Published by


Brink's Avatar
Administrator

Posts: 25,251

Show Printable Version 


Enable Microsoft Edge Data Persistence with Windows Defender Application Guard in Windows 10

information   Information
Microsoft Edge is a new web browser that is available across the Windows 10 device family. It is designed for Windows 10 to be faster, safer, and compatible with the modern Web.

Starting with Windows 10 Enterprise build 16188, Microsoft has made it easy to test drive Microsoft Edge with Application Guard.

Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.

There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.

Three core features of Windows Defender Application Guard:
  • Isolated Browsing - Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
  • Help Safeguard your PC - Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
  • Malware Removal - Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.

Starting with Windows 10 Enterprise build 16232, Microsoft added support for Microsoft Edge data persistence while using Application Guard. Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions. The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions.

When you have enabled Data Persistence for Application Guard, the site you saved to your Favorites will be available for later use, with Microsoft Edge in Application Guard, even after reboots as well as build to build upgrades of Windows 10.

This tutorial will show you how to enable or disable Microsoft Edge data persistence while using Windows Defender Application Guard for all users in Windows 10 Enterprise.

You must be signed in as an administrator to enable or disable Microsoft Edge data persistence with Application Guard.


CONTENTS:
  • Option One: Enable or Disable Data Persistence in Microsoft Edge with Application Guard from Local Group Policy
  • Option Two: Enable or Disable Data Persistence in Microsoft Edge with Application Guard using a REG file


EXAMPLE: Windows Defender Application Guard for Microsoft Edge



Name:  Data_Persistance_in_Microsoft_Edge_Application_Guard.jpg
Views: 508
Size:  36.3 KB






Enable Data Persistence for Microsoft Edge in Application Guard OPTION ONE Enable Data Persistence for Microsoft Edge in Application Guard
Enable or Disable Data Persistence in Microsoft Edge with Application Guard from Local Group Policy

1. Open the Local Group Policy Editor.

2. Navigate to the location below in the left pane of the Local Group Policy Editor. (see screenshot below)

Computer Configuration > Administrative Templates > Windows Components > Windows Defender Application Guard

Click image for larger version. 

Name:	Data_Persistance_in_Microsoft_Edge_Application_Guard_gpedt-1.png 
Views:	43 
Size:	47.9 KB 
ID:	141889

3. In the right pane of Windows Defender Application Guard in Local Group Policy Editor, double click/tap on the Allow data persistance for Windows Defender Application Guard policy to edit it. (see screenshot above)

4. Do step 5 (enable) or step 6 (disable) below for what you would like to do.


 5. To Enable Data Persistence in Microsoft Edge with Application Guard

A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)


 6. To Disable Data Persistence in Microsoft Edge with Application Guard

A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)

NOTE: Not Configured is the default setting.

Name:  Data_Persistance_in_Microsoft_Edge_Application_Guard_gpedt-2.png
Views: 525
Size:  43.3 KB

7. When finished, you can close the Local Group Policy Editor if you like.






Enable Data Persistence for Microsoft Edge in Application Guard OPTION TWO Enable Data Persistence for Microsoft Edge in Application Guard
Enable or Disable Data Persistence in Microsoft Edge with Application Guard using a REG file

Note   Note
This option sets the same policy in Option One above, but via Registry Editor instead.

The .reg files below will add and modify the DWORD value in the registry keys below.

Code:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{06B65579-249A-4A42-A45F-5DE7BC943143}Machine\Software\Policies\Microsoft\AppHVSI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{06B65579-249A-4A42-A45F-5DE7BC943143}Machine\Software\Policies\Microsoft\AppHVSI

AllowPersistence DWORD

0 or delete = Disable
1 = Enable


1. Do step 2 (enable) or step 3 (disable) below for what you would like to do.


 2. To Enable Data Persistence in Microsoft Edge with Application Guard

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Enable_data_persistance_using_Microsoft_Edge_with_Application_Guard.reg

download


 3. To Disable Data Persistence in Microsoft Edge with Application Guard

NOTE: This is the default setting.

A) Click/tap on the Download button below to download the file below, and go to step 4 below.

Disable_data_persistance_using_Microsoft_Edge_with_Application_Guard.reg

download

4. Save the .reg file to your desktop.

5. Double click/tap on the downloaded .reg file to merge it.

6. If prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.

7. Sign out and sign in or restart the computer to apply.

8. If you like, you can now delete the downloaded .reg file.



That's it,
Shawn