

Specifies the prerequisites necessary to install and use Application Guard.

System requirements for Microsoft Defender Application Guard The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside. These personally owned desktops or mobile laptops aren't domain-joined or managed by an organization. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home. These personally owned laptops aren't domain-joined, but are managed by your organization through tools, such as Microsoft Intune.

Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.īring your own device (BYOD) mobile laptops. Configuration management is primarily done through Microsoft Configuration Manager or Microsoft Intune. These laptops are domain-joined and managed by your organization. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.Įnterprise mobile laptops. These desktops are domain-joined and managed by your organization. What types of devices should use Application Guard?Īpplication Guard has been created to target several types of devices:Įnterprise desktops. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials. This container isolation means that if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can't get to your enterprise data. The isolated Hyper-V container is separate from the host operating system. Application Guard opens untrusted files in an isolated Hyper-V-enabled container. If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container.įor Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoint and Excel files from accessing trusted resources. Everything not on your list is considered untrusted. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. What is Application Guard and how does it work?įor Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. Using our unique hardware isolation approach, our goal is to destroy the playbook that attackers use by making current attack methods obsolete.
Microsoft Defender Application Guard (Application Guard) is designed to help prevent old and newly emerging attacks to help keep employees productive.
