Microsoft Defender for Endpoint 的最低要求Minimum requirements for Microsoft Defender for Endpoint

适用于:Applies to:

想要体验 Microsoft Defender for Endpoint?Want to experience Microsoft Defender for Endpoint? 注册免费试用版。Sign up for a free trial.

将设备载入到服务有一些最低要求。There are some minimum requirements for onboarding devices to the service. 了解许可、硬件和软件要求以及其他配置设置,以将设备载入服务。Learn about the licensing, hardware and software requirements, and other configuration settings to onboard devices to the service.


许可要求Licensing requirements

Microsoft Defender for Endpoint 需要以下 Microsoft 批量许可优惠之一:Microsoft Defender for Endpoint requires one of the following Microsoft volume licensing offers:

  • Windows 10 企业版E5Windows 10 Enterprise E5
  • Windows 10 教育版 A5Windows 10 Education A5
  • Microsoft 365 E5 (M365 E5) 包括 Windows 10 企业版 E5Microsoft 365 E5 (M365 E5) which includes Windows 10 Enterprise E5
  • Microsoft 365A5 (M365 A5) Microsoft 365 A5 (M365 A5)
  • Microsoft 365 E5 安全性Microsoft 365 E5 Security
  • Microsoft 365 A5 安全性Microsoft 365 A5 Security
  • Microsoft Defender for EndpointMicrosoft Defender for Endpoint


符合条件的许可用户可以在最多五台并发设备上使用 Microsoft Defender for Endpoint。Eligible licensed users may use Microsoft Defender for Endpoint on up to five concurrent devices. Microsoft Defender for Endpoint 还可从云解决方案提供商云解决方案提供商 (购买) 。Microsoft Defender for Endpoint is also available for purchase from a Cloud Solution Provider (CSP). RDSH VM 不需要单独的 Defender for Endpoint 许可证。RDSH VMs do not require a separate Defender for Endpoint license.

适用于服务器的 Microsoft Defender for Endpoint 需要以下许可选项之一:Microsoft Defender for Endpoint for servers requires one of the following licensing options:


如果 (对于以下一个或多个用户许可证,客户至少可以获取 50 个许可证,每个覆盖的服务器操作系统环境 (OSE) ) (适用于服务器的 Microsoft Defender)每覆盖一个许可证:Customers may acquire server licenses (one per covered server Operating System Environment (OSE)) for Microsoft Defender for Endpoint for Servers if they have a combined minimum of 50 licenses for one or more of the following user licenses:

  • Microsoft Defender for EndpointMicrosoft Defender for Endpoint
  • WindowsE5/A5Windows E5/A5
  • Microsoft 365 E5/A5Microsoft 365 E5/A5
  • Microsoft 365 E5/A5 安全性Microsoft 365 E5/A5 Security

有关许可的详细信息,请参阅产品 条款网站 ,并与你的帐户团队一起了解有关条款和条件的详细信息。For detailed licensing information, see the Product Terms site and work with your account team to learn more about the terms and conditions.

有关不同版本中功能数组Windows 10,请参阅比较Windows 10版本For more information on the array of features in Windows 10 editions, see Compare Windows 10 editions.

有关商业版比较Windows 10比较表,请参阅比较 PDF。For a detailed comparison table of Windows 10 commercial edition comparison, see the comparison PDF.

浏览器要求Browser requirements

通过浏览器(支持以下浏览器)访问 Defender for Endpoint:Access to Defender for Endpoint is done through a browser, supporting the following browsers:

  • Microsoft EdgeMicrosoft Edge
  • Google ChromeGoogle Chrome


虽然其他浏览器可能正常工作,但所提及的浏览器是受支持的浏览器。While other browsers might work, the mentioned browsers are the ones supported.

硬件和软件要求Hardware and software requirements

支持Windows版本Supported Windows versions

  • Windows 7 SP1 Enterprise (需要 ESU 以支持.) Windows 7 SP1 Enterprise (Requires ESU for support.)
  • Windows 7 SP1 Pro (需要ESU 以支持.) Windows 7 SP1 Pro (Requires ESU for support.)
  • Windows 8.1 企业版Windows 8.1 Enterprise
  • Windows 8.1 专业版Windows 8.1 Pro
  • Windows 10 企业版Windows 10 Enterprise
  • Windows 10 企业版LTSC 2016 (或更高版本) Windows 10 Enterprise LTSC 2016 (or later)
  • Windows 10 教育版Windows 10 Education
  • Windows 10 专业版Windows 10 Pro
  • Windows 10 专业教育版Windows 10 Pro Education
  • Windows服务器Windows server
    • Windows Server 2008 R2 SP1Windows Server 2008 R2 SP1
    • Windows Server 2012 R2Windows Server 2012 R2
    • Windows Server 2016Windows Server 2016
    • Windows服务器版本 1803 或更高版本Windows Server, version 1803 or later
    • Windows Server 2019Windows Server 2019
  • Windows 虚拟桌面Windows Virtual Desktop

你的网络上设备必须运行这些版本之一。Devices on your network must be running one of these editions.

对于受支持的版本,设备上 Defender for Endpoint 的硬件要求相同。The hardware requirements for Defender for Endpoint on devices are the same for the supported editions.


不支持运行移动版本的 Windows ((如 Windows CE 和 Windows 10 移动版) )。Machines running mobile versions of Windows (such as Windows CE and Windows 10 Mobile) aren't supported.

如果运行Windows 10 企业版 2016 长期服务版非 Microsoft 虚拟化平台上运行,则运行该虚拟机的虚拟机可能会遇到性能问题。Virtual Machines running Windows 10 Enterprise 2016 LTSB may encounter performance issues if run on non-Microsoft virtualization platforms.

对于虚拟环境,建议使用 Windows 10 企业版 LTSC 2019 或更高版本。For virtual environments, we recommend using Windows 10 Enterprise LTSC 2019 or later.

其他支持的操作系统Other supported operating systems


你需要确认 Android、iOS 和 macOS 的 Linux 分发和版本与 Defender for Endpoint 兼容,集成工作。You'll need to confirm the Linux distributions and versions of Android, iOS, and macOS are compatible with Defender for Endpoint for the integration to work.

网络和数据存储以及配置要求Network and data storage and configuration requirements

首次运行载入向导时,必须选择 Microsoft Defender 终结点相关信息的存储位置:欧盟、英国或美国数据中心。When you run the onboarding wizard for the first time, you must choose where your Microsoft Defender for Endpoint-related information is stored: in the European Union, the United Kingdom, or the United States datacenter.


  • 首次设置后,无法更改数据存储位置。You cannot change your data storage location after the first-time setup.
  • 查看 适用于终结点 的 Microsoft Defender 数据存储和隐私,详细了解 Microsoft 存储你的数据的位置和方法。Review the Microsoft Defender for Endpoint data storage and privacy for more information on where and how Microsoft stores your data.

诊断数据设置Diagnostic data settings


Microsoft Defender for Endpoint 不需要任何特定的诊断级别,只要它已启用。Microsoft Defender for Endpoint doesn't require any specific diagnostic level as long as it's enabled.

确保在你的组织的所有设备上启用了诊断数据服务。Make sure that the diagnostic data service is enabled on all the devices in your organization. 默认情况下,此服务已启用。By default, this service is enabled. 最佳做法是检查以确保从它们获取传感器数据。It's good practice to check to ensure that you'll get sensor data from them.

使用命令行检查诊断Windows 10服务启动类型Use the command line to check the Windows 10 diagnostic data service startup type:

  1. 在设备上打开提升的命令行提示符:Open an elevated command-line prompt on the device:

    1. 转到“开始”并键入“cmd”。Go to Start and type cmd.

    2. 右键单击“命令提示符”,然后选择“以管理员身份运行”。Right-click Command prompt and select Run as administrator.

  2. 输入以下命令,然后按 Enter:Enter the following command, and press Enter:

    sc qc diagtrack

    如果服务已启用,则结果应如以下屏幕截图所示:If the service is enabled, then the result should look like the following screenshot:

    diagtrack 的 sc 查询命令的结果

如果服务未设置为 START_TYPE,则需要将服务设置为自动 AUTO_START。 You'll need to set the service to automatically start if the START_TYPE isn't set to AUTO_START.

使用命令行将 Windows 10数据服务设置为自动启动:Use the command line to set the Windows 10 diagnostic data service to automatically start:

  1. 在终结点上打开提升的命令行提示符:Open an elevated command-line prompt on the endpoint:

    1. 转到“开始”并键入“cmd”。Go to Start and type cmd.

    2. 右键单击“命令提示符”,然后选择“以管理员身份运行”。Right-click Command prompt and select Run as administrator.

  2. 输入以下命令,然后按 Enter:Enter the following command, and press Enter:

    sc config diagtrack start=auto
  3. 将显示成功消息。A success message is displayed. 通过输入以下命令验证更改,然后按 Enter:Verify the change by entering the following command, and press Enter:

    sc qc diagtrack

Internet 连接Internet connectivity

可直接或通过代理在设备上建立 Internet 连接。Internet connectivity on devices is required either directly or through proxy.

Defender for Endpoint 传感器可以使用每日平均带宽 5 MB 与 Defender for Endpoint 云服务进行通信并报告网络数据。The Defender for Endpoint sensor can use a daily average bandwidth of 5 MB to communicate with the Defender for Endpoint cloud service and report cyber data. 此每日平均带宽中不包含文件上载和调查包收集等一次活动。One-off activities such as file uploads and investigation package collection aren't included in this daily average bandwidth.

有关其他代理配置设置的信息,请参阅配置 设备代理和 Internet 连接设置For more information on additional proxy configuration settings, see Configure device proxy and Internet connectivity settings.

在载入设备之前,必须启用诊断数据服务。Before you onboard devices, the diagnostic data service must be enabled. 默认情况下,该服务在 Windows 10。The service is enabled by default in Windows 10.

Microsoft Defender 防病毒配置要求Microsoft Defender Antivirus configuration requirement

Defender for Endpoint 代理依赖于Microsoft Defender 防病毒扫描文件并提供有关文件的信息的能力。The Defender for Endpoint agent depends on the ability of Microsoft Defender Antivirus to scan files and provide information about them.

在 Defender for Endpoint 设备上配置安全智能更新,Microsoft Defender 防病毒反恶意软件是否有效。Configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. 有关详细信息,请参阅管理更新Microsoft Defender 防病毒应用基线For more information, see Manage Microsoft Defender Antivirus updates and apply baselines.

如果Microsoft Defender 防病毒在你的组织中不是主动反恶意软件,并且你使用 Defender for Endpoint 服务,Microsoft Defender 防病毒被动模式。When Microsoft Defender Antivirus isn't the active antimalware in your organization and you use the Defender for Endpoint service, Microsoft Defender Antivirus goes on passive mode.

如果你的组织通过组策略Microsoft Defender 防病毒方法关闭已载入的设备,则必须从该组策略中排除已载入的设备。If your organization has turned off Microsoft Defender Antivirus through group policy or other methods, devices that are onboarded must be excluded from this group policy.

如果你正在载入服务器,Microsoft Defender 防病毒服务器上不是主动反恶意软件,Microsoft Defender 防病毒需要配置为进入被动模式或卸载。If you're onboarding servers and Microsoft Defender Antivirus isn't the active antimalware on your servers, Microsoft Defender Antivirus will either need to be configured to go on passive mode or uninstalled. 配置取决于服务器版本。The configuration is dependent on the server version. 有关详细信息,请参阅兼容性Microsoft Defender 防病毒兼容性For more information, see Microsoft Defender Antivirus compatibility.


常规组策略不适用于防篡改保护,当防篡改保护打开Microsoft Defender 防病毒将忽略对组设置所做的更改。Your regular group policy doesn't apply to Tamper Protection, and changes to Microsoft Defender Antivirus settings will be ignored when Tamper Protection is on.

Microsoft Defender 防病毒启用早期启动反恶意软件 (ELAM) 已启用Microsoft Defender Antivirus Early Launch Antimalware (ELAM) driver is enabled

如果你正在设备上Microsoft Defender 防病毒作为主要的反恶意软件产品,则 Defender for Endpoint 代理将成功载入。If you're running Microsoft Defender Antivirus as the primary antimalware product on your devices, the Defender for Endpoint agent will successfully onboard.

如果正在运行第三方反恶意软件客户端并使用移动设备管理解决方案或 Microsoft Endpoint Manager (current branch) ,则需要确保 Microsoft Defender 防病毒 ELAM 驱动程序已启用。If you're running a third-party antimalware client and use Mobile Device Management solutions or Microsoft Endpoint Manager (current branch), you'll need to ensure the Microsoft Defender Antivirus ELAM driver is enabled. 有关详细信息,请参阅确保策略Microsoft Defender 防病毒禁用策略For more information, see Ensure that Microsoft Defender Antivirus is not disabled by policy.