Microsoft’s Application Guard for Office – an enterprise security feature that isolates untrusted documents to protect users against malicious and potentially harmful threats – is now generally available.
Announced Wednesday, months after it was first available in public preview, Application Guard is being marketed as a way to better protect remote and hybrid employees from downloading malicious files that contain viruses, worms or other malware that could harm the organization.
The new security offering isolates untrusted documents in a virtualized sandbox using a secured Hyper-V-enabled container. When a user encounters a malicious document, it is safely isolated within Application Guard. If a file is malicious, the PC is protected and the attacker can’t see any enterprise data.
Attacks that are contained by Application Guard helps improve Microsoft’s threat intelligence according to a Microsoft blog on the release. If malicious content is detected in a document opened in Application Guard, administrators can review the data in the Microsoft Defender for Endpoint.
However, users who encounter documents from untrusted sources that aren’t malicious can continue to work without worrying about a potential compromise. If a user is sure a file is safe, they can choose to remote protection rom that file.
According to the blog, Application Guard is made possible from the integration among Windows 10, Microsoft 365 apps, and Microsoft Defender for Endpoint.
Read Next: Microsoft, McAfee, Others Form Ransomware Task Force
The blog noted that Application Guard is different from Protected View – which allow users to see a file’s contents and enable editing – because it opens files in an isolated mode that allow users to perform limited editing or printing of untrusted documents while keeping the fire isolated from the rest of the device.
When office opens files in Application Guard, users can read, edit, print and save those files without having to re-open files outside the container
Application Guard can be configured for specific file types, including Outlook attachments, text-based files, database files, or “files originating from the internet or stored in potentially unsafe locations, such as the Temporary Internet folder on a device.”
When Application Guard is enabled, files that used to open in Protected View will now open in Application Guard, including files originating from the internet, files located in potentially unsafe locations like temporary internet files, or files blocked by File Block.
The feature works in conjunction with Microsoft Defender for Office 365, which scans files to detect if any malicious threat exists. If it does detect a threat, the file is kept in Application Guard.
Administrators will need to enable the feature and set the correct policy for users in their organization. For more details on how to enable it, visit the blog post.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply