Microsoft Windows defender is a relatively new security application guard extension for Chrome and Firefox designed to help prevent old and newly emerging attacks to help keep employees productive. Using the Microsoft unique hardware isolation approach, the goal is to destroy the playbook that attackers use by making current attack methods obsolete. Presently, the application extensions only work for Chrome and Firefox running on current Windows Insider builds, but are expected to work with the upcoming Windows 10 stable release, 19H1, scheduled for release later.

The Windows defender application guard is designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

Microsoft said the Windows defender will allow enterprise administrators set up a list of trusted websites and local resources that the user can access using Edge. If a user accesses an URL that is not on this list, Windows defender application guard comes into effect and starts a sandboxed session of Edge (an Hyper-V-enabled container) where the new website will be loaded in a safe environment isolated from the rest of the Edge browser and underlying operating system.

Microsoft Windows Defender Guard overview

Microsoft Windows Defender

Enterprise desktops: These desktops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.

READ  Skype Updates Now Enhances IP Address Privacy Option

Enterprise mobile laptops: These laptops are domain-joined and managed by your organization. Configuration management is primarily done through System Center Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.

Bring your own device (BYOD) mobile laptops: These personally-owned laptops are not domain-joined, but are managed by your organization through tools like Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.

System requirements

Threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Windows Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.

Hardware requirements

64-bit CPU: A 64-bit computer with a minimum of 4 cores (logical processors) is required for the hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see Hyper-V on Windows Server 2016 or Introduction to Hyper-V on Windows 10. For more info about hypervisor, see Hypervisor Specifications.
CPU virtualization extensions: Extended page tables, also called Second Level Address Translation (SLAT)

AND: One of the following virtualization extensions for VBS:

VT-x (Intel)
OR: – AMD-V
Hardware memory: Microsoft requires a minimum of 8GB RAM
Hard disk: 5 GB free space, solid state disk (SSD) recommended
Input/Output Memory Management Unit (IOMMU) support: Not required, but strongly recommended

Software requirements

Operating system: Windows 10 Enterprise edition, version 1709 or higher
Windows 10 Professional edition, version 1803
Browser: Microsoft Edge and Internet Explorer, Firefox, Chrome
Management system (only for managed devices): Microsoft Intune

READ  Sony PlayStation 3 Software for PS3 System Update

OR: System Center Configuration Manager
OR: Group Policy
OR: Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.

Personal devices: These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.

Install application guard. Anytime a Chrome and Firefox users access a website that is not a local list of admin-designated trusted websites, the Microsoft Windows defender would load the untrusted URL inside a sandboxed Edge browser. The user will be pulled out of their preferred browsers like Chrome and Firefox, but this would be done for security purposes only.

Add credibility to your online business with a free 1 year SSL Certificates issue in minutes with no paperwork! Renewable annually @ $7.95! => "If you are looking to build traffic for your website, LinkCollider has helped me to reach over 50 million social media shares. I would highly recommend "LinkCollider! for your Online Business