Enable Microsoft Edge Data Persistence with Microsoft Defender Application Guard in Windows 10
Starting with Windows 10 Enterprise build 16188, Microsoft has made it easy to test drive Microsoft Edge with Application Guard.
Microsoft Edge running in Application Guard provides enterprises the maximum level of protection from malware and zero day attacks against Windows. Microsoft Defender Application Guard for Microsoft Edge is a lightweight virtual machine that helps isolate potentially malicious website activity from reaching your operating systems, apps, and data.
There is no persistence of any cookies or local storage when an Application Guard window is closed in Microsoft Edge.
Three core features of Windows Defender Application Guard:
- Isolated Browsing - Windows Defender Application Guard uses the latest virtualization technology to help protect your operating system by creating an isolated environment for your Microsoft Edge session.
- Help Safeguard your PC - Windows Defender Application Guard starts up every time you visit a non-work-related site to help keep potentially malicious attacks away from your PC.
- Malware Removal - Any websites you visit, files you download, or settings you change while in this isolated environment are deleted when you sign out of Windows, wiping out any potential malware.
Starting with Windows 10 Enterprise build 16232, Microsoft added support for Microsoft Edge data persistence while using Application Guard. Once enabled, data such as your favorites, cookies, and saved passwords will be persisted across Application Guard sessions. The persisted data will be not be shared or surfaced on the host, but it will be available for future Microsoft Edge in Application Guard sessions.
When you have enabled Data Persistence for Application Guard, the site you saved to your Favorites will be available for later use, with Microsoft Edge in Application Guard, even after reboots as well as build to build upgrades of Windows 10.
Microsoft Defender Application Guard will need to be turned on for users on the PC to be able to open a new Application Guard window in Microsoft Edge.
See also: Application Guard testing scenarios - Data persistence options | Microsoft Docs
This tutorial will show you how to enable or disable Microsoft Edge data persistence while using Microsoft Defender Application Guard for all users in Windows 10 Enterprise and Education.
You must be signed in as an administrator to enable or disable Microsoft Edge data persistence with Application Guard.
Microsoft Defender Application Guard, including the Windows Isolated App Launcher APIs, is being deprecated for Microsoft Edge for Business and will no longer be updated. Please download the Microsoft Edge For Business Security Whitepaper to learn more about Edge for Business security capabilities.
Contents
- Option One: Enable or Disable Data Persistence in Microsoft Edge with Application Guard from Local Group Policy
- Option Two: Enable or Disable Data Persistence in Microsoft Edge with Application Guard using a REG file
EXAMPLE: Microsoft Defender Application Guard for Microsoft Edge
1 Open the Local Group Policy Editor.
2 Navigate to the location below in the left pane of the Local Group Policy Editor. (see screenshot below)
Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Application Guard
3 In the right pane of Microsoft Defender Application Guard in Local Group Policy Editor, double click/tap on the Allow data persistence for Microsoft Defender Application Guard policy to edit it. (see screenshot above)
4 Do step 5 (enable) or step 6 (disable) below for what you would like to do.
A) Select (dot) Enabled, click/tap on OK, and go to step 7 below. (see screenshot below)
A) Select (dot) Not Configured or Disabled, click/tap on OK, and go to step 7 below. (see screenshot below)
Not Configured is the default setting.
7 When finished, you can close the Local Group Policy Editor if you like.
The downloadable .reg files below will add and modify the DWORD value in the registry keys below.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{06B65579-249A-4A42-A45F-5DE7BC943143}Machine\Software\Policies\Microsoft\AppHVSI]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy Objects\{06B65579-249A-4A42-A45F-5DE7BC943143}Machine\Software\Policies\Microsoft\AppHVSI
AllowPersistence DWORD
0 or delete = Disable
1 = Enable
1 Do step 2 (enable) or step 3 (disable) below for what you would like to do.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Enable_data_persistance_using_Microsoft_Edge_with_Application_Guard.reg
Download
This is the default setting.
A) Click/tap on the Download button below to download the file below, and go to step 4 below.
Disable_data_persistance_using_Microsoft_Edge_with_Application_Guard.reg
Download
4 Save the .reg file to your desktop.
5 Double click/tap on the downloaded .reg file to merge it.
6 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
7 Either Sign out and sign in or restart the computer to apply.
8 If you like, you can now delete the downloaded .reg file.
That's it,
Shawn
Related Tutorials
- How to Turn On or Off Windows Defender Application Guard for Microsoft Edge in Windows 10
- How to Open a New Application Guard Window in Microsoft Edge in Windows 10
- Enable Download to Host from Windows Defender Application Guard Microsoft Edge session in Windows 10
- How to Turn On or Off Save Data in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Copy and Paste in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Printing in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Camera and Microphone in Application Guard for Microsoft Edge in Windows 10
- How to Turn On or Off Advanced Graphics in Application Guard for Microsoft Edge in Windows 10