Testing Windows Defender Application Guard on a VM

Testing Windows Defender Application Guard on a VM

If you want to test Windows Defender Application Guard your test environment must meet the requirements:

A 64-bit computer with minimum 4 cores (logical processors) with CPU virtualization extension, minimum 8GB RAM and 5 GB free space.

But what if we want to test this on a virtual Windows 10 running on Hyper-v?

When you try to enable Windows Defender Application Guard you might see warnings like these.

Windows Defender Application Guard cannot be installed: The Processor does not have required virtualization capabilities:

image

Windows Defender Application Guard is not supported on this device configuration:

image

But we can still test on hyper-V, let me show a working configuration, you will be able to use lower settings, but it order to test this will work:

Use a Generation 2 VM with at least 4 GB RAM:

image

Use at least 2 virtual processors:

image

I have TPM and secure boot enabled, but it seems to work without, but enabling both will not hurt:

image

Then we need to enable nested virtualization on the VM, with PowerShell on the Hyper-v host:

https://docs.microsoft.com/en-us/virtualization/hyper-v-on-windows/user-guide/nested-virtualization

Set-VMProcessor -VMName <VMName> -ExposeVirtualizationExtensions $true

image

Next since we do not fulfill the requirements, let’s lower requirements with use of registry settings as explained in the WDAG FAQ:

https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-guard/faq-wd-app-guard

I have lowered the processor requirement (SpecRequiredProcessorCount) and the memory requirement (SpecRequiredMemoryInGB)

HKLMsoftwareMicrosoftHvsiSpecRequiredMemoryInGB

HKLMsoftwareMicrosoftHvsiSpecRequiredProcessorCount

 image

And now we are able to enable Windows Defender Application Guard:

image

A reboot is required:

image

We are now ready to test, stay tuned for the next article about Windows Defender Application Guard.

Table of Contents

Share this post
Search blog posts
Search
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe