Implement and manage Microsoft Defender Application Guard
Microsoft Defender Application Guard isolates browser sessions from the local device by running those sessions in a virtual machine environment; this helps prevent malicious apps or content from accessing the local device.
Requirements
The requirements for Microsoft Defender Application Guard are as follows:
- 64-bit version of Windows 10 Enterprise, Education, or Professional
- 8 GB of physical memory recommended
- Support for virtualization-based security
- Secure Boot
- Virtualization features: Intel VT-x, AMD-V, and SLAT must be enabled
- An Intel VT-d or AMD-Vi input-output memory management unit
Configure Microsoft Defender Application Guard
You can configure Microsoft Defender Application Guard in one of two modes:
- Standalone Mode In standalone mode, users can manage their own device settings.
- Managed Mode With managed mode, an administrator configures appropriate device settings using GPOs, MDM, or Windows PowerShell.
To enable Microsoft Defender Application Guard, use the following procedure:
- Open Control Panel.
- Select Programs.
- Select Turn Windows features on or off.
- Scroll down and select the Microsoft Defender Application Guard check box, as displayed in Figure 3-9.
Figure 3-9 Enabling Microsoft Defender Application Guard
5. Select OK. You are prompted to restart your computer.
To use Microsoft Defender Application Guard in standalone mode, in Microsoft Edge select the ellipsis button and then select New Application Guard Window, as displayed in Figure 3-10. The Microsoft Defender Application Guard service starts, and then a new instance of Microsoft Edge opens.
Figure 3-10 Opening a new Application Guard window
Need More Review? Configure Microsoft Defender Application Guard Policy Settings
To learn how to configure Microsoft Defender Application Guard policies, refer to the Microsoft website at https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.
