How to Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows 10
Microsoft has adopted the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility. This new Microsoft Edge runs on the same Chromium web engine as the Google Chrome browser, offering you best in class web compatibility and performance.
Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep users or employees productive. Using Microsoft's unique hardware isolation approach, Microsoft's goal is to destroy the playbook that attackers use by making current attack methods obsolete.
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting you or your company while browsing the Internet. As an administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.
If a user goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your user's credentials.
Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows. Microsoft Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.
There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.
Three core features of Microsoft Defender Application Guard:
- Isolated Browsing - Microsoft Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
- Help Safeguard your PC - Microsoft Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
- Malware Removal - Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.
Starting with Windows 10 Enterprise build 16232, Microsoft added support for Microsoft Edge data persistence while using Application Guard. Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions. The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions.
Starting with Windows 10 build 17063, Microsoft Defender Application Guard will now be available in the Windows 10 Pro edition.
For more details about Application Guard, see:
- Microsoft Defender Application Guard overview | Microsoft Docs
- Windows Defender Application Guard System Requirements | Microsoft Docs
- Introducing Windows Defender Application Guard for Microsoft Edge | Windows Blogs
- Windows Defender Application Guard Companion | Microsoft Store
- Windows Defender Application Guard inside Windows Security App - Microsoft Tech Community
- Windows Defender Application Guard Standalone mode - Microsoft Tech Community
- Windows Defender Application Guard Companion app | Microsoft Store
- Windows Defender Application Guard extensions for Chrome and Firefox
This tutorial will show you how to turn on or off Microsoft Defender Application Guard for the Chromium based Microsoft Edge for all users in Windows 10 Pro, Windows 10 Education, and Windows 10 Enterprise.
You must be signed in as an administrator to turn on of off the Microsoft Defender Application Guard for Microsoft Edge security feature.
In Windows 10 build 16193, Windows Defender Application Guard (WDAG) will fail to work on touch PC’s, showing a solid black window on launch. Non-touch enabled devices should not experience the issue. A temporary workaround if you would like to use WDAG is to go to Device Manager, expand Human Interface Devices and disable the “HID-compliant touch screen” and “Intel Precise Touch Device” if they are present. After a reboot try WDAG again. Re-enable these devices to restore touch.
Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is being deprecated for Microsoft Edge for Business and will no longer be updated. Please download the Microsoft Edge For Business Security Whitepaper to learn more about Edge for Business security capabilities.
Contents
- Option One: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Features
- Option Two: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Security
- Option Three: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in PowerShell
- Option Four: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Command Prompt
VIDEOS: Microsoft Defender Application Guard for Microsoft Edge
1 Open Windows Features.
2 Do step 3 (on) or step 4 (off) for what you want to do.
A) Check the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below step 4)
This is the default setting.
A) Uncheck the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below)
5 When Windows has completed the requested changes, click/tap on Restart now to restart the computer and finish turning on this feature. (see screenshot below)
6 If you turned on the "Windows Defender Application Guard" feature, users on the PC will now be able to open an Application Guard window in Microsoft Edge.
This option is only available starting with Windows 10 build 17713.
1 Open Windows Security, and click/tap on the App & browser control icon. (see screenshot below)
2 Do step 3 (on) or step 4 (off) for what you want to do.
A) Click/tap on the Install Microsoft Defender Application Guard link under the Isolated browsing section. (see screenshot below)
B) If prompted by UAC, click/tap on Yes to approve.
C) Check the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below step 4C)
This is the default setting.
A) Click/tap on the Uninstall Microsoft Defender Application Guard link under the Isolated browsing section. (see screenshot below)
B) If prompted by UAC, click/tap on Yes to approve.
C) Uncheck the Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below)
5 When Windows has completed the requested changes, click/tap on Restart now to restart the computer and finish turning on this feature. (see screenshot below)
6 If you turned on the "Microsoft Defender Application Guard" feature, users on the PC will now be able to open an Application Guard window in Microsoft Edge.
1 Open an elevated PowerShell.
2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshots below)
(Turn on Microsoft Defender Application Guard)
Enable-WindowsOptionalFeature -FeatureName "Windows-Defender-ApplicationGuard" -Online
OR
(Turn off Microsoft Defender Application Guard)
Disable-WindowsOptionalFeature -FeatureName "Windows-Defender-ApplicationGuard" -Online
3 When prompted to restart the computer, type Y, and press Enter when ready to do so.
1 Open an elevated command prompt.
2 Copy and paste the command below you want to use into the elevated command prompt, and press Enter. (see screenshots below)
(Turn on Microsoft Defender Application Guard)
Dism /online /Enable-Feature /FeatureName:"Windows-Defender-ApplicationGuard"
OR
(Turn off Microsoft Defender Application Guard)
Dism /online /Disable-Feature /FeatureName:"Windows-Defender-ApplicationGuard"
3 When prompted to restart the computer, type Y when ready to do so.
That's it,
Shawn Brink
Related Tutorials
- How to Open a New Application Guard Window in Microsoft Edge in Windows 10
- Enable Microsoft Edge Data Persistence with Windows Defender Application Guard in Windows 10
- Enable Download to Host from Windows Defender Application Guard Microsoft Edge session in Windows 10
- How to Turn On or Off Save Data in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Copy and Paste in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Printing in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Camera and Microphone in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Advanced Graphics in Application Guard for Microsoft Edge in Windows 10