Microsoft Defender Application Guard for Office explained

Martin Brinkmann
Sep 15, 2020
Microsoft, Microsoft Office, Security
|
2

Microsoft Defender Application Guard for Office is a new security feature designed to load untrusted Office documents, e.g. an Excel spreadsheet downloaded from the Internet, in an isolated environment to keep the underlying system and its data protected against potential attacks.

The security feature is based on Microsoft Defender Application Guard, which is designed to load untrusted sites in an isolated container using automated and standalone modes. Automated mode, called Enterprise Management Mode, has an admin define trusted sites through GPO or other management interfaces. These sites are loaded normally on the system while all other sites are considered untrusted and therefore launched in the virtual environment.

Standalone mode on the other hand has the user launch Microsoft Defender Application Guard manually to use it.

Microsoft Defender Application Guard for Office attempts to address threats that exploit weaknesses in Microsoft Office that related to the supported documents or its features. The core idea is to launch untrusted files in a safe environment to avoid interactions with the host system, its data, and the network.

Office users can still view, edit, print, and save documents in the Office application.

Microsoft Office will open files from potentially unsafe locations in  Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization. When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit,  print, and save the files without having to re-open files outside of the container.

Microsoft Defender Application Guard for Office has the following hardware and software requirements:

  • 64-bit processor with at least 4 cores (physical or virtual), virtualization extensions (Intel VT-x or AMT-V), Core i5 or higher.
  • 8 Gigabytes of memory.
  • 10 Gigabytes of free hard disk space.
  • Windows 10 version 2004 build 19041 or later, Enterprise edition only
  • Licensing requirement: Microsoft 365 E5 or E5 Security.
  • Office Beta Channel build version 2008 or later.
  • Kb4566782 installed

Microsoft limits the feature to Enterprise versions of Windows 10 and customers who are subscribed to either Microsoft 365 E5 or E5 Security.

Microsoft Defender Application Guard needs to be enabled on the system using the Windows Features interface or by executing the following PowerShell command: Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard

Administrators need to open the Group Policy Editor and turn the Microsoft Defender Application Guard policy on. It is found @ Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard and needs to be set to 2 or 3.

  • 2 enables Microsoft Defender Application Guard for isolated Windows environments ONLY.
  • 3 enables Microsoft Defender Application Guard for Microsoft Edge and isolated Windows environments.

Now launch an untrusted document, e.g. one downloaded from the Internet, to verify that Application Guard for Office has been set up correctly. You should get a "To keep you safe, we're opening this document in Application Guard" notice.

office untrusted document application guard

The title bar of the interface should display the Application Guard icon which indicates that it is loaded in a virtual environment as well.

Closing Words

Microsoft Defender Application Guard for Office eliminates many Office document related attack vectors when deployed on user systems. It would be great if Microsoft would make the feature available to all customers, and not just Enterprise customers, but the chance of this happening is not very high.

Home users may use other virtualization software, e.g. Sandboxie or virtual machines, to load untrusted files.

Check out Microsoft's Docs website for additional information.

Summary
Microsoft Defender Application Guard for Office explained
Article Name
Microsoft Defender Application Guard for Office explained
Description
Microsoft Defender Application Guard for Office is a new security feature designed to load untrusted Office documents in an isolated environment.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. ULBoom said on September 15, 2020 at 4:11 pm
    Reply

    AV’s do this automatically. I’d think Defender already has this capability. Not sure, I’ve never used it; far too slow and intrusive. Windows’ layer after layer of redundant, conflicting stuff may be one its bigger issues.

    “NO! My app is NOT going to be removed from Windows no matter how much it slows down the OS!!! YOU need to fix YOUR problem, not me.”

    Management decision. :)

  2. Cor said on September 15, 2020 at 8:52 am
    Reply

    After reading these system requirements, I’m starting to believe Microsoft will soon create a new blog post listing their OnlyFans page.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.