Forum Discussion
Yolando Pereira
Microsoft
MicrosoftWindows Defender Application Guard Standalone mode
Many businesses worldwide have come under increasing threat of targeted attacks, where attackers are crafting specialized attacks against a particular business, attempting to take control of corp...
This feature is puzzling. Why is it touted for Enterpise users? Are you assuming that Enterprise users are the ones who browse dangerous sites the most? Why then this feature is not enabled by default and why it has to be enabled and used this way? Is it hampering browsing in some way, not saving local data, settings, cookies? Then it has a very narrow usage model. Maybe for DoD :D But i'm sure such organizations have other means of blocking their users browsing non-work related sites. It seems that Home users would benefit from such protection the most (i understand that Hyper-V might not be supported on many home PCs, but we live in x64 era already). But it is sold as an added value for Enterprise license, though i don't see much value in it for my organization.
I think perhaps you misunderstand the intent of the feature. I see primarily it as a sandboxed browser session that effectively runs each page in a VM, therefore eliminating any possibility of attacks affecting the core OS. The features about favorites, history etc. they talk about and say they are being implemented in a later release. As for enabling by default, I am sure this will be a Group Policy preference that organisations can set as they need. Some business has VERY critical data that cannot be compromised in any way, so this is a worthwhile feature and it has been, in my experience, the very high-end employees that are most likely to be fooled by website attacks, spoofing etc. so intelligence, age and wisdom are irrelevant with modern IT attacks :-) I do agree it will be a useful addon to the novice home user, or Grandma, but let's help MS get the feature tested and stable, then perhaps the rest will come.
It has nothing to do with stability Local Policy Editor has been there for centuries and Hyper-V for at least a decade
Application Guard feature just like Credential Guard and Device Guard depends on underlying feature called Virtual Secure Mode. Which depends on Hyper-V and is Controlled by Group Policy and all these features are available on Enterprise Edition only. Virtualization extensions might or might not be present on all underlying hardware, though mostly they are present now a days.
Hence the reason for this to be available on Enterprise edition only.
Refer:
application-guard-microsoft-edge
Does this that Hyper-V will be removed from Windows 10 Pro in next releases?
No. If you download a Windows Insider build you'll see Hyper-V is in Windows 10 Pro as well.
- Indeed. Even for users who have hardware support for Hyper-V, they may choose not to install it because lots of Android emulator (or I would say, all emulators people commonly used to play and stream Android gameplay) won't work with Hyper-V component installed.
