适用于计算机的功能覆盖范围Feature coverage for machines

下面的两个选项卡显示了可用于 Windows 和 Linux 虚拟机和服务器的 Azure 安全中心功能。The two tabs below show the features of Azure Security Center that are available for Windows and Linux virtual machines and servers.

虚拟机和服务器支持的功能 Supported features for virtual machines and servers

功能Feature Azure 虚拟机Azure Virtual Machines Azure 虚拟机规模集Azure Virtual Machine Scale Sets 已启用 Azure Arc 的计算机Azure Arc enabled machines 需要 Azure DefenderAzure Defender required
虚拟机行为分析(和安全警报)Virtual machine behavioral analytics (and security alerts) Yes
无文件安全警报Fileless security alerts Yes
恰时 VM 访问Just-in-time VM access - - Yes
自适应应用程序控制Adaptive application controls - Yes
网络映射Network map - Yes
合规性仪表板和报表Regulatory compliance dashboard & reports Yes
针对 Docker 托管的 IaaS 容器的建议和威胁防护Recommendations and threat protection on Docker-hosted IaaS containers - - - Yes
缺少 OS 修补程序评估Missing OS patches assessment Azure:否Azure: No

已启用 Arc:是Arc-enabled: Yes
安全配置错误评估Security misconfigurations assessment Azure:否Azure: No

已启用 Arc:是Arc-enabled: Yes
终结点保护评估Endpoint protection assessment Azure:否Azure: No

已启用 Arc:是Arc-enabled: Yes
磁盘加密评估Disk encryption assessment
(适用于支持的场景(for supported scenarios)
- No
第三方漏洞评估Third-party vulnerability assessment - No
网络安全评估Network security assessment - No

提示

要试验仅适用于 Azure Defender 的功能,可以注册 30 天试用版。To experiment with features that are only available with Azure Defender, you can enroll in a 30-day trial. 有关详细信息,请参阅定价页For more information, see the pricing page.

支持的终结点保护解决方案 Supported endpoint protection solutions

下表提供了一个矩阵:The following table provides a matrix of:

  • 是否可以使用 Azure 安全中心安装每个解决方案。Whether you can use Azure Security Center to install each solution for you.
  • 安全中心可以发现哪些保护解决方案。Which endpoint protection solutions Security Center can discover. 如果你发现此列表中有终结点保护解决方案,安全中心会建议你不要安装该解决方案。If an endpoint protection solution from this list is discovered, Security Center won't recommend installing one.

若要了解何时会针对其中的每种保护生成建议,请参阅终结点保护评估和建议For information about when recommendations are generated for each of these protections, see Endpoint Protection Assessment and Recommendations.

终结点保护Endpoint Protection 平台Platforms 安全中心安装Security Center Installation 安全中心发现Security Center Discovery
Microsoft Defender 防病毒Microsoft Defender Antivirus Windows Server 2016 或更高版本Windows Server 2016 or later 否,内置到 OSNo, Built in to OS Yes
System Center Endpoint Protection (Microsoft Antimalware)System Center Endpoint Protection (Microsoft Antimalware) Windows Server 2012 R2、2012、2008 R2(请参阅以下备注)Windows Server 2012 R2, 2012, 2008 R2 (see note below) 通过扩展Via Extension Yes
Trend Micro - Deep SecurityTrend Micro - Deep Security Windows Server 系列Windows Server Family No Yes
Symantec v12.1.1100+Symantec v12.1.1100+ Windows Server 系列Windows Server Family No Yes
McAfee v10+McAfee v10+ Windows Server 系列Windows Server Family No Yes
McAfee v10+McAfee v10+ Linux 服务器系列Linux Server Family No Yes
Sophos V9+Sophos V9+ Linux 服务器系列Linux Server Family No Yes

备注

在 Windows Server 2008 R2 虚拟机上检测 System Center Endpoint Protection (SCEP) 需要在 PowerShell(v3.0 或更高版本)之后安装 SCEP。Detection of System Center Endpoint Protection (SCEP) on a Windows Server 2008 R2 virtual machine requires SCEP to be installed after PowerShell (v3.0 or newer).

功能支持Feature support

服务/功能Service / Feature 中国China
实时 VM 访问 (1)Just-in-time VM access (1)
文件完整性监视 (1)File integrity monitoring (1)
自适应应用程序控制 (1)Adaptive application controls (1)
自适应网络强化 (1)Adaptive network hardening (1) -
Docker 主机强化 (1)Docker host hardening (1)
的集成漏洞评估 (1)Integrated vulnerability assessment for machines (1) -
用于终结点的 Microsoft Defender (1)Microsoft Defender for Endpoint (1) -
连接 AWS 帐户 (1)Connect AWS account (1) -
连接 GCP 帐户 (1)Connect GCP account (1) -
连续导出Continuous export
工作流自动化Workflow automation
建议例外规则Recommendation exemption rules -
警报抑制规则Alert suppression rules
安全警报的电子邮件通知Email notifications for security alerts
资产清单Asset inventory
适用于应用服务的 Azure DefenderAzure Defender for App Service -
适用于存储的 Azure DefenderAzure Defender for Storage -
Azure Defender for SQLAzure Defender for SQL ✔ (2)✔ (2)
适用于 Key Vault 的 Azure DefenderAzure Defender for Key Vault -
适用于资源管理器的 Azure DefenderAzure Defender for Resource Manager -
适用于 DNS 的 Azure DefenderAzure Defender for DNS -
适用于容器注册表的 Azure DefenderAzure Defender for container registries ✔ (2)✔ (2)
适用于 Kubernetes 的 Azure DefenderAzure Defender for Kubernetes
Kubernetes 工作负载保护Kubernetes workload protection

(1) 需要用于服务器的 Azure Defender(1) Requires Azure Defender for servers

(2) 部分完成(2) Partial

后续步骤Next steps