Category: Microsoft|Sep 11, 2020 | Author: Admin

Microsoft puts Application Guard for Office into public preview

Share on

The defensive technology walls off untrusted Office documents to prevent attack code carried by malicious files from reaching the operating system or its apps.


Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operation – something that existing documentation omitted when the public preview was launched late last month.

"Microsoft Office will open files from potentially unsafe locations in Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container."

Application Guard has some history. The feature debuted in 2018 and was originally designed for Edge, Microsoft's Windows 10 browser. (We're talking about the original Edge here, the one using Microsoft's own technologies, including the EdgeHTML rendering engine.)

Application Guard creates a disposable instance of both Windows and Edge – very condensed versions of the OS and the browser – in a virtualized environment using Windows' baked-in HyperVisor technology. Every opening between the pseudo machine, the virtual machine, and the real deal is bricked up, barring almost all interaction between the web session and the physical device.

Users can then browse in a more secure environment because it prevents malware from reaching the real operating system and real applications on the real device (as opposed to the virtual instance). When the user is finished, the virtualized Windows+Edge is discarded. Think of it as a very brutal quarantine that erases the patient if he or she gets sick.

Works with Word, Excel, and PowerPoint
Application Guard for Office works in much the same way, but rather than protect Edge, it isolates certain files opened in Word, Excel, or PowerPoint. Documents obtained from the general Internet – intranet domains or domains that have not been marked as trusted – files from potentially unsafe areas and attachments received via Outlook are opened in a virtualized environment, or sandbox, where malicious code can't wreak havoc.

For the public preview, customers must be running Windows 10 Enterprise 2004 or later, the Office Beta Channel build 2008 16.0.13212 or later, this update, and a license for Microsoft 365 E5 (the most comprehensive, most expensive edition) or Microsoft 365 E5 Mobility + Security.

Unlike the much older Protected View, another Office defensive feature, which opens potentially dangerous documents as read-only, files opened in Application Guard can be manipulated. They can be printed, edited, and saved. When saved, however, they remain in the isolation container and when reopened later, again are quarantined in that sandbox.

Word, Excel, or PowerPoint indicates that the current document has been opened within Application Guard with several visual signals, including a pop-up notice in the app's ribbon and a differently-marked icon in the Windows taskbar.

If the user decides to definitely trust the document – which may be the weak link in Application Guard's protection – he or she can move it out of quarantine and deposit it in a local or network folder. (Confirmations are required here, though, so at least the user is prompted to reconsider before pulling the trust trigger.)

IT administrators can control much of this, and more, through Application Guard's configuration settings, which range from copy-paste (allow/not allow) and printing (limit to, say, print-as-PDF only) to making it even more difficult for employees to open a file outside of Application Guard.

Barbare's blog post should be valuable to both users and IT admins.

Technically-savvy workers could be pointed to the post for both the background of the Application Guard and the workings of the Office-specific edition now available as a public preview. (This assumes that IT switches on Application Guard via group policy or a PowerShell command.) Armed with the post, they could be let loose without any assistance.

IT administrators preparing their charges for the roll-out of Application Guard could use Barbare's post to construct help desk documents and how-tos to distribute to those who will use the feature, repurposing his screenshots, for instance, or using them as a guide to craft company-specific step-by-step instructions.

(There are several bits of Application Guard documentation on Microsoft's site, but the best is this "Application Guard for Office (public preview) for admins," which was also posted Monday.)

Barbare did not say when Application Guard for Office will wrap up the public preview and shift to general availability for Windows 10 Enterprise and Microsoft 365 E5 users. (Or perhaps others as well; Microsoft began Application Guard as a Windows 10 Enterprise-only feature, but later expanded it to include Windows 10 Pro.)

Microsoft's roadmap, however, currently lists a December 2020 release.

Sponsored Ads:



'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin

Apple brings iCloud passwords to Windows, Microsoft's Edge

Category: Apple|Sep 9, 2021 | Author: Admin

AI will determine if you are allowed to drive

Category: General|Sep 8, 2021 | Author: Admin

The game is now blocking unsupported Windows 11 machines

Category: IT|Sep 7, 2021 | Author: Admin

US court rejects patent applications from AIs

Category: General|Sep 6, 2021 | Author: Admin

Facebook apologizes: their AI tagged video of black men as 'Primates'

Category: General|Sep 5, 2021 | Author: Admin

Apple postpones abuse monitoring after massive criticism

Category: Apple|Sep 4, 2021 | Author: Admin

If you do not have a supported machine, you will be thrown out of the Windows 11 testing

Category: Microsoft|Sep 3, 2021 | Author: Admin