Forum Discussion
Windows Defender Application Guard Standalone mode
This feature is puzzling. Why is it touted for Enterpise users? Are you assuming that Enterprise users are the ones who browse dangerous sites the most? Why then this feature is not enabled by default and why it has to be enabled and used this way? Is it hampering browsing in some way, not saving local data, settings, cookies? Then it has a very narrow usage model. Maybe for DoD :D But i'm sure such organizations have other means of blocking their users browsing non-work related sites. It seems that Home users would benefit from such protection the most (i understand that Hyper-V might not be supported on many home PCs, but we live in x64 era already). But it is sold as an added value for Enterprise license, though i don't see much value in it for my organization.
I think perhaps you misunderstand the intent of the feature. I see primarily it as a sandboxed browser session that effectively runs each page in a VM, therefore eliminating any possibility of attacks affecting the core OS. The features about favorites, history etc. they talk about and say they are being implemented in a later release. As for enabling by default, I am sure this will be a Group Policy preference that organisations can set as they need. Some business has VERY critical data that cannot be compromised in any way, so this is a worthwhile feature and it has been, in my experience, the very high-end employees that are most likely to be fooled by website attacks, spoofing etc. so intelligence, age and wisdom are irrelevant with modern IT attacks :-) I do agree it will be a useful addon to the novice home user, or Grandma, but let's help MS get the feature tested and stable, then perhaps the rest will come.
It has nothing to do with stability Local Policy Editor has been there for centuries and Hyper-V for at least a decade
