Windows Defender Application Guard

Windows Defender Application Guard

This time let’s give Windows Defender Application Guard a very simple test:

You can test this on a physical client or a Hyper-v client, take a look here for the requirements:

Testing Windows Defender Application Guard on a VM

The test will be done in an enterprise Active Directory domain (Enterprise-managed mode).

First lets create a Group policy (GPO) for Windows Defender Application Guard and apply it to the OU holding our clients.

Go to the following setting:

Computer ConfigurationPoliciesAdministrative TemplatesNetworkNetwork IsolationEnterprise resource domains hosted in the cloud

In the Enterprise cloud resources you can enter a pipe-separated (|) list of domain cloud resources (Trusted domains).

The domains you enter here will be rendered using Microsoft Edge (or Internet Explorer) and won’t be accessible from the Application Guard environment.

You can use a leading “.” as a wildcard character to trust subdomains. Configuring .mindcore.dk will automatically trust subdomain1.mindcore.dk and subdomain2.mindcore.dk etc.

image

Next go to:

Computer ConfigurationPoliciesAdministrative TemplatesWindows ComponentsWindows Defender Application GuardTurn on Windows Defender Application Guard in Enterprise Mode

Enable Windows Defender Application Guard for Microsoft Edge by setting the option 1:

image

Update group policies on the client by running gpupdate /force

image

Lets open Edge and go to https://www.mindcore.dk, since this is a trusted domain the site will open directly on the host PC instead of in Windows Defender Application Guard.

image

Now let try a site not in the trusted list like https://www.microsoft.com this time we will be redirected to the hardware-isolated Edge environment, shown with the icon in the upper left hand corner:

image

Starting Application Guard too quickly after restarting the device might cause it to take a bit longer to load and show you this message. However, subsequent starts should occur without delays.

image

Now lets try the same in Internet Explorer, https://www.mindcore.dk still opens directly in Internet Explorer:

image

www.microsoft.com will again be redirected to the hardware-isolated Edge environment:

image

If you try to copy to or from the Windows Defender Application Guard Edge browser you will see the message:

Your admin doesn’t allow you to copy and paste this content between Application Guard and other apps.

image

Stay tuned on till next time, were we will test some more Windows Defender Application Guard settings.

Table of Contents

Share this post
Search blog posts
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect consultant with focus on Endpoint Management and Microsoft Sentinel.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe