Supported Microsoft Defender for Endpoint capabilities by platform

Applies to:

Want to experience Defender for Endpoint? Sign up for a free trial.

The following table gives information about the supported Microsoft Defender for Endpoint capabilities by platform.

Operating System	Windows Server	Linux
Prevention
Attack Surface Reduction
Device Control
Firewall
Network Protection		(preview)
Next-generation protection
Tamper Protection
Web Protection		(preview)
Detection
Advanced Hunting
Custom file indicators
Custom network indicators		(preview)
EDR Block
Passive Mode
Sense detection sensor
Endpoint & network device discovery	(See note below)
Vulnerability management		(preview)
Response
Automated Investigation & Response (AIR)
Device response capabilities: collect investigation package
Device response capabilities: run antivirus scan
Device isolation
File response capabilities: collect file, deep analysis
File response capabilities: block file, stop, and quarantine processes
Live Response

Note

For Windows Server 2012 R2 and Windows Server 2016, use the modern, unified solution. See Onboard Windows Servers to the Defender for Endpoint service.
On Linux Server, network protection, web protection, and custom network indicators are currently in preview.
On Linux, network protection, web protection, and custom network indicators are currently in preview.
Endpoint & network device discovery is supported on Windows Server 2019 or later, and on Windows 10 and Windows 11.
Microsoft Defender Vulnerability Management is not supported on Rocky and Alma currently.
For Windows 7, Windows 8.1, and Windows Server 2008 R2, use System Center Endpoint Protection (SCEP) for the EDR sensor and antivirus protection.

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender for Endpoint Tech Community.

Feedback