Category: Microsoft|Sep 11, 2020 | Author: Admin

Microsoft puts Application Guard for Office into public preview

Share on

The defensive technology walls off untrusted Office documents to prevent attack code carried by malicious files from reaching the operating system or its apps.

Microsoft has launched a public preview of "Microsoft Defender Application Guard for Office," a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operation – something that existing documentation omitted when the public preview was launched late last month.

"Microsoft Office will open files from potentially unsafe locations in Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container."

Application Guard has some history. The feature debuted in 2018 and was originally designed for Edge, Microsoft's Windows 10 browser. (We're talking about the original Edge here, the one using Microsoft's own technologies, including the EdgeHTML rendering engine.)

Application Guard creates a disposable instance of both Windows and Edge – very condensed versions of the OS and the browser – in a virtualized environment using Windows' baked-in HyperVisor technology. Every opening between the pseudo machine, the virtual machine, and the real deal is bricked up, barring almost all interaction between the web session and the physical device.

Users can then browse in a more secure environment because it prevents malware from reaching the real operating system and real applications on the real device (as opposed to the virtual instance). When the user is finished, the virtualized Windows+Edge is discarded. Think of it as a very brutal quarantine that erases the patient if he or she gets sick.

Works with Word, Excel, and PowerPoint
Application Guard for Office works in much the same way, but rather than protect Edge, it isolates certain files opened in Word, Excel, or PowerPoint. Documents obtained from the general Internet – intranet domains or domains that have not been marked as trusted – files from potentially unsafe areas and attachments received via Outlook are opened in a virtualized environment, or sandbox, where malicious code can't wreak havoc.

For the public preview, customers must be running Windows 10 Enterprise 2004 or later, the Office Beta Channel build 2008 16.0.13212 or later, this update, and a license for Microsoft 365 E5 (the most comprehensive, most expensive edition) or Microsoft 365 E5 Mobility + Security.

Unlike the much older Protected View, another Office defensive feature, which opens potentially dangerous documents as read-only, files opened in Application Guard can be manipulated. They can be printed, edited, and saved. When saved, however, they remain in the isolation container and when reopened later, again are quarantined in that sandbox.

Word, Excel, or PowerPoint indicates that the current document has been opened within Application Guard with several visual signals, including a pop-up notice in the app's ribbon and a differently-marked icon in the Windows taskbar.

If the user decides to definitely trust the document – which may be the weak link in Application Guard's protection – he or she can move it out of quarantine and deposit it in a local or network folder. (Confirmations are required here, though, so at least the user is prompted to reconsider before pulling the trust trigger.)

IT administrators can control much of this, and more, through Application Guard's configuration settings, which range from copy-paste (allow/not allow) and printing (limit to, say, print-as-PDF only) to making it even more difficult for employees to open a file outside of Application Guard.

Barbare's blog post should be valuable to both users and IT admins.

Technically-savvy workers could be pointed to the post for both the background of the Application Guard and the workings of the Office-specific edition now available as a public preview. (This assumes that IT switches on Application Guard via group policy or a PowerShell command.) Armed with the post, they could be let loose without any assistance.

IT administrators preparing their charges for the roll-out of Application Guard could use Barbare's post to construct help desk documents and how-tos to distribute to those who will use the feature, repurposing his screenshots, for instance, or using them as a guide to craft company-specific step-by-step instructions.

(There are several bits of Application Guard documentation on Microsoft's site, but the best is this "Application Guard for Office (public preview) for admins," which was also posted Monday.)

Barbare did not say when Application Guard for Office will wrap up the public preview and shift to general availability for Windows 10 Enterprise and Microsoft 365 E5 users. (Or perhaps others as well; Microsoft began Application Guard as a Windows 10 Enterprise-only feature, but later expanded it to include Windows 10 Pro.)

Microsoft's roadmap, however, currently lists a December 2020 release.

Sponsored Ads:


How to remove Samsung's new lock

Category: General|Jul 24, 2024 | Author: Admin

Intel: “We have found the bug”

Category: IT|Jul 23, 2024 | Author: Admin

Microsoft blames EU for Windows not being secure

Category: Microsoft|Jul 22, 2024 | Author: Admin

Chip stocks volatile with China-US spat in focus

Category: IT|Jul 21, 2024 | Author: Admin

OpenAI unveils cheaper small AI model GPT-4o mini

Category: IT|Jul 20, 2024 | Author: Admin

“iPhone 15” is struggling

Category: Apple|Jul 19, 2024 | Author: Admin

A new era for mobiles

Category: Google|Jul 18, 2024 | Author: Admin

Has opened for credit card trading of Bitcoin

Category: IT|Jul 17, 2024 | Author: Admin

Now everyone can test the new from Apple!

Category: Apple|Jul 16, 2024 | Author: Admin

Google reportedly is close to buying cybersecurity company Wiz for $23 billion

Category: Google|Jul 15, 2024 | Author: Admin

OpenAI whistleblowers ask SEC to investigate alleged restrictive non-disclosure agreements

Category: IT|Jul 14, 2024 | Author: Admin

Norwegian Vivaldi reaches out to Google

Category: IT|Jul 13, 2024 | Author: Admin

Soon, Apple fans may flee Google, and the other way around

Category: IT|Jul 12, 2024 | Author: Admin

Apple's iPhone change is fantastic for Norwegians - Vipps rejoices

Category: Apple|Jul 11, 2024 | Author: Admin

iPhone gets it five years after Android

Category: Google|Jul 10, 2024 | Author: Admin