Skip to main content

Microsoft Defender for Cloud pricing

Get comprehensive security across multicloud and hybrid environments

Microsoft Defender for Cloud is a unified cloud-native application protection platform (CNAPP) that provides Cloud Security Posture Management, DevOps security management, and cloud workload protections across multicloud and hybrid environments.

Explore pricing options

Apply filters to customize pricing options to your needs.

Prices are estimates only and are not intended as actual price quotes. Actual pricing may vary depending on the type of agreement entered with Microsoft, date of purchase, and the currency exchange rate. Prices are calculated based on US dollars and converted using London closing spot rates that are captured in the two business days prior to the last business day of the previous month end. If the two business days prior to the end of the month fall on a bank holiday in major markets, the rate setting day is generally the day immediately preceding the two business days. This rate applies to all transactions during the upcoming month. Sign in to the Azure pricing calculator to see pricing based on your current program/offer with Microsoft. Contact an Azure sales specialist for more information on pricing or to request a price quote. See frequently asked questions about Azure pricing.

Microsoft Defender for Cloud provides comprehensive, cloud-native protections from development to runtime in multicloud environments. Defender for Cloud helps you protect resources across Azure, other clouds, and on-premises through its Free tier and enhanced security capabilities.

Microsoft Defender for Cloud is free for the first 30 days. Any usage beyond 30 days will be automatically charged as per the pricing scheme below.7

When you enable Microsoft Defender for Cloud, we automatically enroll and start protecting all your resources unless you explicitly decide to opt-out. For any resource that is protected by Defender for Cloud, you will be charged per the pricing model below.

Cloud Security Posture Management (CSPM)

Microsoft Defender for Cloud offers foundational and advanced cloud security posture management solutions to protect across your multicloud and hybrid environments. Foundational CSPM (for free) provides continuous assessments, security recommendations, Secure Score, and the Microsoft cloud security benchmark across Azure, Amazon Web Services(AWS), and Google Cloud.

Microsoft Defender CSPM provides advanced security posture capabilities including agentless vulnerability scanning, attack path analysis, integrated data-aware security posture, code to cloud contextualization, and an intelligent cloud security graph. Pricing is dependent on cloud size, with billing based only on only Server, Storage account, and Database counts.

Additionally, it includes DevOps security capabilities to empower security teams to manage DevOps security across multi-pipeline environments.

CSPM Plan Price
Foundational CSPM Free1
Defender Cloud Security Posture Management (CSPM) $-

1Microsoft Defender CSPM protects across all your multicloud workloads, but billing only applies for Compute, Databases, and Storage resources. Billable workloads are VMs, Storage Accounts, OSS DBs, and SQL PaaS & Servers on Machines. Billing begins August 1, 2023.

Microsoft Defender for Cloud’s foundational CSPM capabilities include asset inventory, security assessment, DevOps posture visibility, Infrastructure as Code security, and compliance management. Learn more at Overview of Cloud Security Posture Management (CSPM) - Microsoft Defender for Cloud | Microsoft Learn.

Cloud workload protection plans

Microsoft Defender for Cloud provides cloud workload protection to help organizations quickly prevent, detect, and respond to modern threats across multicloud and hybrid environments. Get advanced threat protection capabilities to secure critical workloads across virtual machines (VMs), containers, databases, storage, app services, APIs, and more.

Resource Type Resource Price
Servers Microsoft Defender for Servers Plan 1 $-
Microsoft Defender for Servers Plan 2 $-
Containers Microsoft Defender for Containers $-4
Databases Microsoft Defender for SQL on Azure-connected databases $-2
Microsoft Defender for SQL outside Azure $-3
Microsoft Defender for MySQL $-
Microsoft Defender for PostgreSQL $-
Microsoft Defender for MariaDB $-
Microsoft Defender for Azure Cosmos DB5 $-
Storage Microsoft Defender for Storage1 $-6
For existing customers using Defender for Storage (classic) per-transaction pricing, please refer to the Defender for Cloud portal.
Malware Scanning7
(add-on to Defender for Storage)
$-/GB of data scanned
Service Layer Microsoft Defender for App Service $-
Microsoft Defender for Key Vault $-/Vault/month
Microsoft Defender for Resource Manager $-/Subscription/month

1 Microsoft Defender currently protects Azure Blobs, Azure Files and Azure Data Lake Storage Gen2 resources.

2 Microsoft Defender for SQL on Azure-connected databases price applies to SQL servers on Azure SQL Database, Azure SQL Managed Instance, Azure SQL elastic pools, Azure Synapse Analytics dedicated SQL pool, SQL on Azure Virtual Machines and SQL on Azure Arc enabled resources (in the customer's datacenter, on the edge or in a multi-cloud environment).

3 Microsoft Defender for SQL outside Azure price applies to SQL Servers hosted outside of Azure in the customer's datacenter, on the edge or in a multi-cloud environment that are not Arc-enabled.

4 Pricing is performed based on vCores in your Kubernetes worker nodes supported by Defender for Containers. This price includes 20 free monthly vulnerability assessments performed in your container registry per charged vCore, whereby the count will be based on the previous month's consumption. Every subsequent scan will be charged at $- per image digest. The majority of customers are not expected to incur any additional image scan charges.

5 For Azure Cosmos DB Serverless accounts, the total RU is converted to provisioned throughput using a conversion factor of 0.00003125.

6 Storage accounts that exceed 73 million monthly transactions will be charged $- for every 1 million transactions that exceed the threshold.

7 Malware Scanning in Defender for Storage is not included for free in the first 30 days and will be charged from the first day in accordance with the pricing scheme. Malware Scanning for Defender for Storage currently supports Azure Blob Storage only. Not available for Defender for Storage (classic).

Defender for API pricing will be available February 2024.

Additional data charges for virtual machines only

Overage Meter Price
Additional data uploaded over included daily data See Azure Monitor pricing page for data ingestion pricing
Additional retention beyond one month See Azure Monitor pricing page for data retention pricing

Azure pricing and purchasing options

Connect with us directly

Get a walkthrough of Azure pricing. Understand pricing for your cloud solution, learn about cost optimization and request a custom proposal.

Talk to a sales specialist

See ways to purchase

Purchase Azure services through the Azure website, a Microsoft representative, or an Azure partner.

Explore your options

Additional resources

Microsoft Defender for Cloud

Learn more about Microsoft Defender for Cloud features and capabilities.

Pricing calculator

Estimate your expected monthly costs for using any combination of Azure products.

SLA

Review the Service Level Agreement for Microsoft Defender for Cloud.

Documentation

Review technical tutorials, videos, and more Microsoft Defender for Cloud resources.

  • No. Subscriptions that had either Microsoft Defender for Kubernetes or Microsoft Defender for Container registries enabled prior to December 6, 2021 do not need to upgrade to the new Microsoft Defender for Containers offering. However, you will see an upgrade option inside the portal.
  • Customers who currently use Microsoft Defender for Kubernetes will continue to be able to use it for subscriptions where the service is already enabled.
  • Customers who currently use Microsoft Defender for Container registries will continue to be able to use it for subscriptions where the service is already enabled.
  • Yes. The new Microsoft Defender for Containers plan contains all features that were previously available via Microsoft Defender for Kubernetes and Microsoft Defender for container registries. In addition, the new plan contains a large set of new and improved capabilities and has removed previously existing dependencies on Microsoft Defender for Servers. Brand new features include Kubernetes-native deployment, advanced threat protection with Kubernetes-aware AI analytics and anomaly detection, and runtime visibility of vulnerabilities.

    For more details, read this article.

  • A transaction is an API call with a request payload size of up to 1,000 data points included in the time series. Each increment of 1,000 data points will be counted as an additional transaction. For example, an API call with request payload size of 2,050 data points is 3 transactions. The maximum request payload size is 8,640 data points. Each data point in the time series is a time stamp/numerical value pair.
  • For Azure Cosmos DB Serverless accounts, Microsoft Defender for Cosmos DB uses a conversion factor of 0.00003125, to convert serverless request units (RUs) to provisioned throughput. For example: An Azure Cosmos DB Serverless account with usage of 215 million RUs per month, will be charged $- for Microsoft Defender for Cosmos DB (215 million RUs * 0.00003125 * $- per 100 RU per second).

Talk to a sales specialist for a walk-through of Azure pricing. Understand pricing for your cloud solution.

Get free cloud services and a $200 credit to explore Azure for 30 days.

Added to estimate. Press 'v' to view on calculator
Can we help you?