Microsoft this week made the Windows Defender Application Guard extensions generally available, which now provides hardware-based isolation to all Chrome and Firefox users on Windows 10.
First introduced in 2017 and designed to isolate browser-based attacks, the container technology has been available only to Microsoft Edge until earlier this year, when Microsoft released the Windows Defender Application Guard extensions to Windows Insiders.
The extensions leverage a native application that handles the communication between the browser and the device’s Application Guard settings and were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge.
“When users navigate to a site, the extension checks the URL against a list of enterprise sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session,” Microsoft explains.
The isolated Microsoft Edge session allows the user to freely navigate to any site that the organization hasn’t defined as trusted, while resting assured that the system is not at risk. When the user attempts to navigate to an enterprise site while in an isolated Microsoft Edge session, they are taken back to the default browser.
To configure the Application Guard extension under managed mode, admins should ensure the devices meet the necessary requirements, then turn on Windows Defender Application Guard, define network isolation settings, install the companion application from the Microsoft Store and the browser extensions, and then restart the device.
Microsoft also says it is being transparent about the installation of Windows Defender Application Guard and its purpose, and that a Windows Defender Application Guard landing page will be displ ..