An SME sets up an Azure subscription to host a server or a database. It configures the resources; they’re working, and everything seems fine. What no one realizes is that without Defender for Cloud enabled, this environment is running without active monitoring, threat detection, or security posture indicators. The first alert often comes after a compromise has already occurred.
Defender for Cloud is not a cloud-based antivirus. It is a security platform that continuously analyzes the security posture of your Azure resources, detects risky configurations before they turn into incidents, and protects your workloads (servers, databases, containers, storage) against active threats.
This guide explains how it works, what it covers, and where to start if you're an SME with a few Azure resources.
Key Takeaways
Key Features of Microsoft Defender for Cloud for Small and Medium-Sized Businesses:
- Defender for Cloud is not Defender for Business: one protects your Azure (cloud) resources, while the other protects your endpoints. These are two separate products with different scopes.
- The basic version is free: the Foundational CSPM tier is activated at no cost with any Azure subscription and provides a security score, recommendations, and an immediate compliance assessment.
- Active protection is billed per resource: Defender for Servers, Defender for Storage, Defender for Databases—each plan is billed separately based on the type and number of protected resources.
- NIS 2 and GDPR: Defender for Cloud helps document compliance: the regulatory compliance dashboard covers NIS 2, ISO 27001, GDPR, and other standards, with a status report for each control.
- Native multicloud: Defender for Cloud also protects AWS and Google Cloud resources from the same interface, without the need for third-party tools.
In a nutshell: Microsoft Defender for Cloud is Microsoft’s CNAPP platform that combines cloud security posture management (CSPM) and cloud workload protection (CWPP) for Azure, multicloud, and hybrid environments.
Defender for Cloud vs. Defender for Business: They Are Not the Same Product
This is the most common source of confusion. Both are called "Defender," both are from Microsoft, but they don't protect the same things.
An SMB with M365 Business Premium and a few Azure VMs needs both: Defender for Business for its workstations and Defender for Cloud for its Azure infrastructure. These aren't alternatives; they're complementary layers.
The Two Pillars of Defender for Cloud
1. CSPM: Security Posture Management
CSPM (Cloud Security Posture Management) continuously assesses the configuration of your Azure resources and detects deviations from security best practices. It generates a Secure Score, a numerical rating that indicates the overall status of your security posture.
The free tier is immediately useful: it identifies which resources are misconfigured, which ports are open for no reason, and which accounts do not have MFA enabled. Most small and medium-sized businesses that enable Foundational CSPM discover dozens of recommendations for improvements in an environment they believed to be secure.
The paid CSPM Defender adds attack path analysis: it models how an attacker might move between resources following an initial compromise. This is particularly relevant for more complex environments with multiple interconnected services.
2. CWPP: Workload Protection
The CWPP (Cloud Workload Protection Platform) adds a layer of real-time threat detection to every type of resource. Unlike CSPM, which assesses configuration, the CWPP monitors for suspicious behavior during execution.
Each plan is billed separately. An SMB with 3 VMs and an SQL database can activate only Defender for Servers and Defender for SQL without paying for containers or APIs.
What You See on the Dashboard
The Defender for Cloud portal centralizes everything in a single interface. Here are the main views that are useful for a small or medium-sized business.
Secure Score: a percentage that summarizes the state of your security posture. A score of 30% on an unconfigured Azure environment is common. Each recommendation you address increases the score.
Security recommendations: a prioritized list of configurations to fix, including their impact on the Secure Score, severity (critical, high, medium, low), and remediation instructions directly within the portal.
Security alerts: Suspicious events detected in real time on resources protected by CWPP policies. Each alert includes a description of the threat, the affected resources, and recommended response steps.
Regulatory Compliance: A dashboard that maps your Azure resources against controls from standards such as NIS2, ISO 27001, GDPR, SOC 2, or PCI DSS. Useful for preparing for an audit or documenting your level of compliance for a client or auditor.
Resource inventory: a view of all Azure resources along with their security health status. This is often where SMBs discover forgotten resources that have been running unattended for months.
SME Getting Started Guide: 3 Steps
Step 1: Activate the free tier (Foundational CSPM)
In the Azure portal, search for "Microsoft Defender for Cloud." Foundational CSPM is automatically enabled on existing subscriptions: you can view your Secure Score and initial recommendations right away, without having to configure anything.
The initial scan takes 15 to 30 minutes. The list of recommendations may come as a surprise: open RDP ports, unencrypted storage accounts, and VMs without applied updates. Everything identified by the free tier can be fixed without upgrading to a paid plan.
Step 2: Enable Defender for Servers on your VMs
If you have Azure virtual machines, Defender for Servers Plan 1 is the logical next step. It deploys Microsoft Defender for Endpoint on your VMs, giving you EDR protection on cloud servers with the same capabilities as on your physical machines.
Defender for Servers Plan 2 adds agentless vulnerability scanning, network monitoring, and advanced behavioral detection. It is designed for organizations that have VMs exposed to the internet or that host sensitive data.
Step 3: Enable plans for sensitive resources
Do you have a database containing customer data? Enable Defender for SQL or Defender for MySQL. Do you have Azure Storage containing confidential documents? Enable Defender for Storage. Activation is done on a per-resource basis through the Defender for Cloud portal, and billing begins immediately.
Pricing: What You Actually Pay
The rates below are approximate values in USD, based on information from Microsoft and its partners. The official Azure pricing page displays real-time rates based on region and currency. Check the final prices using the Azure Calculator or with your reseller.
A few key points to remember about billing:
The first 30 days are free on all paid plans. This isn't a sales pitch—it's the time you need to evaluate what each plan actually detects in your environment before you commit.
Microsoft offers Commit Units with discounts of up to 22% for an annual commitment. For a fleet of 10 to 20 VMs, the savings can be significant.
Defender for Servers Plan 2 includes Advanced Defender CSPM at no additional cost for the covered resources. If you enable Plan 2 on your servers, you won't be charged twice for CSPM on those same resources.
Defender for Cloud and NIS2 Compliance
In March 2026, ANSSI published the Cyber France Framework (ReCyF), which lists the technical measures recommended to meet NIS2 requirements. SMEs with more than 50 employees or €10 million in revenue in critical sectors (energy, transportation, healthcare, digital, and agri-food) are subject to these requirements.
Defender for Cloud directly contributes to several key areas of ReCyF and NIS2:
The regulatory compliance dashboard does not certify your compliance; it documents your current status in relation to the controls in a framework. It is a starting point for an audit, not a certificate.
What Defender for Cloud Can't Do on Its Own
Simply activating Defender for Cloud plans is not enough to secure an environment. It’s the same problem as buying an alarm system without signing up for a monitoring service: alerts pile up without anyone responding to them.
To take full advantage of Defender for Cloud, you need someone to monitor alerts, understand their context, triage false positives, and trigger corrective actions. In large organizations, this is the role of a SOC. For small and medium-sized businesses, it’s typically the role of a specialized MSP that integrates Defender for Cloud into its monitoring.
An MSP configures plans tailored to your infrastructure, suppresses context-less alerts (the usual noise during the first few weeks), and implements management rules suited to your specific environment. It monitors critical alerts 24 hours a day and responds to incidents without requiring you to understand the technical details of the platform.
This is the scope of theIT Systems Hypermanagement : continuous monitoring of Azure environments (Defender for Cloud, Microsoft Sentinel, Entra ID), alert triage, autonomous resolution of common incidents, and human escalation for confirmed threats. The Cybersecurity and management of thecloud infrastructure are handled together, not as two separate silos.
Frequently asked questions
What is Microsoft Defender for Cloud?
Microsoft Defender for Cloud is a CNAPP (Cloud Native Application Protection Platform) that combines cloud security posture management (CSPM) and cloud workload protection (CWPP). It continuously scans Azure, AWS, and Google Cloud resources to detect misconfigurations, vulnerabilities, and active threats from a centralized interface.
Is Defender for Cloud free?
Partially. The Foundational CSPM tier is free with any Azure subscription: it provides access to the Secure Score, security recommendations, and a basic compliance dashboard. Workload protection plans (Defender for Servers, Defender for Storage, Defender for SQL, etc.) are paid services, billed per protected resource. The first 30 days of each paid plan are free.
What is the difference between Defender for Cloud and Defender for Business?
Defender for Business protects physical or virtual endpoints and servers within the Microsoft 365 Business Premium environment. Defender for Cloud protects resources hosted in Azure (and other clouds). The two can coexist: Defender for Business for endpoints, Defender for Cloud for cloud infrastructure. Defender for Servers Plan 1 also includes Defender for Endpoint on Azure VMs, which bridges the two products.
How does Defender for Cloud help ensure compliance with NIS2?
Defender for Cloud offers a regulatory compliance dashboard that maps the status of your Azure resources against NIS2 controls (and other standards: ISO 27001, GDPR, SOC 2, PCI DSS). It does not certify your compliance but documents your current status by control, including non-compliant resources and remediation recommendations. As of March 2026, this dashboard can be aligned with the requirements of the Référentiel Cyber France (ReCyF) published by ANSSI.
Does Defender for Cloud work with AWS or Google Cloud?
Yes. Defender for Cloud is native to multi-cloud environments. By connecting your AWS or GCP accounts via Azure Arc connectors, you get the same Secure Score, recommendations, and alerts for these environments from the Azure interface. This is one of the platform’s advantages over cloud security tools that are native to each provider.
Where should an SME with limited Azure resources start?
The first step is to enable Foundational CSPM (free) and address the initial recommendations, particularly those classified as “Critical” and “High.” This takes a few hours and immediately improves your security posture at no cost. Next, if you have VMs, Defender for Servers Plan 1 is the logical next step at about $5 per server per month.
How much does Defender for Cloud actually cost for a typical SMB?
For a typical SMB with 5 VMs, 2 SQL databases, and a few Azure storage accounts, a rough estimate using Plan 1 for servers and Defender for SQL would be approximately 100 to 150 € per month, excluding tax (excluding Foundational CSPM, which remains free). This figure varies depending on the Azure region, the exchange rate, and the terms negotiated with the reseller. The Azure calculator allows you to get a personalized estimate before activating the plans.
What IT Systèmes Offers for Defender for Cloud
IT Systèmes is a Microsoft partner and supports small and medium-sized businesses (SMBs) and mid-market companies in deploying, configuring, and monitoring their Azure environments. Our teams activate and configure Defender for Cloud to suit your resource portfolio, manage alert triage, and ensure that the services you pay for are active and properly configured.
We provide services to accounting firms, law firms , and small and medium-sized businesses across all sectors that have security requirements for their cloud infrastructure.



