Every now and then you receive an email with a URL in it that makes you pause and think. Maybe it’s from a colleague or a friend, and almost looks legit, but something is telling you it might not be. Maybe you are doing your own research on a subject matter that may lead you down a path where you have to visit a site that you strongly suspect will be bad, but nevertheless you still need to go there to complete your research. I would suggest police and journalists may face this dilemma on a daily basis. Sometimes even as an IT professional, seraching for an elusive old driver can get you there.
Microsoft are doing their best to detonate URLs via their safelinks – Office 365 ATP Safe Links https://docs.microsoft.com/en-us/office365/securitycompliance/atp-safe-links but what if they miss something, or your email is not even on Office 365.
What is Application Guard and how does it work?
Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.
If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker cannot get to your enterprise data.
There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.
Application Guard isn’t new to Windows 10. It was a feature introduced with the Fall Creators Update, but it was limited to Windows 10 Enterprise. Starting with the April 2018 Update (version 1803), the feature is now available for devices running Windows 10 Pro with processors that support virtualization.
Three core features of Windows Defender Application Guard:
- Isolated Browsing – Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session
- Help Safeguard your PC – Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC
- Malware Removal – Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware
Configuring your machine for Application Guard
Note, your machine must support and be configured for Application Guard
If you want to add an extra layer of security, you can enable Application Guard for Microsoft Edge using the following steps:
1.Open Control Panel
2. Click on Programs
3. Click on Turn Windows features on or off link
4. Check the Windows Defender Application Guard option.
Click OK and restart your computer
Once the feature is configured, you can use Microsoft Edge (or Internet Explorer) to browse untrusted sites using a separate Hyper-V container, which is a separate environment from the main installation of Windows 10. Then if the site tries to deliver malicious code, your computer and data will be protected.
At any time, you can disable the feature using the same instructions, but on step No. 4, clear the Windows Defender Application Guard option
How to enable Microsoft Edge Application Guard
If you have Windows 10 you can enable Windows Defender Application Guard to protect your PC from malware and other attacks while browsing the web. Here’s how:
Open your EDGE browser, and choose the Settings and More from the three dot icon top right (Alt+X also gets you there quickly). Choose “New Application Guard Window”
The first time you run this, it make take some time to prepare your machine but future sessions will open more quickly.
After completing the steps, a new virtualized environment will be created automatically to completely isolate the web browsing session from your computer.
Read more here and see the Q&A https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview