Defender Application Guard
The Microsoft Defender Application Guard (Application Guard) settings protect your organization from malicious attacks by isolating in a separate browsing environment for enterprise-defined untrusted sites that users might access while browsing the internet.
What is Application Guard?
Application Guard, a hardware-based endpoint defense, is a security tool that is built into Microsoft Edge. Application Guard isolates enterprise-defined untrusted sites from the desktop (host) in a virtual machine (VM) to prevent malicious activity from reaching the desktop. This feature is supported on Windows 10 version 1709 and later. For more information on Application Guard, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.
How Application Guard works
If a user visits an untrusted site through the browser, the browser opens that site in an isolated Hyper-V enabled container that is separate from the host machine. If the untrusted site that is in container isolation is a malicious site, the host machine is protected and the attacker cannot access enterprise data.
Application Guard enabled browser
This feature is supported on Microsoft Edge browsers. If your browser is in Application Guard mode, the following icon is displayed in the browser toolbar:

Hardware requirements to run Application Guard
Hardware | Requirement |
---|---|
64-bit CPU | 4 cores (logical processors) minimum is required for the hypervisor and virtualization-based
security (VBS). For more information about Hyper-V, see https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/. |
CPU virtualization extensions | Extended page tables (Second Level Address Translation or SLAT) and one of the following:
|
Hardware memory | 8 GB minimum |
Hard disk | 5 GB free space, solid state disk (SSD) recommended |
Input/Output Memory Management Unit (IOMMU) support | Not required, but recommended |
Configuring Application Guard settings
Policy setting | Description | Supported devices |
---|---|---|
Configure Defender Application Guard | If this setting is enabled, you can configure settings that protect users from accessing malicious/untrusted sites by isolating those sites in a separate browsing environment to prevent malicious attacks from spreading to the host machine. | Windows 10+ Professional, Education, Enterprise |
Defender Application Guard settings | ||
Clipboard settings | Specifies the type of content that users can copy from the host machine to the Application
Guard session. Enable settings in Clipboard behavior to specify how the
clipboard behaves when the user is in the Application Guard container. A message is displayed to
users if the user tries to copy content that is not allowed. Settings include:
|
Windows 10+ Professional, Education, Enterprise |
Clipboard behavior | Specifies how the clipboard behaves when the user is in the Application Guard container. A
message is displayed to users if the user tries to copy content that is not allowed. Settings include:
|
Windows 10+ Professional, Education, Enterprise |
Printing settings | Specifies how the print functionality behaves when the user is in the Application Guard
container. Settings include:
|
Windows 10+ Professional, Education, Enterprise |
Allow camera and microphone access within container | If this setting is enabled, apps in the Application Guard container can access a device's camera and microphone if those settings are also enabled on the user's device. | Windows 10+ Professional, Education, Enterprise |
Allow user data persistence | If this setting is enabled, data can persist across different sessions in the Application
Guard container. Application Guard saves user-downloaded files and other items (cookies, Favorites) in the browser toolbar for use in future Application Guard sessions. To keep the Application Guard session secure and isolated from the host machine, favorites that are stored in an Application Guard session are not copied to the host machine. Files that are downloaded from an Application Guard container are downloaded to C:\Users\wdagutilityaccount\Downloads. If a malicious script is hidden in that file, that script cannot access enterprise data on the host machine. Resetting the Application Guard container If you disallow or disable data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies and Favorites, removing the data from Application Guard. If you enable data persistence, all user-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and are not shared with the host machine. This data persists after restarts and build-to-build upgrades of Windows 10+. If you want to stop supporting data persistence for users, use the following Windows-provided utility to reset the container and to discard any personal data. To reset the container:
|
Windows 10+ Professional, Education, Enterprise |
Allow virtual GPU to process graphics | If this setting is enabled, Application Guard can use the virtual Graphics Processing Unit
(GPU) to process graphics. This setting is supported on Windows 10 version 1803 and later. Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). Application Guard helps GPUs improve rendering performance and battery life for video playback and other graphics-intensive use cases. If you enable this setting without connecting high-security rendering graphics hardware, Application Guard automatically reverts to software-based (CPU) rendering. Note: If graphic devices or drivers are
compromised, enabling this setting might pose a risk to the host device.
|
Windows 10+ Professional, Education, Enterprise |
Save downloaded files to host OS | If this setting is enabled, users can download files from their Application Guard container to their host machine. This setting is supported on Windows 10 version 1803 and later. | Windows 10+ Professional, Education, Enterprise |
Block non-enterprise content | If this setting is enabled, prevents sites from loading non-enterprise content (content from
untrusted sites) in Microsoft Edge and Internet
Explorer. This setting is supported on Microsoft Edge on Windows 10+ Enterprise or Windows 10+ Education with Microsoft Defender Application Guard in Enterprise mode. |
Windows 10+ Education, Enterprise |
Certificate thumbprints | Shares certain device-level root certificates with the Application Guard container.
Certificates with a thumbprint matching the certificates that are specified are transferred into the
container. For multiple certificates, use commas to separate the thumbprint for each certificate that you want to transfer. For example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924 This setting supports the following versions:
|
Windows 10+ Education, Enterprise |