Microsoft is edging closer to general availability of its Application Guard security technology for Microsoft 365 apps, which gives IT admins and security staff a little more assurance that users opening risky attachments won’t cause a malware outbreak.
Application Guard offers additional protections for enterprises using Word, Excel, and PowerPoint for Microsoft 365 and Windows 10 Enterprise.
Microsoft argues that Application Guard for Office or Microsoft Defender Application Guard for Office “helps prevent untrusted files from accessing trusted resources, keeping your enterprise safe from new and emerging attacks”.
Microsoft released the private preview of Application Guard for Office in February, extending a feature that had until then only been available for the new Edge browser.
The feature allows users to open websites safely with the protection of hardware-level containerization. The feature isolates browser processes from the underling operation system and the device.
“To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization,” Microsoft said in a blogpost about the public preview.
“When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to reopen files outside the container.”
The feature will be off by default and it is only available to customers with Microsoft 365 E5 or Microsoft 365 E5 Security licenses.
PCs need to be on Windows 10 Enterprise edition, build version 2004, 20H1, 19041, and have the Office Beta Channel Build version 2008 16.0.13212 or later, according to Microsoft’s technical documents.
Microsoft Defender Advance Threat Protection (ATP) works with Application Guard for Office for monitoring and providing alerts about malware in the isolated environment.
Microsoft notes a few restrictions that the technology creates. For example, it prevents an untrusted document from accessing trusted resources. Admins may need to turn off the feature if a user wants to access files across boundaries. Also, macros and ActiveX controls are disabled in Application Guard for Office.