System requirements for Microsoft Defender Application Guard
Note
- Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is deprecated for Microsoft Edge for Business and will no longer be updated. To learn more about Microsoft Edge security capabilities, see Microsoft Edge For Business Security.
- Starting with Windows 11, version 24H2, Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is no longer available.
- Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding browser extensions and associated Windows Store app are no longer available. If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or Microsoft Edge management service. For more information, see Microsoft Edge and Microsoft Defender Application Guard.
The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
Note
Given the technological complexity, the security promise of Microsoft Defender Application Guard (MDAG) may not hold true on VMs and in VDI environments. Hence, MDAG is currently not officially supported on VMs and in VDI environments. However, for testing and automation purposes on non-production machines, you may enable MDAG on a VM by enabling Hyper-V nested virtualization on the host.
Hardware requirements
Your environment must have the following hardware to run Microsoft Defender Application Guard.
Note
Application Guard currently isn't supported on Windows 11 ARM64 devices.
| Hardware | Description |
|---|---|
| 64-bit CPU | A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and Virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications. |
| CPU virtualization extensions | Extended page tables, also called Second Level Address Translation (SLAT) AND One of the following virtualization extensions for VBS: VT-x (Intel) OR AMD-V |
| Hardware memory | Microsoft requires a minimum of 8-GB RAM |
| Hard disk | 5-GB free space, solid state disk (SSD) recommended |
| Input/Output Memory Management Unit (IOMMU) support | Not required, but recommended |
Software requirements
Your environment must have the following software to run Microsoft Defender Application Guard.
| Software | Description |
|---|---|
| Operating system | Windows 10 Enterprise or Education editions, version 1809 or later Windows 10 Professional edition, version 1809 or later (only standalone mode is supported) Windows 11 Education or Enterprise editions Windows 11 Professional edition (only Standalone mode is supported) |
| Browser | Microsoft Edge |
| Management system (only for managed devices) |
Microsoft Intune OR Microsoft Configuration Manager OR Group Policy OR Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Microsoft MDM solutions, see the documentation that came with your product. |