System requirements for Microsoft Defender Application Guard
Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, will be deprecated for Microsoft Edge for Business and will no longer be updated. Please download the Microsoft Edge For Business Security Whitepaper to learn more about Edge for Business security capabilities.
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
Given the technological complexity, the security promise of Microsoft Defender Application Guard (MDAG) may not hold true on VMs and in VDI environments. Hence, MDAG is currently not officially supported on VMs and in VDI environments. However, for testing and automation purposes on non-production machines, you may enable MDAG on a VM by enabling Hyper-V nested virtualization on the host.
Your environment must have the following hardware to run Microsoft Defender Application Guard.
Application Guard currently isn't supported on Windows 11 ARM64 devices.
|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications.
|CPU virtualization extensions
|Extended page tables, also called Second Level Address Translation (SLAT)
One of the following virtualization extensions for VBS:
|Microsoft requires a minimum of 8-GB RAM
|5-GB free space, solid state disk (SSD) recommended
|Input/Output Memory Management Unit (IOMMU) support
|Not required, but recommended
Your environment must have the following software to run Microsoft Defender Application Guard.
|Windows 10 Enterprise or Education editions, version 1809 or later
Windows 10 Professional edition, version 1809 or later (only standalone mode is supported)
Windows 11 Education or Enterprise editions
Windows 11 Professional edition (only Standalone mode is supported)
(only for managed devices)
Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Microsoft MDM solutions, see the documentation that came with your product.