Windows Defender Application Guard, is a module functionality a Windows 10, available to users via Windows Features. Windows Defender Application Guard (Application Guard) is designed to help prevent malware attacks come through accessing web pages with Microosft Edge. In this way, a company's employees will not endanger sensitive information and documents when sites with intentional malicious content are accessed. Internet browsing become safe and can not be victims of Virus attacks, spyware si malware. Using this feature of Windows, all the hardware resources and the integrity of the operating system Windows 10 are fully protected when accessing web pages. There can be virtually no interaction between a web page opened in Microsoft Edge and laptop or PC, if Windows Defender Application Guard is active.
At company level, the network administrator can enable this feature restrict users' access to sites other than the trusted ones and those of the company, which are in a predefined list. Network users who want to access other sites can do so, but if they use the Internet Explorer or Microsoft Edge, these web pages will open in a separate window (Hyper-V), which will be isolated from the rest of the system and with which it will not be able to interact. So if the site you visit will have malicious applications, the attacker will not have any chance of getting to the system files and implicitly to the company data.
Modes of use of Windows Defender Application Guard
Computers within a corporate - In this scenario, computers are associated with a domain and are managed by your organization. Configuration management is done through System Center Configuration Manager or Microsoft Intune. Employees have standard user privileges and use a corporate network with high bandwidth and wired connectivity.
Laptop service - These laptops are associated with a domain and are managed by the organization. As with computers that have a wired connection, administration is done through System Center Configuration Manager or Microsoft Intune. Employees have standard user privileges.
Personal laptops of employees - These personal laptops do not belong to a domain, but as long as they are connected to the company's resources, they will be managed by the organization through Microsoft Intune. The employee usually has a laptop administrator. but access can be managed as long as it is connected to the company's network.
Personal devices - And in this scenario, this feature of Windows 10 can be used to protect your sensitive data, even if the devices are not merged into one domain or are managed by the organization.
Installation Windows Defender Application Guard for a personal computer / laptop
We'll show you how to install and access webpages with Windows Defender Application Guard on a personal computer or laptop, leaving aside advanced settings for domains managed by organizations.
So, if you want to navigate sites safely and make sure that they can't interact in any way with your operating system, all you have to do is activate. "Windows Defender Application Guard".
1. Open Start Menu in Windows 10 and type "Windows Features ".
2. In "Turn Windows features on or off", Search and check"Windows Defender Application Guard ”, then click“ OK ”to start the installation process. It requires restart. Click "Restart now" when prompted.
3. After restarting the operating system, open it Microsoft Edge and open a new window in "New Application Gurad windows". Click on the "…" menu to get to this option.
This new window allows you to navigate safely, and any malicious intent interaction between your web page and your PC will be automatically restricted.
You're browsing in Application Guard for Microsoft Edge.
In a future article we will show you how to activate "Windows Defender Application Guard ”by default for the user of a PC or laptop with Windows Pro.