System requirements for Microsoft Defender Application Guard

Applies to

  • Windows 10
  • Windows 11

The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.

Note

Given the technological complexity, the security promise of Microsoft Defender Application Guard (MDAG) may not hold true on VMs and in VDI environments. Hence, MDAG is currently not officially supported on VMs and in VDI environments. However, for testing and automation purposes on non-production machines, you may enable MDAG on a VM by enabling Hyper-V nested virtualization on the host.

Hardware requirements

Your environment must have the following hardware to run Microsoft Defender Application Guard.

Hardware Description
64-bit CPU A 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications.
CPU virtualization extensions Extended page tables, also called Second Level Address Translation (SLAT)

AND

One of the following virtualization extensions for VBS:
VT-x (Intel)
OR
AMD-V

Hardware memory Microsoft requires a minimum of 8GB RAM
Hard disk 5 GB free space, solid state disk (SSD) recommended
Input/Output Memory Management Unit (IOMMU) support Not required, but strongly recommended

Software requirements

Your environment must have the following software to run Microsoft Defender Application Guard.

Software Description
Operating system Windows 10 Enterprise edition, version 1809 or higher
Windows 10 Professional edition, version 1809 or higher
Windows 10 Professional for Workstations edition, version 1809 or higher
Windows 10 Professional Education edition, version 1809 or higher
Windows 10 Education edition, version 1809 or higher
Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with MDAG for Professional editions.
Windows 11
Browser Microsoft Edge
Management system
(only for managed devices)
Microsoft Intune

OR

Microsoft Endpoint Configuration Manager

OR

Group Policy

OR

Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Mirosoft MDM solutions, see the documentation that came with your product.