Windows Defender Application Guard is designed for Windows 10 and Microsoft Edge to isolate enterprise-defined untrusted sites to help you protect your system from malicious attacks. Using this hardware isolation approach, you can destroy the loophole that attackers use.
Where security is key concern, you should enable the Windows Defender Application Guard on your Windows 10 system and safely browse the internet using Microsoft Edge browser.
When the Windows Defender Application Guard is enabled, if you browse the internet using the Microsoft Edge browser and you reach to an untrusted site, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container makes sure that, if you reach to an untrusted site and that site is malicious, the host system stays protected due to the hardware isolation. This protects your system from the attackers as they can't reach to your data due to this isolation.
Which devices can be configured to use Application Guard?
You can protect all your Windows 10 devices by turning ON the Windows Defender Application Guard. Be it your personal or enterprise grade desktops, laptops or a mobile device having Microsoft Edge as your internet browser. For an optimal performance, Microsoft recommends 64-bit system with a minimum 4 cores logical processor, 8 GB RAM and at least 5 GB hard drive free space on your desktop or laptop to enable Application Guard.
If you are using any VM or VDI environment, the Windows Defender Application Guard is not supported in those virtual systems.
How to install Windows Defender Application Guard?
Windows Defender Application Guard feature doesn't come installed by default. If you are using Windows 10 Professional or Windows 10 Enterprise Edition, you can manually install this optional component from the Windows 10 Option Feature settings page.
Open your Windows Security application and navigate to the App and browser control page as shown in the below screenshot. From the right-side panel, click on the link that says Install Windows Defender Application Guard. This will open the Windows optional features page. Scroll down to find the Windows Defender Application Guard feature and install it as directed.
![Here's how to install the Windows Defender Application Guard on Windows 10]( "Here's how to install the Windows Defender Application Guard on Windows 10")
How to configure Windows Defender Application Guard?
Once you install the Windows Defender Application Guard from the Windows 10 optional features page, you can configure it to open the Microsoft Edge to open the internet sites in an isolated environment. To do this, open your Windows Security application and navigate to the App and browser control page again. Now click on the Change Application Guard settings link as shown in the below screenshot:
![Here's how to configure the Windows Defender Application Guard on Windows 10]( "Here's how to configure the Windows Defender Application Guard on Windows 10")
By default, the Application Guard for Microsoft Edge browser stays activated. Thus, limits few browser functionalities due to this isolation. This includes the features like data saving, copy-paste feature, file printing from Microsoft Edge, access to camera and microphone etc. turned OFF by default. This settings page allows you to bring back those features to your Microsoft Edge browser, making it vulnerable to the attackers.
![Windows Defender Application Guard settings page to configure the feature]( "Windows Defender Application Guard settings page to configure the feature")
