Defender Application Guard

The Microsoft Defender Application Guard (Application Guard) settings protect your organization from malicious attacks by isolating in a separate browsing environment for enterprise-defined untrusted sites that users might access while browsing the internet.

What is Application Guard?

Application Guard, a hardware-based endpoint defense, is a security tool that is built into Microsoft Edge. Application Guard isolates enterprise-defined untrusted sites from the desktop (host) in a virtual machine (VM) to prevent malicious activity from reaching the desktop. This feature is supported on Windows 10 version 1709 and later. For more information on Application Guard, see https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.

How Application Guard works

If a user visits an untrusted site through the browser, the browser opens that site in an isolated Hyper-V enabled container that is separate from the host machine. If the untrusted site that is in container isolation is a malicious site, the host machine is protected and the attacker cannot access enterprise data.

Application Guard enabled browser

This feature is supported on Microsoft Edge browsers. If your browser is in Application Guard mode, the following icon is displayed in the browser toolbar:

Application Guard enabled browser

Hardware requirements to run Application Guard

The following hardware requirements must be met to run Application Guard in your environment:
Hardware Requirement
64-bit CPU 4 cores (logical processors) minimum is required for the hypervisor and virtualization-based security (VBS).

For more information about Hyper-V, see https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/about/.

CPU virtualization extensions Extended page tables (Second Level Address Translation or SLAT) and one of the following:
  • VT-x (Intel)

    or

  • AMD- V
Hardware memory 8 GB minimum
Hard disk 5 GB free space, solid state disk (SSD) recommended
Input/Output Memory Management Unit (IOMMU) support Not required, but recommended

Configuring Application Guard settings

The following table describes the Application Guard settings that you can configure for Windows 10+ devices.
Policy setting Description Supported devices
Configure Defender Application Guard If this setting is enabled, you can configure settings that protect users from accessing malicious/untrusted sites by isolating those sites in a separate browsing environment to prevent malicious attacks from spreading to the host machine. Windows 10+ Professional, Education, Enterprise
Defender Application Guard settings
Clipboard settings Specifies the type of content that users can copy from the host machine to the Application Guard session. Enable settings in Clipboard behavior to specify how the clipboard behaves when the user is in the Application Guard container. A message is displayed to users if the user tries to copy content that is not allowed.
Settings include:
  • Allow text and image copying
  • Allow text copying
  • Allow image copying
Windows 10+ Professional, Education, Enterprise
Clipboard behavior Specifies how the clipboard behaves when the user is in the Application Guard container. A message is displayed to users if the user tries to copy content that is not allowed.
Settings include:
  • Block copy and paste
  • Allow isolated session to the host: Users can copy certain content from Application Guard into Microsoft Edge.
  • Allow host to an isolated session: Users can copy certain content from Microsoft Edge into Application Guard. Note: This action might cause potential security risks in the Application Guard container.
  • Allow both directions: Users can copy certain content from Application Guard into Microsoft Edge and from Microsoft Edge into Application Guard. Note: This action might cause potential security risks in the Application Guard container.
Windows 10+ Professional, Education, Enterprise
Printing settings Specifies how the print functionality behaves when the user is in the Application Guard container.
Settings include:
  • Block printing
  • Allow XPS printing: Enables Application Guard to print to the XPS (XML Paper Specification) file format.
  • Allow PDF printing: Enables Application Guard to print to the PDF file format.
  • Allow PDF and XPS printing
  • Allow local printing: Enables Application Guard to print to locally-attached printers.
  • Allow local and PDF printing
  • Allow local, PDF, and XPS printing
  • Allow network printing: Enables Application Guard to print from previously connected network printers. Users cannot search for additional printers.
  • Allow network and XPS printing
  • Allow network and PDF printing
  • Allow network, PDF, and XPS printing
  • Allow network and local printing
Windows 10+ Professional, Education, Enterprise
Allow camera and microphone access within container If this setting is enabled, apps in the Application Guard container can access a device's camera and microphone if those settings are also enabled on the user's device. Windows 10+ Professional, Education, Enterprise
Allow user data persistence If this setting is enabled, data can persist across different sessions in the Application Guard container.

Application Guard saves user-downloaded files and other items (cookies, Favorites) in the browser toolbar for use in future Application Guard sessions. To keep the Application Guard session secure and isolated from the host machine, favorites that are stored in an Application Guard session are not copied to the host machine.

Files that are downloaded from an Application Guard container are downloaded to C:\Users\wdagutilityaccount\Downloads. If a malicious script is hidden in that file, that script cannot access enterprise data on the host machine.

Resetting the Application Guard container

If you disallow or disable data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies and Favorites, removing the data from Application Guard.

If you enable data persistence, all user-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and are not shared with the host machine. This data persists after restarts and build-to-build upgrades of Windows 10.

If you want to stop supporting data persistence for users, use the following Windows-provided utility to reset the container and to discard any personal data.

To reset the container:
  1. Open a command-line program and navigate to Windows/System32.
  2. Type wdagtool.exe cleanup. The container environment is reset and only retains the user-generated data.
  3. Type wdagtool.exe cleanup RESET_PERSISTENCE_LAYER. The container environment is reset and discards all user-generated data.
Windows 10+ Professional, Education, Enterprise
Allow virtual GPU to process graphics If this setting is enabled, Application Guard can use the virtual Graphics Processing Unit (GPU) to process graphics. This setting is supported on Windows 10 version 1803 and later.

Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). Application Guard helps GPUs improve rendering performance and battery life for video playback and other graphics-intensive use cases. If you enable this setting without connecting high-security rendering graphics hardware, Application Guard automatically reverts to software-based (CPU) rendering.

Note: If graphic devices or drivers are compromised, enabling this setting might pose a risk to the host device.
Windows 10+ Professional, Education, Enterprise
Save downloaded files to host OS If this setting is enabled, users can download files from their Application Guard container to their host machine. This setting is supported on Windows 10 version 1803 and later. Windows 10+ Professional, Education, Enterprise
Block non-enterprise content If this setting is enabled, prevents sites from loading non-enterprise content (content from untrusted sites) in Microsoft Edge and Internet Explorer.

This setting is supported on Microsoft Edge on Windows 10+ Enterprise or Windows 10+ Education with Microsoft DefenderĀ® Application Guard in Enterprise mode.

Windows 10+ Education, Enterprise
Certificate thumbprints Shares certain device-level root certificates with the Application Guard container. Certificates with a thumbprint matching the certificates that are specified are transferred into the container.

For multiple certificates, use commas to separate the thumbprint for each certificate that you want to transfer. For example: b4e72779a8a362c860c36a6461f31e3aa7e58c14,1b1d49f06d2a697a544a1059bd59a7b058cda924

This setting supports the following versions:
  • Windows 10 version 1803 and later
  • Microsoft Edge on Windows 10+ Enterprise or Windows 10+ Education with Microsoft Defender Application Guard in Enterprise mode
Windows 10+ Education, Enterprise