Last September, Microsoft announced a revolutionary feature for its Windows 10 browser, Microsoft Edge. That feature, called Windows Defender Application Guard, is now available on the latest Insider Preview Build 16188 for PC that was released last week.
What is the Windows Defender Application Guard and How Does it Work?
Microsoft is using its Hyper-V virtualization technology to provide enhanced security for users of Microsoft Edge. When the Application Guard is turned on and a new browser tab or window is launched, it is run in a location that is isolated from the hardware layer up. Essentially, it creates a virtual machine on your device that runs a new instance of Windows 10. This instance has a separate copy of the kernel, and whatever minimum Windows Platform Services are required to run Edge.
The result is that this instance of Windows 10 has no access to memory, local storage, other apps that are installed, corporate network endpoints or the permanent credentials store.
This isolated instance is then capable of blocking any form of malware attack mounted against the browser either internally or externally. For example, if you click on a malicious link in an email, it will open up in Microsoft Edge as normal. But, in this case, since you have the Application Guard running, it will open the link in a virtual instance of Windows, not the host version that is your normal operating environment. (Note: This particular feature may not work this way on the preview version, but should come to the final public release, per Microsoft’s original announcement about Application Guard for Microsoft Edge.)
This way, any browser-based attack can be effectively disrupted. More importantly, when the tab or Windows is closed, the threat is removed without affecting your system. Since it’s a temporary container, once you close it, the malware gets “thrown away” along with your “disposable container.”
Will Application Guard Restrict Any Functionality?
Now, the question is, will this instance of Windows allow your browser to function normally? Yes, it will. You can still copy-paste content, print it out on a network printer and do things the way you normally would.
In fact, even web developers need not make any changes to their sites for Application Guard because the VM instance of Windows will work in an identical fashion to the host version running on your system.
How Can you Get the Windows Defender Application Guard on your Windows 10 Machine?
Right now, you can get this if you’re on the Windows Insider Program in the Fast Ring. To get on the program, you will need to sign up to the Insider Program, and then wait for approval. Once approved, you will need to update your machine to Build 16188 for PC.
The feature is expected to eventually come to the Windows 10 Fall Creators Update which, until now, has been called Redstone 3. The update is due in September 2017, and will be a free upgrade for all Windows 10 users.
If you’re on Windows 7, Windows 8.1 or other versions (not Pro versions, just Home) you can still get a free upgrade to Windows 10 with your current product key.
Once you’re on Windows 10, you can sign up to the Insider Program for Windows and get on the Fast Ring, where the latest features that will eventually appear on the next major Windows 10 update will first appear. From there, you can access the Windows Defender Application Guard under “Turn Windows features on or off”
Once you click “OK” and restart your machine, the Application Guard will be on, and your browser fully protected by the method described in this article. Once the feature has been fully developed, any link you click on should ideally be opened in an Application Guard window. As I mentioned earlier, for the preview version, it appears that you need to manually open an Application Guard window in Microsoft Edge to take advantage of the feature, once it has been turned on.
Editor’s Note: Insider builds are typically buggy, and could cause issues on your machine. If you’re not confident of handling that type of situation, it’s probably better to stay on Windows 10 Creators Update until the Fall Creators Update drops in September.