| title | description | ms.service | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic | ms.subservice | search.appverid | ms.date | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Supported Microsoft Defender for Endpoint capabilities by platform |
Get to know the Microsoft Defender for Endpoint capabilities supported for Windows 10 devices, servers, and non-Windows devices. |
defender-endpoint |
siosulli |
siosulli |
medium |
deniseb |
ITPro |
|
conceptual |
onboard |
met150 |
07/17/2024 |
[!INCLUDE Microsoft Defender XDR rebranding]
Applies to:
- Microsoft Defender for Endpoint Plan 1
- Microsoft Defender for Endpoint Plan 2
- Microsoft Defender XDR
Want to experience Defender for Endpoint? Sign up for a free trial.
Learn how to Onboard devices and configure Microsoft Defender for Endpoint capabilities.
The following table gives information about the supported Microsoft Defender for Endpoint capabilities by platform.
| Operating System | Windows 10 & 11 | Windows Server 2012 R2 [1], 2016 [1], 2019 & 2022, 1803+ |
macOS | Linux |
|---|---|---|---|---|
| Prevention | ||||
| Attack Surface Reduction |  |
|
 |
|
| Device Control | |
|
|
|
| Firewall | |
|
|
|
| Network Protection | |
|
|
[2] |
| Next-generation protection | |
|
|
|
| Tamper Protection | |
|
|
|
| Web Protection | |
|
|
[2] |
| Detection | ||||
| Advanced Hunting | |
|
|
|
| Custom file indicators | |
|
|
|
| Custom network indicators | |
|
|
[2] |
| EDR Block | |
|
|
|
| Passive Mode | |
|
|
|
| Sense detection sensor | |
|
|
|
| Endpoint & network device discovery | |
[5] |
|
|
| Vulnerability management | |
|
|
|
| Response | ||||
| Automated Investigation & Response (AIR) | |
|
|
|
| Device response capabilities: collect investigation package | |
|
[3] |
[3] |
| Device response capabilities: run antivirus scan | |
|
|
|
| Device isolation | |
|
|
|
| File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | |
|
|
|
| Live Response | |
|
|
|
[1] Refers to the modern, unified solution for Windows Server 2012 R2 and Windows Server 2016. For more information, see Onboard Windows Servers to the Defender for Endpoint service.
[2] Feature is currently in preview (Microsoft Defender for Endpoint preview features)
[3] Response capabilities using Live Response [2]
[4] Collect file only, using Live Response [2]
[5] Endpoint & network device discovery is supported on Windows Server 2019 or later, Windows 10, and Windows 11
Note
Windows 7, 8.1, Windows Server 2008 R2 include support for the EDR sensor, and antivirus using System Center Endpoint Protection (SCEP).