This time let’s give Windows Defender Application Guard a very simple test:
You can test this on a physical client or a Hyper-v client, take a look here for the requirements:
Testing Windows Defender Application Guard on a VM
The test will be done in an enterprise Active Directory domain (Enterprise-managed mode).
First lets create a Group policy (GPO) for Windows Defender Application Guard and apply it to the OU holding our clients.
Go to the following setting:
Computer ConfigurationPoliciesAdministrative TemplatesNetworkNetwork IsolationEnterprise resource domains hosted in the cloud
In the Enterprise cloud resources you can enter a pipe-separated (|) list of domain cloud resources (Trusted domains).
The domains you enter here will be rendered using Microsoft Edge (or Internet Explorer) and won’t be accessible from the Application Guard environment.
You can use a leading “.” as a wildcard character to trust subdomains. Configuring .mindcore.dk will automatically trust subdomain1.mindcore.dk and subdomain2.mindcore.dk etc.
Next go to:
Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender Application GuardTurn on Windows Defender Application Guard in Enterprise Mode
Enable Windows Defender Application Guard for Microsoft Edge by setting the option 1:
Update group policies on the client by running gpupdate /force
Lets open Edge and go to https://www.mindcore.dk, since this is a trusted domain the site will open directly on the host PC instead of in Windows Defender Application Guard.
Now let try a site not in the trusted list like https://www.microsoft.com this time we will be redirected to the hardware-isolated Edge environment, shown with the icon in the upper left hand corner:
Starting Application Guard too quickly after restarting the device might cause it to take a bit longer to load and show you this message. However, subsequent starts should occur without delays.
Now lets try the same in Internet Explorer, https://www.mindcore.dk still opens directly in Internet Explorer:
www.microsoft.com will again be redirected to the hardware-isolated Edge environment:
If you try to copy to or from the Windows Defender Application Guard Edge browser you will see the message:
Your admin doesn’t allow you to copy and paste this content between Application Guard and other apps.
Stay tuned on till next time, were we will test some more Windows Defender Application Guard settings.