What is Microsoft Defender Application Guard?
Microsoft Defender Application Guard has been created to target 3 types of enterprise systems: This feature uses virtualization technology to open links clicked while browsing the Internet or checking email in a sandboxed environment (an isolated environment to test or analyze software in a protected environment) to keep malicious scripts out of the user’s network and devices. In its very first avatar, Application Guard will only be available for Edge browser, since the majority of the attacks start in the browser. As such, this level of protection assumes much importance. The older systems may not be able to keep up with this development, and so possibly this is one of the reasons why Microsoft insists that the Silicon support policy for Windows 11/10 should back virtualization support in Windows Defender Application Guard. From the above, it is clear that Edge browser might not necessarily be the most feature-rich browser, but that doesn’t dampen the spirit of its developers to make it the most secure browser.
Let us take a look at Microsoft Defender Application Guard and uncover some of its prominent features. Says Microsoft, Keeping in view the latest developments where many business establishments worldwide have come under direct security threat, this new layer of defense-in-depth protection offered by Microsoft Defender Application Guard is welcome. It is an established fact that over 90% of attacks are initiated via a hyperlink, designed specifically to: So, initially, a corrupt email often under the guise of legitimate authority in the company, may request the employee to click a link to read a supposedly important document. The link is specially crafted to install malware on the user’s machine. Once a connection is established on that computer, the attackers can easily steal credentials and look for vulnerabilities in other computers on the same network. With virtualization technology supported in Microsoft Defender Application Guard, such potential threats are not only identified and segregated from the network and the system but also removed completely when the container is closed. Secondly, when an employee browses to a site that is not trusted by the network administrator, Application Guard jumps into action and silently removes the potential threat. As shown in the image below outlined in red, Application Guard creates a new instance of Windows at the hardware layer, with a completely different copy of the kernel. The underlying hardware (Windows Defender Application Guard) enforces that this separate copy of Windows has no access to the user’s normal operating environment which includes access to memory, local storage, other installed applications and corporate network endpoints.
Read: How to Enable Microsoft Defender Application Guard on Windows 11
In-depth defense for Enterprise
Microsoft Defender Application Guard is capable of offering its customers a trouble-free browsing experience by protecting enterprise systems from advanced attacks that try to seek entry to the network and devices via the Internet. It even has a definite plan of action when malicious code manages to enter the network. The ingenious tool silently coordinates with Microsoft Edge to open that site in a temporary and isolated copy of Windows. In this case, even if the attacker’s code is successful in attempting to exploit the browser, the attacker finds their code running in a clean environment with no interesting data, no access to any user credentials, and no access to other endpoints on the corporate network. The attack thus loses its prominence and invariably gets disrupted. Soon after the browsing session is complete, the temporary container is thrown away, alongside the malware. All this happens in a quick succession and the user does not even get a hint of an attack having taken place. After deletion, a fresh new container is created for future browsing sessions.
Web developers and Application Guard
The news that brings much joy for web developers is that they do not need to do anything different or new with their site code – Microsoft Edge renders sites in Application Guard fundamentally the same way it does in the host version of Windows. There is no essential requirement of detecting malicious code when Microsoft Edge is running in this mode, nor any need to account for behavior differences. Since this temporary container is destroyed when the user is done, there is no existence of cookies or local storage when the user is finished. In addition to this, Microsoft made other security announcements like Microsoft Defender Application Guard and Office 365 ATP now having the capacity to mutually share intelligence and assist IT professionals in investigating and responding to security threats across both Windows and Office 365 in a timely manner. Now take a look at Windows Defender Application Guard Extension for Chrome & Firefox.