| 36 months support period |
❌ |
Yes |
❌ |
Yes |
| Access Control (ACLs/SCALS) |
Yes |
Yes |
Yes |
Yes |
| Account Lockout Policy |
Yes |
Yes |
Yes |
Yes |
| Always On VPN (device tunnel) |
❌ |
Yes |
❌ |
Yes |
| AppLocker |
Yes |
Yes |
Yes |
Yes |
| Assigned Access (kiosk mode) |
Yes |
Yes |
Yes |
Yes |
| Attack surface reduction (ASR) |
Yes |
Yes |
Yes |
Yes |
| Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO) |
Yes |
Yes |
Yes |
Yes |
| BitLocker |
Yes |
Yes |
Yes |
Yes |
| Bluetooth pairing and connection protection |
Yes |
Yes |
Yes |
Yes |
| Common Criteria certifications |
Yes |
Yes |
Yes |
Yes |
| Controlled folder access |
Yes |
Yes |
Yes |
Yes |
| Device health attestation service |
Yes |
Yes |
Yes |
Yes |
| Device readiness and update compatibility reports with Intune |
Yes |
Yes |
Yes |
Yes |
| Direct Access |
❌ |
Yes |
❌ |
Yes |
| Email Encryption (S/MIME) |
Yes |
Yes |
Yes |
Yes |
| Encrypted hard drive |
Yes |
Yes |
Yes |
Yes |
| Endpoint Analytics |
Yes |
Yes |
Yes |
Yes |
| Enhanced phishing protection with SmartScreen |
Yes |
Yes |
Yes |
Yes |
| Exploit protection |
Yes |
Yes |
Yes |
Yes |
| Fast Identity Online (FIDO2) security key |
Yes |
Yes |
Yes |
Yes |
| Federal Information Processing Standard (FIPS) 140 validation |
Yes |
Yes |
Yes |
Yes |
| Federated sign-in |
❌ |
❌ |
Yes |
Yes |
| Hardware-enforced stack protection |
Yes |
Yes |
Yes |
Yes |
| Hypervisor-protected Code Integrity (HVCI) |
Yes |
Yes |
Yes |
Yes |
| Kernel Direct Memory Access (DMA) protection |
Yes |
Yes |
Yes |
Yes |
| Local Security Authority (LSA) Protection |
Yes |
Yes |
Yes |
Yes |
| Manage by Mobile Device Management (MDM) and group policy |
Yes |
Yes |
Yes |
Yes |
| Measured boot |
Yes |
Yes |
Yes |
Yes |
| Microsoft Connected Cache (MCC) |
❌ |
❌ |
❌ |
❌ |
| Microsoft Defender Antivirus |
Yes |
Yes |
Yes |
Yes |
| Microsoft Defender Application Guard (MDAG) configure via MDM |
❌ |
Yes |
❌ |
Yes |
| Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management |
❌ |
Yes |
❌ |
Yes |
| Microsoft Defender Application Guard (MDAG) for Edge standalone mode |
Yes |
Yes |
Yes |
Yes |
| Microsoft Defender Application Guard (MDAG) for Microsoft Office |
❌ |
Yes |
❌ |
Yes |
| Microsoft Defender Application Guard (MDAG) public APIs |
❌ |
Yes |
❌ |
Yes |
| Microsoft Defender for Endpoint |
Yes |
Yes |
Yes |
Yes |
| Microsoft Defender SmartScreen |
Yes |
Yes |
Yes |
Yes |
| Microsoft Desktop Optimization Pack (MDOP) |
Yes |
Yes |
Yes |
Yes |
| Microsoft Pluton security processor |
Yes |
Yes |
Yes |
Yes |
| Microsoft Vulnerable Driver Blocklist |
Yes |
Yes |
Yes |
Yes |
| Opportunistic Wireless Encryption (OWE) |
Yes |
Yes |
Yes |
Yes |
| Organizational messages with Intune |
❌ |
Yes |
❌ |
Yes |
| Personal data encryption (PDE) |
❌ |
Yes |
❌ |
Yes |
| Privacy Resource Usage |
Yes |
Yes |
Yes |
Yes |
| Privacy Transparency and Controls |
Yes |
Yes |
Yes |
Yes |
| Remote wipe |
Yes |
Yes |
Yes |
Yes |
| Secure Boot and Trusted Boot |
Yes |
Yes |
Yes |
Yes |
| Secured-core configuration lock |
Yes |
Yes |
Yes |
Yes |
| Secured-core PC |
Yes |
Yes |
Yes |
Yes |
| Security baselines |
Yes |
Yes |
Yes |
Yes |
| Server Message Block (SMB) file service |
Yes |
Yes |
Yes |
Yes |
| Server Message Block Direct (SMB Direct) |
Yes |
Yes |
Yes |
Yes |
| Smart App Control |
Yes |
Yes |
Yes |
Yes |
| Smart Cards for Windows Service |
Yes |
Yes |
Yes |
Yes |
| Start menu and taskbar |
Yes |
Yes |
Yes |
Yes |
| Tamper protection settings for MDE |
Yes |
Yes |
Yes |
Yes |
| Transport layer security (TLS) |
Yes |
Yes |
Yes |
Yes |
| Trusted Platform Module (TPM) 2.0 |
Yes |
Yes |
Yes |
Yes |
| Universal Print |
Yes |
Yes |
Yes |
Yes |
| User Account Control (UAC) |
Yes |
Yes |
Yes |
Yes |
| Virtual Private Network (VPN) |
Yes |
Yes |
Yes |
Yes |
| Virtualization rights (VDA, AVD and W365) |
❌ |
Yes |
❌ |
Yes |
| Virtualization-based security (VBS) |
Yes |
Yes |
Yes |
Yes |
| WiFi Security |
Yes |
Yes |
Yes |
Yes |
| Windows Autopatch |
❌ |
Yes |
❌ |
Yes |
| Windows Autopilot |
Yes |
Yes |
Yes |
Yes |
| Windows containers |
Yes |
Yes |
Yes |
Yes |
| Windows Defender Application Control (WDAC) |
Yes |
Yes |
Yes |
Yes |
| Windows Defender Credential Guard |
❌ |
Yes |
❌ |
Yes |
| Windows Defender Remote Credential Guard |
Yes |
Yes |
Yes |
Yes |
| Windows Defender System Guard |
Yes |
Yes |
Yes |
Yes |
| Windows feature and expedite updates with Intune |
Yes |
Yes |
Yes |
Yes |
| Windows Firewall |
Yes |
Yes |
Yes |
Yes |
| Windows Hello for Business |
Yes |
Yes |
Yes |
Yes |
| Windows Hello for Business Enhanced Security Sign-in (ESS) |
Yes |
Yes |
Yes |
Yes |
| Windows LAPS |
Yes |
Yes |
Yes |
Yes |
| Windows presence sensing |
Yes |
Yes |
Yes |
Yes |
| Windows Sandbox |
Yes |
Yes |
Yes |
Yes |
| Windows Security policy settings and auditing |
Yes |
Yes |
Yes |
Yes |
| Windows subscription activation |
Yes |
Yes |
Yes |
Yes |
| Windows Update for Business |
Yes |
Yes |
Yes |
Yes |
| Windows Update for Business deployment service |
Yes |
Yes |
Yes |
Yes |
