Supported Microsoft Defender for Endpoint capabilities by platform
Applies to:
Want to experience Defender for Endpoint? Sign up for a free trial.
Learn how to Onboard devices and configure Microsoft Defender for Endpoint capabilities.
The following table gives information about the supported Microsoft Defender for Endpoint capabilities by platform.
| Operating System | Windows 10 & 11 | Windows Server | macOS | Linux |
|---|---|---|---|---|
| Prevention | ||||
| Attack Surface Reduction |  |
|
 |
|
| Device Control | |
|
|
|
| Firewall | |
|
|
|
| Network Protection | |
|
|
(preview) |
| Next-generation protection | |
|
|
|
| Tamper Protection | |
|
|
|
| Web Protection | |
|
|
(preview) |
| Detection | ||||
| Advanced Hunting | |
|
|
|
| Custom file indicators | |
|
|
|
| Custom network indicators | |
|
|
(preview) |
| EDR Block | |
|
|
|
| Passive Mode | |
|
|
|
| Sense detection sensor | |
|
|
|
| Endpoint & network device discovery | |
(See note below) |
|
|
| Vulnerability management | |
|
|
(preview) |
| Response | ||||
| Automated Investigation & Response (AIR) | |
|
|
|
| Device response capabilities: collect investigation package | |
|
(preview) |
(preview) |
| Device response capabilities: run antivirus scan | |
|
|
|
| Device isolation | |
|
|
|
| File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes | |
|
(preview) |
(preview) |
| Live Response | |
|
|
|
Note
- Support for Windows Server 2025 is rolling out beginning in February 2025 and over the next several weeks.
- For Windows Server 2012 R2 and Windows Server 2016, use the modern, unified solution. See Onboard Windows Servers to the Defender for Endpoint service.
- On Linux Server, network protection, web protection, and custom network indicators are currently in preview.
- On Linux Server and Mac, Device response capabilities: collect investigation package is currently in preview. You can also use Live Response.
- On Linux Server and Mac, File response capabilities: collect file, deep analysis, block file, stop, and quarantine processes are currently in preview. You can also use Live Response.
- Endpoint & network device discovery is supported on Windows Server 2019 or later, and on Windows 10 and Windows 11.
- Microsoft Defender Vulnerability Management is not supported on Rocky and Alma currently.
- For Windows 7, Windows 8.1, and Windows Server 2008 R2, use System Center Endpoint Protection (SCEP) for the EDR sensor and antivirus protection.
Tip
Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.