The free security extension is installed by default, but in a disabled state, on all guest operating system families, specifically Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2. It is not installed by default in the Azure Virtual Machines platform, i.e. the Infrastructure as a Service offering, but may be added through the Azure Management Portal and Visual Studio Virtual Machine configuration under Security Extensions.
The Antimalware service uses the same engine and signatures as Microsoft's Forefront, System Center and Defender antimalware offerings. It has access to the same updates, on-demand and real-time scanning. While the software is free, running it "...may result in increased data, network, or compute resource usage resulting in additional license or subscription costs."
The service is programmable through APIs, PowerShell and using the Visual Studio virtual machines configuration in Server Explorer. These allow enterprises to control the configuration of the Antimalware service to a high degree. Once installed and running, if configured with Azure Diagnostics, the service logs events to the Azure Storage account. These events can then be piped to HDInsight (Microsoft's Hadoop distribution) or an SIEM (Security Information and Event Management) system.