Dec 01 2017 04:25 PM - edited Feb 05 2018 02:41 PM
Windows Defender Application Guard provides unprecedented protection against targeted threats using Microsoft's industry leading Hyper-V virtualization technology. In our recent Fall Creators update, we introduced this new layer of defense for the Microsoft Edge browser to businesses running the Enterprise version of Windows. We also provided an unmanaged “standalone mode” for interested users to give the technology a try. Many enthusiastic Insiders did try out this new experience only to find standalone mode was only available on the Enterprise version of Windows.
“Make this feature available to Pro version users.”
“Please bring Windows Defender Application Guard to Windows 10 Professional. We need this!”
Well, you spoke, and we listened. We are bringing this new defense-in-depth protection to Windows 10 Professional in RS4. Now, like Windows 10 Enterprise users, Windows 10 Pro Users can navigate the Internet in Application Guard knowing their systems are safe from common web based attacks. It is available now to our awesome Windows Insider community to give it a try and provide feedback.
Here is a recent talk on Window Defender Application Guard if you'd like to understand this feature in some more detail. Below are some steps you can take to enable this cutting edge experience on the latest Windows Insider Preview build.
How to setup and configure your system for Windows Defender Application Guard
Requirements:
You can turn on Windows Defender Application Guard using the Turn Windows features on or off dialog. Select the checkbox as shown below for Windows Defender Application Guard.
Click OK and then restart your computer.
How to Use Windows Defender Application Guard
1. Open Edge and click on the menu in the top right corner
2. Click on "New Application Guard window" as shown below
Windows Defender Application Guard
3. You will see the following splash screen after which a new instance of Edge will open with Windows Defender Application Guard enabled.
4. The new instance of Edge will open with Windows Defender Application Guard enabled
We encourage Windows Insiders to use Windows Defender Application Guard with Microsoft Edge to browse the Web. Your feedback, suggestions, and telemetry will help us to improve this feature.
Feedback Hub link: Launch Windows Feedback for Microsoft Edge\Application Guard
FAQ
1. What are the system requirements for running Application Guard on Windows Professional?
The system requirements are the same as for running Application Guard on Windows Enterprise systems. See our system requirements documentation for more information.
2. Why don't I see my Favorites in the Application Guard Edge session?
To keep your Application Guard Edge session secure and isolated from the host PC, favorites from the Application Guard Edge session are not copied back to your host PC. See below for enabling this feature.
3.How can I save favorites in my Application Guard Edge Session?
Users can configure features including Persistence, Printing and Clipboard through the registry. To configure:
Navigate to the registry editor using “regedit.”
1. Under “HKLM:\software\microsoft\HVSI” users can configure the following registry keys.
2. Changing to values to a “1” from a “0” enables the given feature. Changing values back to “0” disables the feature.
4. Can I download documents from the Application Guard Edge session onto my host PC?
This functionality is planned for a future release.
5. Can I run third party applications (other browsers) in Application Guard?
No. Application Guard is designed to protect users from malicious software running in the container. To ensure malicious applications cannot run in the container, Microsoft limits the applications able to run in the container.
6. How can I configure Application Guard to automatically determine which sites should open in the container?
Application Guard for Windows 10 Professional is only designed to be used in stand alone mode. The ability to deploy enforcement of trusted vs. untrusted websites is only available in the Enterprise version.
Dec 19 2017 07:11 PM
Will this be coming to Windows 10 Education as well?
Jan 17 2018 09:37 PM - edited Jan 17 2018 09:54 PM
Sorry, this feature most likely will only be offered in the Professional and Higher Versions of Windows 10. Unfortunately, the reason for this is due to the cost barrier. Please Contact Microsoft in writing for further information at Microsoft Corporation One Microsoft Way Redmond, WA 98052-6399 USA
Jan 18 2018 05:51 AM
Dan,
Thank you for replying. My assumption was that Education Edition is a Higher Version then Pro. Based off the features available per the Wiki https://en.wikipedia.org/wiki/Windows_10_editions . I will reach out to our TAM and escalate.
Travis
Jan 18 2018 10:03 AM
Based on the Wiki Article provided - "EducationWindows 10 Education is distributed through Academic Volume Licensing. Initially, it was reported to have the same feature set as Windows 10 Enterprise.[1][2][3] As of version 1709, however, this edition has less features. See § Comparison chart for details"
Yes, please escalate the issue as needed.
Dan Weiser
Jan 24 2018 11:49 PM
Jan 25 2018 04:36 AM
I think you are trying to say that you are using Mozilla Firefox in a Ubuntu Window on a Win10 desktop. Is the Windows 10 desktop a current supported model or is this a preview release? Please enlighten us to version model of Windows 10 desktop? Are you running Ubuntu (also are interested in version number) in a Virtual Machine within a Windows 10 Environment and then proceeding to load Xming Server while running in a Bash window on top of Mozilla Firefox and you are not getting any current support because this is an unsupported configuration (meaning what you are doing is not in the current Microsoft regimen) but it is working as a test model for you. Is this correct and can you explain further what your expected outcome from this testing will be or is this just for personal interest?
Jan 28 2018 11:06 PM
Jan 29 2018 05:24 AM
Nice. Thanks for sharing. I will have to check this out as time allows but I am too busy now with fixing computers and networks. In addition, I have my next computer certification test coming up in the middle of February.