Skip to content

Exploring Microsoft Defender for Cloud: A Guide to Defender Plans

Exploring Microsoft Defender for Cloud: A Guide to Defender Plans

In the evolving world of cloud security, Microsoft Defender for Cloud stands as a pivotal solution, offering a range of plans tailored to different security needs. This comprehensive guide will delve into the nuances of these plans, helping you navigate through the options and select the one that aligns best with your organization’s requirements.

Understanding CSPM in Microsoft Defender for Cloud

At its core, Microsoft Defender for Cloud focuses on Cloud Security Posture Management (CSPM), providing detailed visibility into your assets’ security state and offering guidance for security improvements.

The Foundational CSPM

Offering essential security features at no cost, the Foundational CSPM is an entry-level solution perfect for organizations seeking basic security insights. It includes:

  • Security Recommendations: Offers actionable advice based on the Microsoft Cloud Security Benchmark.
  • Asset Inventory: Keeps track of your assets across multiple cloud environments.
  • Secure Score: Evaluates your security posture, helping you identify and mitigate risks.

The Defender CSPM Plan

This premium plan builds upon the foundational features with advanced capabilities, making it ideal for organizations requiring in-depth security governance. Highlights include:

  • Advanced Security Governance and Regulatory Compliance: Offers enhanced tools for maintaining compliance with various standards.
  • Cloud Security Explorer and Attack Path Analysis: Provides deeper insights into potential vulnerabilities.
  • Agentless Security Features: For comprehensive coverage of both machines and container environments.

Why Choose the Defender CSPM Plan?

The Defender CSPM Plan is tailored for businesses that need a more robust security framework. It’s particularly beneficial for organizations with complex cloud environments, requiring stringent compliance standards and advanced threat protection.

Integrations and DevOps Security

Integrations like ServiceNow streamline incident management, enhancing the efficiency of your security operations. The plan’s upcoming DevOps security features, starting March 2024, will add another layer of protection, linking code to cloud security.

Pricing Overview

While the Foundational CSPM offers core features at no cost, the Defender CSPM Plan is a paid solution, with pricing details available on the Defender for Cloud pricing page.

Note the special offer for GCP users until January 2024.

The special offer for GCP (Google Cloud Platform) users until January 2024 refers to a promotion where certain Defender for Cloud features are available at no cost for those using GCP. This offer is part of Microsoft’s effort to extend its security services across multiple cloud platforms, encouraging GCP users to adopt Defender for Cloud by providing complimentary access to select features for a limited time. This initiative aims to enhance cross-platform cloud security and demonstrates Microsoft’s commitment to multicloud environments.

  1. Defender for Servers: Around $15 per core per month.
  2. Defender for App Service: Approximately $25 per instance per month.
  3. Defender for Storage: Typically charges based on the amount of data stored, often starting at a few dollars per month.
  4. Defender for SQL: Around $15 per SQL server instance per month.
  5. Defender for Kubernetes: Approximately $10 per node per month.
  6. Defender for Container Registries: Pricing usually starts at a few dollars per registry per month.
  7. Defender for Key Vault: Often around $0.03 per 10,000 transactions.
  8. Defender for Resource Manager: This is generally part of the broader Defender for Cloud pricing.
  9. Defender for DNS: Pricing information is typically bundled with broader Azure DNS pricing.

Cloud Workload Protection (CWP)

Microsoft Defender for Servers, part of Microsoft Defender for Cloud, offers two primary plans: Defender for Servers Plan 1 and Defender for Servers Plan 2.

  1. Defender for Servers Plan 1: Provides basic security features such as secure configuration management and vulnerability assessment.
  2. Defender for Servers Plan 2: Includes all the features of Plan 1, plus advanced defenses like Just-In-Time VM Access, adaptive application controls, and network hardening.

These plans cater to different levels of security needs, allowing organizations to choose based on the complexity of their server workloads and security requirements.

Foundational CSPM vs. Defender CSPM Plan in Microsoft Defender for Cloud

Feature Foundational CSPM Defender CSPM Plan Cloud Availability
Security recommendations Available Available Azure, AWS, GCP, on-premises
Asset inventory Available Available Azure, AWS, GCP, on-premises
Secure score Available Available Azure, AWS, GCP, on-premises
Data visualization and reporting Available Available Azure, AWS, GCP, on-premises
Data exporting Available Available Azure, AWS, GCP, on-premises
Workflow automation Available Available Azure, AWS, GCP, on-premises
Tools for remediation Available Available Azure, AWS, GCP, on-premises
Microsoft Cloud Security Benchmark Available Available Azure, AWS, GCP
Security governance Available Azure, AWS, GCP, on-premises
Regulatory compliance standards Available Azure, AWS, GCP, on-premises
Cloud security explorer Available Azure, AWS, GCP
Attack path analysis Available Azure, AWS, GCP
Agentless scanning for machines Available Azure, AWS, GCP
Agentless container security posture Available Azure, AWS
Container registries vulnerability assessment Available Azure, AWS
Data aware security posture Available Azure, AWS, GCP
EASM insights in network exposure Available Azure, AWS, GCP
Permissions management (Preview) Available Azure, AWS, GCP

This table highlights that while both plans offer a range of security features, the Defender CSPM Plan provides additional advanced security measures such as security governance, regulatory compliance standards, and attack path analysis. These features are especially crucial for organizations that require a more comprehensive security posture across their cloud environments.


Microsoft Defender for Cloud, with its two-tiered approach to CSPM, provides flexible and comprehensive security solutions suitable for a variety of organizational needs. Whether you require basic security management or advanced protective measures, these plans are designed to safeguard your cloud environment effectively.

Remember, the right choice depends on your specific security requirements and the complexity of your cloud infrastructure. Consider the detailed features and pricing of each plan to ensure your organization’s cloud assets are thoroughly protected.

Find out more: Defender for Cloud Pricing

Sharing is caring!

Published inAzureMicrosoft Defender for Cloud

Be First to Comment

Leave a Reply

Your email address will not be published.