloud reduces management overhead by installing all required extensions on existing and new machines. Defender for Cloud assigns the appropriate Deploy if not exists policy to the workloads in the subscription. This policy type ensures the extension is provisioned on all existing and future resources of that type.
Tip
Learn more about Azure Policy effects, including Deploy if not exists, in Understand Azure Policy effects.
What plans use monitoring components?
These plans use monitoring components to collect data:
- Defender for SQL servers on machines
- Azure Arc agent (For multicloud and on-premises servers)
- Automatic SQL server discovery and registration
- Defender for Containers
- Azure Arc agent (For on-premises servers)
- Defender sensor, Azure Policy for Kubernetes, Kubernetes audit log data
Availability of extensions
The Azure Preview Supplemental Terms include additional legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
Defender for Containers extensions
This table shows the availability details for the components required by the protections offered by Microsoft Defender for Containers.
By default, the required extensions are enabled when you enable Defender for Containers from the Azure portal.
| Aspect | Azure Kubernetes Service clusters | Azure Arc-enabled Kubernetes clusters |
|---|---|---|
| Release state: | • Defender sensor: GA • Azure Policy for Kubernetes: Generally available (GA) |
• Defender sensor: Preview • Azure Policy for Kubernetes: Preview |
| Relevant Defender plan: | Microsoft Defender for Containers | Microsoft Defender for Containers |
| Required roles and permissions (subscription-level): | Owner or User Access Administrator | Owner or User Access Administrator |
| Supported destinations: | The AKS Defender sensor only supports AKS clusters that have RBAC enabled. | |
| Policy-based: | 
Yes |
Yes |
| Clouds: | Defender sensor:
Microsoft Azure operated by 21Vianet Azure Policy for Kubernetes:
Microsoft Azure operated by 21Vianet |
Defender sensor:
Microsoft Azure operated by 21Vianet Azure Policy for Kubernetes:
Microsoft Azure operated by 21Vianet |
Learn more about the roles used to provision Defender for Containers extensions.
Troubleshooting
- To identify manual onboarding issues, see How to troubleshoot Operations Management Suite onboarding issues.
Next steps
This page explained what monitoring components are and how to enable them.
Learn more about:
- Setting up email notifications for security alerts
- Protecting workloads with the Defender plans