L. Goduti outlines Microsoft’s new security and compliance advancements in Defender for Cloud, bringing CSPM and Defender for Servers Plan 2 to U.S. Government Clouds to support agencies facing strict regulatory obligations.

Microsoft Defender for Cloud Expands Security and Compliance Features for U.S. Government Cloud

Author: L. Goduti

Overview

U.S. government agencies require rigorous security and compliance controls as they move workloads to the cloud. Microsoft is addressing these needs by expanding Defender for Cloud with new capabilities in the U.S. Government Cloud, specifically adding Cloud Security Posture Management (CSPM) and extending Defender for Servers Plan 2 support.

Expanded Capabilities in Microsoft Government Clouds

  • Defender CSPM and Defender for Servers are now generally available in:
    • Microsoft Azure Government (MAG): FedRAMP High, DISA IL4, DISA IL5
    • Government Community Cloud High (GCCH): FedRAMP High, DISA IL4

Defender CSPM: Enhanced Cloud Security Posture Management

  • Provides continuous discovery, assessment, monitoring, and improvement of cloud security posture
  • Ensures real-time compliance with federal standards (e.g., FedRAMP, NIST SP 800-53)
  • Features regulatory controls, configuration drift monitoring, and risk management

Key Benefits:

  • Continuous Compliance Assurance: Real-time security posture visibility allows agencies to show compliance at any time, not just during audits
  • Risk-Based Prioritization: Contextual insights and attack path analysis highlight the most critical risks
  • Agentless Monitoring: Enables workload assessment without additional software, ideal for sensitive or legacy environments

For more details about Defender CSPM features: Technical documentation

Defender for Servers Plan 2: Full Feature Parity

  • Defender for Servers brings continuous, automated threat protection, vulnerability management, and compliance monitoring to:
    • On-premises, hybrid, and multi-cloud server environments
  • Addresses growing challenges like:
    • Configuration drift
    • Unpatched vulnerabilities
    • Evolving modern threats

Newly Available Features in U.S. GovCloud:

  • Agent-based and agentless vulnerability assessments
  • Secrets detection recommendations
  • Endpoint Detection and Response (EDR) recommendations
  • Agentless malware detection
  • File integrity monitoring
  • Baseline configuration recommendations

Learn more: Defender for Servers documentation

How to Get Started

To enable Defender CSPM and Defender for Servers:

  1. Sign in to the Azure portal.
  2. Navigate to Microsoft Defender for Cloud.
  3. Go to Environment settings in the menu.
  4. Select your Azure subscription, AWS account, or GCP project.
  5. Switch on the plans for Defender CSPM and/or Defender for Servers.
  6. Save your changes.

Updated: Aug 11, 2025

For more detailed guidelines, consult the Microsoft technical documentation and governance resources.

This post appeared first on “Microsoft Tech Community”. Read the entire article here