MicrosoftAnnouncing WDAG in PRO SKU
Windows Defender Application Guard provides unprecedented protection against targeted threats using Microsoft's industry leading Hyper-V virtualization technology. In our recent Fall Creators update, we introduced this new layer of defense for the Microsoft Edge browser to businesses running the Enterprise version of Windows. We also provided an unmanaged “standalone mode” for interested users to give the technology a try. Many enthusiastic Insiders did try out this new experience only to find standalone mode was only available on the Enterprise version of Windows.
“Make this feature available to Pro version users.”
“Please bring Windows Defender Application Guard to Windows 10 Professional. We need this!”
Well, you spoke, and we listened. We are bringing this new defense-in-depth protection to Windows 10 Professional in RS4. Now, like Windows 10 Enterprise users, Windows 10 Pro Users can navigate the Internet in Application Guard knowing their systems are safe from common web based attacks. It is available now to our awesome Windows Insider community to give it a try and provide feedback.
Here is a recent talk on Window Defender Application Guard if you'd like to understand this feature in some more detail. Below are some steps you can take to enable this cutting edge experience on the latest Windows Insider Preview build.
How to setup and configure your system for Windows Defender Application Guard
Requirements:
- Windows 10 Professional, Build: 17053 (or later)
- en-us only for the current builds; full localized support will arrive soon
- PC must support virtualization; Hyper-V (some older PCs may not support Hyper-V or have this feature disabled in BIOS)
- Windows Defender Application Guard is Off by default, it must be enabled manually or by policy
You can turn on Windows Defender Application Guard using the Turn Windows features on or off dialog. Select the checkbox as shown below for Windows Defender Application Guard.
Click OK and then restart your computer.
How to Use Windows Defender Application Guard
1. Open Edge and click on the menu in the top right corner
2. Click on "New Application Guard window" as shown below
Windows Defender Application Guard
3. You will see the following splash screen after which a new instance of Edge will open with Windows Defender Application Guard enabled.
4. The new instance of Edge will open with Windows Defender Application Guard enabled
We encourage Windows Insiders to use Windows Defender Application Guard with Microsoft Edge to browse the Web. Your feedback, suggestions, and telemetry will help us to improve this feature.
Feedback Hub link: Launch Windows Feedback for Microsoft Edge\Application Guard
FAQ
1. What are the system requirements for running Application Guard on Windows Professional?
The system requirements are the same as for running Application Guard on Windows Enterprise systems. See our system requirements documentation for more information.
2. Why don't I see my Favorites in the Application Guard Edge session?
To keep your Application Guard Edge session secure and isolated from the host PC, favorites from the Application Guard Edge session are not copied back to your host PC. See below for enabling this feature.
3.How can I save favorites in my Application Guard Edge Session?
Users can configure features including Persistence, Printing and Clipboard through the registry. To configure:
Navigate to the registry editor using “regedit.”
- Caution: misconfiguring registry settings could have adverse effects on the device
1. Under “HKLM:\software\microsoft\HVSI” users can configure the following registry keys.
2. Changing to values to a “1” from a “0” enables the given feature. Changing values back to “0” disables the feature.
4. Can I download documents from the Application Guard Edge session onto my host PC?
This functionality is planned for a future release.
5. Can I run third party applications (other browsers) in Application Guard?
No. Application Guard is designed to protect users from malicious software running in the container. To ensure malicious applications cannot run in the container, Microsoft limits the applications able to run in the container.
6. How can I configure Application Guard to automatically determine which sites should open in the container?
Application Guard for Windows 10 Professional is only designed to be used in stand alone mode. The ability to deploy enforcement of trusted vs. untrusted websites is only available in the Enterprise version.
