Menu
Microsoft puts Application Guard for Office into public preview

Microsoft puts Application Guard for Office into public preview

Defensive technology walls off untrusted Office documents to prevent attack code carried by malicious files from reaching the operating system or its apps

Credit: Dreamstime

Microsoft has launched a public preview of 'Microsoft Defender Application Guard for Office', a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can't reach the operating system or its applications.

Earlier this week, a senior cyber security engineer from Microsoft explained how Application Guard for Office worked and more importantly, walked customers through its operations – something that existing documentation omitted when the public preview was launched late last month.

"Microsoft Office will open files from potentially unsafe locations in  Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualisation," John Barbare wrote in a post to a Microsoft blog. "When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container.

"Application Guard has some history. The feature debuted in 2018 and was originally designed for Edge, Microsoft's Windows 10 browser. We're talking about the original Edge here, the one using Microsoft's own technologies, including the EdgeHTML rendering engine.

Application Guard creates a disposable instance of both Windows and Edge – very condensed versions of the OS and the browser – in a virtualised environment using Windows' baked-in HyperVisor technology. Every opening between the pseudo machine, the virtual machine, and the real deal is bricked up, barring almost all interaction between the web session and the physical device.

Users can then browse in a more secure environment because it prevents malware from reaching the real operating system and real applications on the real device (as opposed to the virtual instance). When the user is finished, the virtualised Windows+Edge is discarded. Think of it as a very brutal quarantine that erases the patient if he or she gets sick.

Works with Word, Excel and PowerPoint

Application Guard for Office works in much the same way, but rather than protect Edge, it isolates certain files opened in Word, Excel or PowerPoint.

Documents obtained from the general Internet – intranet domains or domains that have not been marked as trusted – files from potentially unsafe areas and attachments received via Outlook are opened in a virtualised environment, or sandbox, where malicious code can't wreak havoc.

For the public preview, customers must be running Windows 10 Enterprise 2004 or later, the Office Beta Channel build 2008 16.0.13212 or later, this update, and a licence for Microsoft 365 E5 (the most comprehensive, most expensive edition) or Microsoft 365 E5 Mobility + Security.

Unlike the much older Protected View, another Office defensive feature, which opens potentially dangerous documents as read-only, files opened in Application Guard can be manipulated. They can be printed, edited and saved. When saved, however, they remain in the isolation container and when reopened later, again are quarantined in that sandbox.

Word, Excel or PowerPoint indicate that the current document has been opened within Application Guard with several visual signals, including a pop-up notice in the app's ribbon and a differently-marked icon in the Windows taskbar.

If the user decides to definitely trust the document – which may be the weak link in Application Guard's protections – he or she can move it out of quarantine and deposit it in in a local or network folder. Confirmations are required here, though, so at least the user is prompted to reconsider before pulling the trust trigger.

IT administrators can control much of this, and more, through Application Guard's configuration settings, which range from copy-paste (allow/not allow) and printing (limit to, say, print-as-PDF only) to making it even more difficult for employees to open a file outside of Application Guard.

Step-by-Step

Barbare's blog post should be valuable to both users and IT admins.

Technically-savvy workers could be pointed to the post for both the background of Application Guard and the workings of the Office-specific edition now available as public preview. This assumes that IT switches on Application Guard via group policy or a PowerShell command.

IT administrators preparing their charges for the roll-out of Application Guard could use Barbare's post to construct help desk documents and how-tos to distribute to those who will use the feature, repurposing his screenshots, for instance, or using them as a guide to craft company-specific step-by-step instructions.

There are several bits of Application Guard documentation on Microsoft's site, but the best is this "Application Guard for Office (public preview) for admins," which was also posted Monday.

Barbare did not say when Application Guard for Office will wrap up the public preview and shift to general availability for Windows 10 Enterprise and Microsoft 365 E5 users. Or perhaps others as well; Microsoft began Application Guard as a Windows 10 Enterprise-only feature, but later expanded it to include Windows 10 Pro.

Microsoft's roadmap, however, currently lists a December 2020 release.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftoffice

Events

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments