Edit

Share via

Minimum requirements for Microsoft Defender for Endpoint

  • Article

Applies to:

Want to experience Microsoft Defender for Endpoint? Sign up for a free trial.

There are some minimum requirements for onboarding devices to the Defender for Endpoint service. Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.

Tip

Licensing requirements

For more detailed information about licensing requirements for Microsoft Defender for Endpoint, see Microsoft Defender for Endpoint licensing information.

For detailed licensing information, see the Product Terms site and work with your account team to learn more about the terms and conditions.

Browser requirements

Access to Defender for Endpoint is done through a browser. The following browsers are supported:

  • Microsoft Edge
  • Google Chrome

Note

Although other browsers might work, the mentioned browsers are the ones supported.

Hardware and software requirements

Devices on your network must be running one of these editions. New features or capabilities are typically provided only on operating systems that haven't yet reached the end of their support lifecycle. For more information, see Supported Microsoft Defender for Endpoint capabilities by platform. Microsoft recommends the installation of the latest available security patches for any operating system.

Supported Windows versions

Important

Windows 11 Home devices that have been upgraded to one of the below supported editions might require you to run the following command before onboarding: DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~. For more information about edition upgrades and features, see Features)

  • Windows 11 Enterprise
  • Windows 11 IoT Enterprise
  • Windows 11 Education
  • Windows 11 Pro
  • Windows 11 Pro Education
  • Windows 10 and 11 on Arm
  • Windows 10 Enterprise
  • Windows 10 Enterprise LTSC 2016 (or later)
  • Windows 10 IoT Enterprise (including LTSC)
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education
  • Windows server
    • Windows Server 2012 R2
    • Windows Server 2016
    • Windows Server, version 1803 or later
    • Windows Server 2019 and later
    • Windows Server 2019 core edition
    • Windows Server 2022
    • Windows Server 2022 core edition
  • Azure Virtual Desktop
  • Windows 365 running one of the above operating systems/versions

The following operating systems require the use of the Log Analytics / Microsoft Monitoring Agent (MMA) to work with Defender for Endpoint:

  • Windows 8.1 Enterprise
  • Windows 8.1 Pro
  • Windows 7 SP1 Enterprise
  • Windows 7 SP1 Pro
  • Windows Server 2008 R2 SP1

Note

Ensure you stay up to date with the Microsoft Monitoring Agent (MMA, also known as the Log Analytics or Azure Monitor agent) to avoid service interruptions.

To add antimalware protection to these older operating systems, you can use System Center Endpoint Protection.

Other supported operating systems

Note

  • You'll need to confirm the Linux distributions and versions of Android, iOS, and macOS are compatible with Defender for Endpoint.
  • While Windows 10 IoT Enterprise is a supported OS in Microsoft Defender for Endpoint and enables OEMs/ODMs to distribute it as part of their product or solution, customers should follow the OEM/ODM's guidance around host-based installed software and supportability.
  • Endpoints running mobile versions of Windows (such as Windows CE and Windows 10 Mobile) aren't supported.
  • Virtual Machines running Windows 10 Enterprise 2016 LTSB can encounter performance issues when used on non-Microsoft virtualization platforms.
  • For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 or later.
  • The standalone versions of Defender for Endpoint Plan 1 and Plan 2 do not include server licenses. To onboard servers to those plans, you'll need an additional license, such as Microsoft Defender for Servers Plan 1 or Plan 2 (as part of the Defender for Cloud offering). To learn more. see Defender for Endpoint onboarding Windows Server.
  • If your organization is a small or medium-sized business, see Microsoft Defender for Business requirements.

Hardware requirements

The minimum hardware requirements for Defender for Endpoint on Windows devices are the same as the requirements for the operating system itself (that is, they aren't in addition to the requirements for the operating system).

  • Cores: 2 minimum, 4 preferred
  • Memory: 1 GB minimum, 4 preferred

Network and data storage and configuration requirements

When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender for Endpoint-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.

Note

IP stack

IPv4 (Internet Protocol Version 4) stack must be enabled on devices for communication to the Defender for Endpoint cloud service to work as expected.

Alternatively, if you must use an IPv6-only configuration, consider adding dynamic IPv6/IPv4 transitional mechanisms, such as DNS64/NAT64 to ensure end-to-end IPv6 connectivity to Microsoft 365 without any other network reconfiguration.

Internet connectivity

Internet connectivity on devices is required either directly or through proxy.

For more information on other proxy configuration settings, see Configure device proxy and Internet connectivity settings.

Microsoft Defender Antivirus configuration requirement

The Defender for Endpoint agent depends on Microsoft Defender Antivirus to scan files and provide information about them.

Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware solution or not. For more information, see Manage Microsoft Defender Antivirus updates and apply baselines.

When Microsoft Defender Antivirus isn't the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes into passive mode.

If your organization has turned off Microsoft Defender Antivirus through Group Policy or other methods, devices that are onboarded must be excluded from the Group Policy.

If you're onboarding servers and Microsoft Defender Antivirus isn't the active antimalware on your servers, configure Microsoft Defender Antivirus to run in passive mode or uninstall it. The configuration is dependent on the server version. For more information, see Microsoft Defender Antivirus compatibility.

Note

Your regular Group Policy doesn't apply to Tamper Protection, and changes to Microsoft Defender Antivirus settings will be ignored when Tamper Protection is on. See What happens when tamper protection is turned on?

Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled

If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.

If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Configuration Manager (current branch), you need to ensure the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see Ensure that Microsoft Defender Antivirus isn't disabled by policy.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.