Supported Microsoft Defender for Endpoint capabilities by platform

Applies to:

• Microsoft Defender for Endpoint Plan 1
• Microsoft Defender for Endpoint Plan 2
• Microsoft 365 Defender

Want to experience Defender for Endpoint? Sign up for a free trial.

Learn how to Onboard devices and configure Microsoft Defender for Endpoint capabilities.

The following table gives information about the supported Microsoft Defender for Endpoint capabilities by platform.

Operating System	Windows 10 & 11	Windows Server 2012 R2 [1], 2016 [1], 2019 & 2022, 1803+	macOS	Linux
Prevention
Attack Surface Reduction
Device Control
Firewall
Network Protection			[2]	[2]
Next-generation protection
Tamper Protection
Web Protection			[2]	[2]
Detection
Advanced Hunting
Custom file indicators
Custom network indicators			[2]	[2]
EDR Block
Passive Mode
Sense detection sensor
Endpoint & network device discovery
Vulnerability management
Response
Automated Investigation & Response (AIR)
Device response capabilities: collect investigation package			[3]	[3]
Device response capabilities: run AV scan			[2]	[2]
Device isolation			[2]	[2]
File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes			[4]	[4]
Live Response

^[1] Refers to the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see Onboard Windows Servers to the Defender for Endpoint service.

^[2] Feature is currently in preview (Microsoft Defender for Endpoint preview features)

^[3] Response capabilities using Live Response [2]

^[4] Collect file only, using Live Response [2]

Note

Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and AV using System Center Endpoint Protection (SCEP).

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.