AzureFeeds

U.S. government organizations face unique security and compliance challenges as they migrate essential workloads to the cloud. To help meet these needs, Microsoft Defender for Cloud has expanded support in the Government Cloud with Defender cloud security posture management (CSPM) and Defender for Servers Plan 2. This expansion helps strengthen security posture with advanced threat protection, vulnerability management, and contextual risk insights across hybrid and multi-cloud environments. 

Defender CSPM and Defender for Servers are available in the following Microsoft Government Clouds: 

• Microsoft Azure Government (MAG) – FedRamp High, DISA IL4, DISA IL5 

• Government Community Cloud High (GCCH) – FedRamp High, DISA IL4 

Defender for Cloud offers support for CSPM in U.S. Government Cloud 

First, Defender CSPM is generally available for U.S. Government cloud customers. This expansion brings advanced cloud security posture management capabilities to U.S. federal and government agencies—including the Department of Defense (DoD) and civilian agencies—helping them strengthen their security posture and compliance in the cloud. 

Defender CSPM empowers agencies to continuously discover, assess, monitor, and improve their cloud security posture, including the ability to monitor and correct configuration drift, ensuring they meet regulatory requirements and proactively manage risk in highly regulated environments. 

Additional benefits for government agencies: 

• Continuous Compliance Assurance 
  Unlike static audits, Defender CSPM provides real-time visibility into the security posture of cloud environments. This enables agencies to demonstrate ongoing compliance with federal standards—anytime, not just during audit windows  

• Risk-Based Prioritization 
  Defender CSPM uses contextual insights and attack path analysis to help security teams focus on the most critical risks first—maximizing impact while optimizing limited resources  


• Agentless Monitoring 
  With agentless scanning, agencies can assess workloads without deploying additional software—ideal for sensitive or legacy systems  

 Security recommendations in Defender CSPM 

To learn more about Defender CSPM, visit our technical documentation.  

Defender for Cloud now offers full feature parity for server security in U.S. Government Cloud 

In addition to Defender CSPM, we’re also expanding our support for server security in the U.S. GovCloud. 

Government agencies face mounting challenges in securing the servers that support their critical operations and sensitive data. As server environments expand across on-premises, hybrid, and multicloud platforms, maintaining consistent security controls and compliance with federal standards like FedRAMP and NIST SP 800-53 becomes increasingly difficult. Manual processes and periodic audits can’t keep up with configuration drift, unpatched vulnerabilities, and evolving threats—leaving agencies exposed to breaches and compliance risks. Defender for Servers provides continuous, automated threat protection, vulnerability management, and compliance monitoring across all server environments, enabling agencies to safeguard their infrastructure and maintain a strong security posture. 

We are excited to share that all capabilities in Defender for Servers Plan 2 are now available in U.S. GovCloud, including these newly added capabilities:  

• Agent-based and agentless vulnerability assessment recommendations 

• Secrets detection recommendations 

• EDR detection recommendations 

• Agentless malware detection 

• File integrity monitoring 

• Baseline recommendations  

Customers can start using all capabilities of Defender for Servers Plan 2 in U.S. Government Cloud starting today. 

To learn more about Defender for Servers, visit our technical documentation. 

Get started today!  

To gain access to the robust capabilities provided by Defender CSPM and Defender for Servers, you need to enable the plans on your subscription. 

To enable the Defender CSPM and Defender for Servers plans on your subscription: 

1. Sign in to the Azure portal. 

1. Search for and select Microsoft Defender for Cloud. 

1. In the Defender for Cloud menu, select Environment settings. 

1. Select the relevant Azure subscription, AWS account or GCP project. 

1. On the Defender plans page, toggle the Defender CSPM plan and/or Defender for Servers to On. 

1. Select Save.