Windows 10 Pro: Windows Defender Application Guard support coming
Microsoft revealed recently that Windows 10 Professional will support Windows Defender Application Guard in the next feature update.
Windows Defender Application Guard is a security feature of Enterprise editions of Microsoft's Windows 10 operating system.
The feature uses Microsoft's Hyper-V virtualization technology to add a virtual layer around browsing sessions in Microsoft Edge and Internet Explorer.
Basically, what it does is isolate the browsing environment for sites that are not on a list of trusted sites or services. The virtual machine blocks access to the local system, so that untrusted sites cannot escape the virtual environment or access data such as local storage or memory.
You spoke, and we listened. Microsoft is bringing Windows Defender Application Guard to Windows 10 Professional in the next feature update of Windows 10. Now, like Windows 10 Enterprise users, Windows 10 Pro Users can navigate the Internet in Application Guard knowing their systems are protected from even the most sophisticated browser attacks.
Microsoft launched support in the most recent Insider Build already, but limits the feature to en-us versions for now. PCs need to support Hyper-V to make use of the feature, and it is necessary to enable it as it is turned off by default.
You can enable the security feature either through Windows Features or the Group Policy.
- To access Windows Features, use Windows-I to open the Settings app.
- Type add feature in the search at the top, and select "Turn Windows features on or off" from the list of suggestions.
- Locate Windows Defender Application Guard when the feature listing is displayed and check the entry to enable it.
- Select ok and wait for the process to complete.
- Windows 10 needs to be restarted to complete the process.
The policies are under Computer Configuration > Administrative Templates > Windows Components > Windows Defender Application Guard in the Group Policy Editor (you find them in the Registry under HKLM:\software\microsoft\HVSI).
Check out this resource for detailed instructions on enabling Windows Defender Application Guard on Windows 10 PCs.
You can start Windows Defender Application Guard sessions in Microsoft Edge by selecting Menu > New Application Guard window.
The orange Application Guard button highlights that the window is protected by the feature. You will notice that the Edge instance is different from a regular instance. You don't have access to your favorites for instance, and cannot save favorites unless you enable persistence in the Group Policy.
Also, printing and clipboard activities are not supported by default as well.
The Windows 10 Pro version of Application Guard is limited when compared to the Enterprise version. Windows 10 Pro users and admins can run the feature in standalone mode only. The option to set trusted sites is not available.
Closing Words
Microsoft brings a limited version of Windows Defender Application Guard to Windows 10 Pro, and noted that this was a much requested feature by Windows 10 Pro customers.
Windows users who want similar functionality for third-party applications may want to try Sandboxie or other third-party sandbox software.
Very interesting feature !