If you want to test Windows Defender Application Guard your test environment must meet the requirements:
A 64-bit computer with minimum 4 cores (logical processors) with CPU virtualization extension, minimum 8GB RAM and 5 GB free space.
But what if we want to test this on a virtual Windows 10 running on Hyper-v?
When you try to enable Windows Defender Application Guard you might see warnings like these.
Windows Defender Application Guard cannot be installed: The Processor does not have required virtualization capabilities:
Windows Defender Application Guard is not supported on this device configuration:
But we can still test on hyper-V, let me show a working configuration, you will be able to use lower settings, but it order to test this will work:
Use a Generation 2 VM with at least 4 GB RAM:
Use at least 2 virtual processors:
I have TPM and secure boot enabled, but it seems to work without, but enabling both will not hurt:
Then we need to enable nested virtualization on the VM, with PowerShell on the Hyper-v host:
https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization
Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true
Next since we do not fulfill the requirements, let’s lower requirements with use of registry settings as explained in the WDAG FAQ:
I have lowered the processor requirement (SpecRequiredProcessorCount) and the memory requirement (SpecRequiredMemoryInGB)
HKLMsoftwareMicrosoftHvsiSpecRequiredMemoryInGB
HKLMsoftwareMicrosoftHvsiSpecRequiredProcessorCount
And now we are able to enable Windows Defender Application Guard:
A reboot is required:
We are now ready to test, stay tuned for the next article about Windows Defender Application Guard.
