What Is Microsoft Defend­er Appli­ca­tion Guard and How to Enable It

Gaurav Bidasaria

Microsoft is consistently working on improving the security of its sprawling ecosystem. One of the core products is Microsoft Defender, which is part of the Windows Security suite. Microsoft recently released a new product called Microsoft Defender Application Guard for Office. That's a long name, to be honest, but what is it?

What Is Microsoft Defender Application Guard and How to Enable It

Microsoft Defender Application Guard was released last year. As useful as the feature is, it received little attention from the press and users alike. This year, Microsoft has gone one step ahead to include an Office suite of apps into the product, which is evident from the name.

We are going to call it Application Guard, just like Microsoft does in its documents, for the sake of sanity. Let's understand more about this feature and how to enable it.

Let's begin.

What Is Application Guard

Microsoft released Application Guard to protect the users from 'emerging threats' by isolating the hardware in usage. This reminds me of the sandbox tool.

It was developed for Microsoft Edge browser and Windows 10 computers. Clicking on the wrong link or opening a malware or other virus-infected site could wreak havoc on not only the system accessing it but all the other systems connected to the server.

The administrator now gets to whitelist sites and other resources deemed safe, rendering all other sites untrusted.

Here is how it works.

What Is Microsoft Defender Application Guard and How to Enable It 1

Let's say you open a site that's not on the list. Edge will open that site in an Hyper-V container which is isolated from the host OS. No malware or virus leaves the container. That safeguards the data and its integrity.

What Is Application Guard for Office 365

Websites and cloud resources are not the only things that employees access while surfing the wild web. There are also Office docs and other files that you work with on a day to day basis. What about them? Application Guard for Office was released with that thought in mind. Think of it as an add-on.

The Application Guard for Office protects your computer, and the connected enterprise server, from untrusted and infected files. Microsoft calls them 'new and emerging threats' oddly. The core concept remains the same where the files are opened in a secure and isolated container using hardware virtualization.

Once the file is open inside the container, you can read, edit, print, and interact with it like a regular file.

Prerequisites

There are some system requirements for this to work. They are:

  • Intel Core i5 or equivalent
  • 64-bit architecture minimum 4 cores with virtualization extensions (Intel VT-x OR AMD-V)
  • 8GB RAM
  • 10GB space on preferably SSD
  • Windows 10 Enterprise edition, build version 2004

How to Enable Application Guard for Office

I hope you have checked the hardware and software system requirements. You will now have to download KB4571756 and install it before viewing the correct options on your computer.

The process to enable or disable this feature is the same as sandbox or virtualization.

Step 1: Search for and open Control Panel from the Start menu.

What Is Microsoft Defender Application Guard and How to Enable It 2

Step 2: Search for and open Turn Windows features on or off.

What Is Microsoft Defender Application Guard and How to Enable It 3

Step 3: In the pop-up that follows, find and enable Microsoft Defender Application Guard option.

What Is Microsoft Defender Application Guard and How to Enable It 4

Don't forget to save all changes before you exit.

For those who are either unable to find this option in the Control Panel or like working with the command line, you can also enable it from the PowerShell. Make sure you open PowerShell with admin rights and then give this command:

Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
What Is Microsoft Defender Application Guard and How to Enable It 5

Step 4: Search for and open Group Policy Editor from the Start menu.

What Is Microsoft Defender Application Guard and How to Enable It 6

Step 5: Drill down to the folder structure suggested below.

Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard

Double-click on 'Turn on Microsoft Defender Application Guard in Managed Mode' option to open it.

What Is Microsoft Defender Application Guard and How to Enable It 7

Step 6: You will now select Enabled and set the Options value as 2 as seen in the screenshot below.

What Is Microsoft Defender Application Guard and How to Enable It 8

Click on Apply and save all changes.

Step 7: Finally, open Settings > Privacy > Diagnostic & feedback. Select Optional diagnostic data if not already done.

What Is Microsoft Defender Application Guard and How to Enable It 9

How do you know it is working or not. Simple. Open any Word document, not in your whitelist (untrusted), and you should notice this message:

To keep you safe, we're opening this document in Application Guard.

What Is Microsoft Defender Application Guard and How to Enable It 10

Also, the Word icon in the Taskbar should have a shield icon on it.

Guard Duty

I am impressed with the way Microsoft is taking its security these past few years. I regularly use the Sandbox mode for testing apps, open sites, and try new hacks in a safe environment. Microsoft Defender Application Guard adds more options for enterprise users who have a lot more to lose if their servers or systems are compromised. That is another tool in your arsenal to fight against hackers. While there will never be a permanent solution, the best we can do is stay vigilant and keep them at bay.

Next up: Want to protect yourself even more? Here is a guide with 6 crucial tips on keeping your data safe from viruses and malware.


The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.

Read Next
Follow These 6 Crucial Tips to Stay Safe from Virus and Malware
Also See
#Microsoft #security

Join the newsletter

A C.A. by profession and a tech enthusiast by passion, Gaurav loves tinkering with new tech and gadgets. He used to build WordPress websites but gave it all up to develop little iOS games instead. Finally, he dropped out of college in the final year. He has over 5 years of experience as a writer covering Android, iOS, and Windows platforms and writes how-to guides, comparisons, listicles, and explainers for B2B and B2C apps and services. He currently divides his time between Guiding Tech and Tech Wiser.