Supported Microsoft Defender for Endpoint capabilities by platform
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Learn how to Onboard devices and configure Microsoft Defender for Endpoint capabilities.
The following table gives information about the supported Microsoft Defender for Endpoint capabilities by platform.
| Operating System | Windows 10 & 11 | Windows Server 2012 R2 [1], 2016 [1], 2019 & 2022, 1803+ |
macOS | Linux |
|---|---|---|---|---|
| Prevention | ||||
| Attack Surface Reduction |  |
|
 |
|
| Device Control | |
|
|
|
| Firewall | |
|
|
|
| Network Protection | |
|
[2] |
[2] |
| Next-generation protection | |
|
|
|
| Tamper Protection | |
|
|
|
| Web Protection | |
|
[2] |
[2] |
| Detection | ||||
| Advanced Hunting | |
|
|
|
| Custom file indicators | |
|
|
|
| Custom network indicators | |
|
[2] |
[2] |
| EDR Block | |
|
|
|
| Passive Mode | |
|
|
|
| Sense detection sensor | |
|
|
|
| Endpoint & network device discovery | |
|
|
|
| Vulnerability management | |
|
|
|
| Response | ||||
| Automated Investigation & Response (AIR) | |
|
|
|
| Device response capabilities: collect investigation package | |
|
[3] |
[3] |
| Device response capabilities: run AV scan | |
|
|
|
| Device isolation | |
|
|
|
| File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | |
|
|
|
| Live Response | |
|
|
|
[1] Refers to the modern, unified solution for Windows Server 2012 R2 and 2016. For more information, see Onboard Windows Servers to the Defender for Endpoint service.
[2] Feature is currently in preview (Microsoft Defender for Endpoint preview features)
[3] Response capabilities using Live Response [2]
[4] Collect file only, using Live Response [2]
Note
Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and AV using System Center Endpoint Protection (SCEP).
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for