When browsing internet, getting a malware downloaded on your system could be easy if you aren’t aware of which sites you are visiting, what files you are downloading, ultimately compromising your files and data. While we do have software based solutions which most of the time take care of these, Microsoft is taking it to the next level, specially for Enterprise.
Windows Defender Application Guard is a virtualization-based security technology which isolates the browser and employee activity using a hardware-based container to prevent malicious code from impacting the device and moving across the enterprise network. Once the user exits the sessions, everything is erased. Now imagine if a malware was downloaded during the session, it is removed as well. It is a part of Windows 10 Security Stack, and will work with Edge browser for now.
This is different from the software based containers which is still open to malware, vulnerability, and zero day attacks. Once the administrator enables this and configure a trusted network site list policy and distribute the group policy to any devices it wishes to protect with Application Guard. If anybody still manages to get malware, it is erased with the session. Check out the video below:
https://www.youtube.com/watch?v=McP8ZGAInwI
Using this Windows 10 becomes the first operating system to bring hardware-based protection along with the browser. This feature will be rolled out for the Windows Insiders in coming months, and roll out more broadly next year.
IMO, this stack once opened for all browsers, should help developers to use the hardware based stack for enabling safe browsing on Windows 10. It is critical for business, and even consumers. The later part doesn’t seem to be an option but I don’t see why this feature cannot get to general consumer as well.
What do you think about this feature? Let us know in comments.