Windows Defender Application Guard is a popular security feature among the enterprise. It helps to isolate enterprise-defined untrusted sites, protecting organisations while their employees browse the Internet. Enterprise admins can define what is among trusted web sites, cloud resources, and internal networks.
Windows Defender Application Guard was exclusive to Windows 10 Enterprise users. But Microsoft yesterday announced that they are bringing Windows Defender Application Guard to Windows 10 Pro edition users in the next feature update of Windows 10.
Here’s how Application Guard works:
If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.
Windows Insiders running Build 170653 or later can now try out this feature. Read about the requirements below.
- Windows 10 Professional, Build: 17053 (or later)
- en-us only for the current builds; full localized support will arrive soon
- PC must support virtualization; Hyper-V (some older PCs may not support Hyper-V or have this feature disabled in BIOS)
- Windows Defender Application Guard is Off by default, it must be enabled manually or by policy
Learn more about this here.