Enable Defender for Servers and DCSPM Plan
Implementation Effort: Medium
Security and IT teams must evaluate server workloads, onboard cloud and hybrid machines, and enable the appropriate Defender for Servers and DCSPM plans at the subscription or resource level.
User Impact: Low
Enabling these plans is handled by administrators and security teams; end users are not directly involved.
Overview
To protect server workloads across Azure, AWS, GCP, and on-premises environments, organizations must enable the Defender for Servers and Defender Cloud Security Posture Management (DCSPM) plans in Microsoft Defender for Cloud.
Defender for Servers
This plan provides threat protection, vulnerability management, and security posture recommendations for Windows and Linux VMs. It supports:
- Azure VMs
- Azure Arc-enabled servers (for on-premises and multicloud)
- AWS EC2 and GCP Compute Engine (via Arc or agentless onboarding)
There are two plan tiers:
- Plan 1: Includes Microsoft Defender for Endpoint integration and basic threat detection.
- Plan 2: Adds advanced features like file integrity monitoring, just-in-time access, and premium vulnerability management 1.
DCSPM (Defender CSPM)
DCSPM provides agentless, cloud-native posture management across Azure, AWS, and GCP. It continuously evaluates configurations against security best practices and compliance standards.
Enabling the Plans
- Subscription-level enablement is recommended for broad coverage.
- Resource-level enablement is available for more granular control.
- AWS and GCP machines must be connected to Defender for Cloud and onboarded as Azure Arc-enabled VMs 1.
Once enabled, a 30-day trial begins automatically. Proper enablement ensures continuous protection and visibility across all server workloads, supporting the "Assume Breach" principle of Zero Trust by proactively securing infrastructure against threats.