There are some minimum requirements for onboarding devices to Defender for Endpoint. This article describes licensing, hardware and software requirements, and other configuration settings needed to onboard devices.
For detailed licensing information, see the Product Terms site and work with your account team to learn more about the terms and conditions.
Browser requirements
Access to Defender for Endpoint is done through a browser. The following browsers are supported:
Microsoft Edge
Google Chrome
Note
Although other browsers might work, the mentioned browsers are the ones supported.
Hardware and software requirements
Devices on your network must be running one of the supported operating systems. New features or capabilities are typically provided only on supported operating systems. For more information, see Supported Microsoft Defender for Endpoint capabilities by platform. Microsoft recommends installing the latest available security patches for any operating system.
Supported Windows versions
Important
Windows 11 Home devices that are upgraded to a supported edition might require you to run the following command before onboarding: DISM /online /Add-Capability /CapabilityName:Microsoft.Windows.Sense.Client~~~~
For more information about edition upgrades and features, see (Windows features)
Make sure to confirm that the Linux distributions and versions of Android, iOS, and macOS are compatible with Defender for Endpoint.
Although Windows 10 IoT Enterprise is a supported OS in Microsoft Defender for Endpoint and enables OEMs/ODMs to distribute it as part of their product or solution, customers should follow the OEM/ODM's guidance around host-based installed software and supportability.
Endpoints running mobile versions of Windows (such as Windows CE and Windows 10 Mobile) aren't supported.
Virtual Machines running Windows 10 Enterprise 2016 LTSB can encounter performance issues when used on non-Microsoft virtualization platforms.
For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 or later.
The minimum hardware requirements for Defender for Endpoint on Windows devices are the same as the requirements for the operating system itself (that is, they aren't in addition to the requirements for the operating system).
Cores: 2 minimum, 4 preferred
Memory: 1GB minimum, 4 GB preferred
Network and data storage and configuration requirements
When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender for Endpoint-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.
Note
You can't change your data storage location after the first-time setup.
Internet Protocol Version 4 (IPv4) stack must be enabled on devices for communication to the Defender for Endpoint cloud service to work as expected.
Alternatively, if you must use an Internet Protocol Version 6 (IPv6) only configuration, consider adding dynamic IPv6/IPv4 transitional mechanisms, such as DNS64/NAT64 to ensure end-to-end IPv6 connectivity to Microsoft 365 without any other network reconfiguration.
Internet connectivity
Internet connectivity on devices is required either directly or through a proxy.
When Microsoft Defender Antivirus isn't the active anti-malware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes into passive mode.
If your organization turns off Microsoft Defender Antivirus through Group Policy or other methods, devices that are onboarded must be excluded from the Group Policy.
If you're onboarding servers and Microsoft Defender Antivirus isn't the active anti-malware on your servers, configure Microsoft Defender Antivirus to run in passive mode or uninstall it. The configuration is dependent on the server version. For more information, see Microsoft Defender Antivirus compatibility.
Note
Your regular Group Policy doesn't apply to tamper protection, and changes to Microsoft Defender Antivirus settings are ignored when tamper protection is on. See What happens when tamper protection is turned on?
Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled
If you're running Microsoft Defender Antivirus as the primary anti-malware product on your devices, the Defender for Endpoint agent successfully onboards.
If you're running a non-Microsoft anti-malware client and use Mobile Device Management solutions or Microsoft Configuration Manager (current branch), you need to ensure the Microsoft Defender Antivirus ELAM driver is enabled. For more information, see Ensure that Microsoft Defender Antivirus isn't disabled by policy.
This module examines how Microsoft Defender for Endpoint helps enterprise networks prevent, detect, investigate, and respond to advanced threats by using endpoint behavioral sensors, cloud security analytics, and threat intelligence. MS-102
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.