A look at Windows Defender Application Guard extension for Firefox and Chrome

Martin Brinkmann
Mar 17, 2019
Updated • Apr 4, 2019
Firefox, Google Chrome

Microsoft released the extension Windows Defender Application Guard for Google Chrome and Mozilla Firefox recently.

Windows Defender Application Guard is a security feature designed to load untrusted sites and services in a lightweight virtual machine. It requires Windows 10 Professional or Enterprise at the time of writing, and works in standalone and Enterprise-managed modes. It requires at least Windows 10 version 1803.

The new browser extension brings Application Guard functionality to the third-party browsers Google Chrome and Mozilla Firefox.

Windows Defender Application Guard extension

application guard extension firefox chrome

Installation is slightly more complicated than installing another browser extension. The main reason for that is that you need to make sure that Application Guard is turned on as a feature on the device, and that you have installed the Microsoft Store companion app as well.

In other words: you may need to install three different applications before you can make use of it.

The following steps are required:

  1. Enable Windows Defender Application Guard on the device if it is not turned on already. Make sure the system meets the hardware and software requirements.
  2. Install the Windows Defender Application Guard companion application from the Microsoft Store.
  3. Install the Google Chrome extension or the Mozilla Firefox add-on.
  4. Enterprise-only: Define network isolation settings to define a list of trusted sites that you may access using Chrome or Firefox.
  5. Restart the device.

Using the extension

windows defender application guard extension

The extension highlights if all requirements are met after installation. You should see three green lights indicating that the device is compatible, that the companion app is installed, and that Application Guard is turned on.

How the extension is used depends largely on the edition of Windows 10.

Note: You may want to turn off diagnostic data collecting that is enabled by default. Just click on the extension icon and toggle "Allow Microsoft to collect diagnostic data" to do so.

Standalone mode

Windows 10 Pro users and Enterprise users who choose standalone mode get very little out of the extension as it does not work automatically in that mode.

All you can do, really, is to click on the extension icon and there on the "New application guard window" button to start a new Application Guard instance of Microsoft Edge.

More comfortable than having to launch Application Guard instances from Microsoft Edge manually, but not by much and probably not worth the hassle of installing the extension and Microsoft Store application.

Enterprise-managed mode

Enterprise administrators have additional configuration options that automate the experience. All that is required for that is to set up network isolation settings; these define trusted sites, e.g. an IP address range, that users may access using the third-party browsers the extension is installed in.

Any site not on the trust list is automatically redirected to the Microsoft Edge Application Guard instance.

When users navigate to a site, the extension checks the URL against a list of trusted sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session. In the isolated Microsoft Edge session, the user can freely navigate to any site that has not been explicitly defined as trusted by their organization without any risk to the rest of system.

Microsoft plans to extend the functionality by loading trusted sites opened in the Application Guard instance in the third-party browser.

With our upcoming dynamic switching capability, if the user tries to go to a trusted site while in an isolated Microsoft Edge session, the user is taken back to the default browser.

Closing Words

The Windows Defender Application Guard extension is a useful browser extension for Enterprise environments in which supported third-party browsers are permitted.  It seems less likely that it will see a lot of traction on Pro devices though due to the limitations.

Now You: Do you use Application Guard or other browsing virtualization services?

A look at Windows Defender Application Guard extension for Firefox and Chrome
Article Name
A look at Windows Defender Application Guard extension for Firefox and Chrome
Microsoft released the extension Windows Defender Application Guard for Google Chrome and Mozilla Firefox recently. 
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Anonymous said on April 4, 2019 at 8:10 pm

    The MS store links opens a 3rd party website.

    1. Martin Brinkmann said on April 4, 2019 at 8:17 pm

      Thank you, corrected the link!

  2. LTL said on March 18, 2019 at 10:27 am

    WDAG runs cmimageworker.exe which uses >80% of my CPU in Windows 10 Pro 1809, so I disabled WDAG again.
    It is falsely seen as a cryptominer/virus, but it does cause trouble on 1809 and 19H1.


  3. 420 said on March 18, 2019 at 7:34 am

    Adding the requirement of the store is a steel toe in the starfish hole, I fucking hate the new Microsoft.

  4. K@ said on March 17, 2019 at 10:57 pm

    I have to downgrade to W10, to improve my security…

    Now, THAT is funny.

    It ain’t gonna happen.

    1. Weilan said on March 18, 2019 at 9:01 am

      I know, right? Windows 7 is more secure and more function and you don’t even need to use any antivirus protection other than the one called “Common Sense”.

  5. ilev said on March 17, 2019 at 6:05 pm

    Chrome has this build in for any version of Windows.

  6. Pierre said on March 17, 2019 at 5:32 pm

    Caution, last time I tried, it destroyed Opera profile

  7. Robert said on March 17, 2019 at 2:38 pm

    So Microsoft found a way to get me to login to the Microsoft account using a foreign browser. No thanks.

    1. huipisda said on March 26, 2019 at 7:12 pm

      Why would you do so? This is not required for installing apps from Microsoft Store.

      You should consider stopping using Windows. It is made by evil Microsoft.

  8. no said on March 17, 2019 at 12:18 pm

    I’m sure this won’t report all ur’s you viist to Microsoft.

    1. Bobby Phoenix said on March 17, 2019 at 9:56 pm

      It does by default. You’re opted in from the start, but you can go to settings, and turn it off.

  9. John IL said on March 17, 2019 at 11:36 am

    I tried this when it came out for Edge exclusively and even with Edge was a bit sluggish and especially with scrolling. I just felt SmartScreen did a lot of pre scanning anyway so this was just overkill. Adding a extension to Chrome or Firefox but then opening a Edge Window to isolate a site seems so overly complicated and confusing. Sort of feel this is a afterthought that doesn’t really work.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.