Turn On or Off Microsoft Defender Application Guard in Windows 10  

Page 1 of 7 123 ... LastLast
    Turn On or Off Microsoft Defender Application Guard in Windows 10

    Turn On or Off Microsoft Defender Application Guard in Windows 10

    How to Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows 10
    Published by Category: Security System
    19 Dec 2023
    Designer Media Ltd

    How to Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows 10


    Microsoft has adopted the Chromium open source project in the development of Microsoft Edge on the desktop to create better web compatibility. This new Microsoft Edge runs on the same Chromium web engine as the Google Chrome browser, offering you best in class web compatibility and performance.

    Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep users or employees productive. Using Microsoft's unique hardware isolation approach, Microsoft's goal is to destroy the playbook that attackers use by making current attack methods obsolete.

    Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting you or your company while browsing the Internet. As an administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

    If a user goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your user's credentials.

    Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows. Microsoft Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

    There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

    Three core features of Microsoft Defender Application Guard:
    • Isolated Browsing - Microsoft Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
    • Help Safeguard your PC - Microsoft Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
    • Malware Removal - Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

    Starting with Windows 10 Enterprise build 16232, Microsoft added support for Microsoft Edge data persistence while using Application Guard. Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions. The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions.

    Starting with Windows 10 build 17063, Microsoft Defender Application Guard will now be available in the Windows 10 Pro edition.

    For more details about Application Guard, see:

    This tutorial will show you how to turn on or off Microsoft Defender Application Guard for the Chromium based Microsoft Edge for all users in Windows 10 Pro, Windows 10 Education, and Windows 10 Enterprise.

    You must be signed in as an administrator to turn on of off the Microsoft Defender Application Guard for Microsoft Edge security feature.

    In Windows 10 build 16193, Windows Defender Application Guard (WDAG) will fail to work on touch PC’s, showing a solid black window on launch. Non-touch enabled devices should not experience the issue. A temporary workaround if you would like to use WDAG is to go to Device Manager, expand Human Interface Devices and disable the “HID-compliant touch screen” and “Intel Precise Touch Device” if they are present. After a reboot try WDAG again. Re-enable these devices to restore touch.


    Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is being deprecated for Microsoft Edge for Business and will no longer be updated. Please download the Microsoft Edge For Business Security Whitepaper to learn more about Edge for Business security capabilities.



    Contents

    • Option One: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Features
    • Option Two: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Security
    • Option Three: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in PowerShell
    • Option Four: Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Command Prompt



    VIDEOS: Microsoft Defender Application Guard for Microsoft Edge
    Turn On or Off Microsoft Defender Application Guard in Windows 10-microsoft_edge_new_application_guard_window-1.png Turn On or Off Microsoft Defender Application Guard in Windows 10-microsoft_edge_new_application_guard_window-2.png










    OPTION ONE

    Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Features


    1 Open Windows Features.

    2 Do step 3 (on) or step 4 (off) for what you want to do.


     3. Turn On "Windows Defender Application Guard" Feature for Microsoft Edge

    A) Check the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below step 4)


     4. Turn Off "Windows Defender Application Guard" Feature for Microsoft Edge

    This is the default setting.

    A) Uncheck the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_defender_application_guard-1.png


    5 When Windows has completed the requested changes, click/tap on Restart now to restart the computer and finish turning on this feature. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_defender_application_guard-2.png

    6 If you turned on the "Windows Defender Application Guard" feature, users on the PC will now be able to open an Application Guard window in Microsoft Edge.






    OPTION TWO

    Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Windows Security


    This option is only available starting with Windows 10 build 17713.


    1 Open Windows Security, and click/tap on the App & browser control icon. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_security-1.jpg

    2 Do step 3 (on) or step 4 (off) for what you want to do.


     3. Turn On "Windows Defender Application Guard" Feature for Microsoft Edge

    A) Click/tap on the Install Microsoft Defender Application Guard link under the Isolated browsing section. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_security-3.png

    B) If prompted by UAC, click/tap on Yes to approve.

    C) Check the Windows Defender Application Guard or Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below step 4C)


     4. Turn Off "Microsoft Defender Application Guard" Feature for Microsoft Edge

    This is the default setting.

    A) Click/tap on the Uninstall Microsoft Defender Application Guard link under the Isolated browsing section. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_security-2.png

    B) If prompted by UAC, click/tap on Yes to approve.

    C) Uncheck the Microsoft Defender Application Guard box, click/tap on OK, and go to step 5 below. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_defender_application_guard-1.png


    5 When Windows has completed the requested changes, click/tap on Restart now to restart the computer and finish turning on this feature. (see screenshot below)

    Turn On or Off Microsoft Defender Application Guard in Windows 10-windows_defender_application_guard-2.png

    6 If you turned on the "Microsoft Defender Application Guard" feature, users on the PC will now be able to open an Application Guard window in Microsoft Edge.






    OPTION THREE

    Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in PowerShell


    1 Open an elevated PowerShell.

    2 Copy and paste the command below you want to use into the elevated PowerShell, and press Enter. (see screenshots below)

    (Turn on Microsoft Defender Application Guard)
    Enable-WindowsOptionalFeature -FeatureName "Windows-Defender-ApplicationGuard" -Online

    OR

    (Turn off Microsoft Defender Application Guard)
    Disable-WindowsOptionalFeature -FeatureName "Windows-Defender-ApplicationGuard" -Online

    3 When prompted to restart the computer, type Y, and press Enter when ready to do so.

    Turn On or Off Microsoft Defender Application Guard in Windows 10-turn_on_windows_defender_application_guard_powershell-1.png Turn On or Off Microsoft Defender Application Guard in Windows 10-turn_off_windows_defender_application_guard_powershell-1.png






    OPTION FOUR

    Turn On or Off Microsoft Defender Application Guard for Microsoft Edge in Command Prompt


    1 Open an elevated command prompt.

    2 Copy and paste the command below you want to use into the elevated command prompt, and press Enter. (see screenshots below)

    (Turn on Microsoft Defender Application Guard)
    Dism /online /Enable-Feature /FeatureName:"Windows-Defender-ApplicationGuard"

    OR

    (Turn off Microsoft Defender Application Guard)
    Dism /online /Disable-Feature /FeatureName:"Windows-Defender-ApplicationGuard"

    3 When prompted to restart the computer, type Y when ready to do so.

    Turn On or Off Microsoft Defender Application Guard in Windows 10-turn_on_windows_defender_application_guard_command-1.png Turn On or Off Microsoft Defender Application Guard in Windows 10-turn_off_windows_defender_application_guard_command-1.png


    That's it,
    Shawn Brink





  1.   My Computers


  2. Posts : 3,105
    W10 Pro + W10 Preview
       #2

    Hi Brink.
    Having a problem trying to set up WDAG.....any suggestions?....This on Insider Build 17063.
      My Computers


  3. Posts : 68,543
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #3

    Hello @dencal, :)

    The bit below from the release notes of Windows 10 build 17063 indicate that WDAG will not be available to the Windows 10 Pro edition until the next build release instead.

    For now, WDAG is still only available for the Windows 10 Enterprise edition.

    Windows Defender Application Guard (WDAG) update: You spoke, and we listened. Microsoft is bringing Windows Defender Application Guard to Windows 10 Professional in the next feature update of Windows 10. Now, like Windows 10 Enterprise users, Windows 10 Pro Users can navigate the Internet in Application Guard knowing their systems are protected from event the most sophisticated browser attacks.
    Last edited by Brink; 21 Dec 2017 at 11:33.
      My Computers


  4. Posts : 3,105
    W10 Pro + W10 Preview
       #4

    To be truthful Brink I had noticed your highlighted "next feature update".
    This conflicts with a note further down concerning this feature.....but I take note of your response.

    It is available now to our awesome Windows Insider community to give it a try and we would like to hear your feedback.
      My Computers


  5. Posts : 68,543
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #5

    Yeah, the article they also linked to below states this, but it is dated "12-01-2017 - last edited Tuesday". I guess they decided to wait until the next build release after 17063.

    Announcing WDAG in PRO SKU - Microsoft Tech Community

    Requirements:

    • Windows 10 Professional, Build: 17053 (or later)
    • en-us only for the current builds; full localized support will arrive soon
    • PC must support virtualization; Hyper-V (some older PCs may not support Hyper-V or have this feature disabled in BIOS)
    • Windows Defender Application Guard is Off by default, it must be enabled manually or by policy
    It certainly does confuse this.
      My Computers


  6. Posts : 3,105
    W10 Pro + W10 Preview
       #6

    Thank you Brink for clarifying the situation.
      My Computers


  7. Posts : 68,543
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #7

    @dencal,

    I just tested in a Windows 10 Pro build 17063 to verify, and I was actually able to enable WDAG after all.
      My Computers


  8. Posts : 3,105
    W10 Pro + W10 Preview
       #8

    Brink.
    Unfortunately cannot do as WDAG is greyed out, stating...Cannot be installed: Virtualisation support is disabled in the firmware.


    Added
    Have successfully enabled Virtualisation in the bios and have now New Application Guard window installed.
      My Computers


  9. Posts : 68,543
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #9

    Great news.
      My Computers


 

Tutorial Categories

Turn On or Off Microsoft Defender Application Guard in Windows 10 Tutorial Index Network & Sharing Instalation and Upgrade Browsers and Email General Tips Gaming Customization Apps and Features Virtualization BSOD System Security User Accounts Hardware and Drivers Updates and Activation Backup and Restore Performance and Maintenance Mixed Reality Phone


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 03:04.
Find Us




Windows 10 Forums