Microsoft Defender Application Guard protects your networks and data from malicious apps running in your web browser, but you need to install and activate it first.
In a previous article, we noted that many of the security features listed as absolute requirements for a successful Windows 11 installation are already available as options in Windows 10, you just need to enable them manually. If you’re wondering if your current Windows 10 PC will run Windows 11, enabling these security protocols will give you the answers you’re looking for.
Activation for TPM 2.0 and HVCI has already been explained, but now we will look at the activation procedures for Microsoft Defender Application Guard in Windows 10. MDAG uses virtualization-based technology to protect your systems from malicious websites and criminals you visit with your web browsers like Edge, Chrome and Firefox.
SEE: Checklist: Securing Windows 10 Systems (TechRepublic Premium)
How to activate Microsoft Defender Application Guard
Microsoft Defender Application Guard works by creating an isolated memory instance of your browser. These Hyper-V containers prevent malicious scripts or other malware attacks from reaching the inner workings of your Windows 10 operating system protecting your networks and data. MDAG also works with applications such as Word and Excel running as part of a Microsoft 365 productivity environment.
Unfortunately, for Windows 10 Home users, MDAG is included by default with Windows 10 Pro, Enterprise, and Education versions. MDAG is part of the Windows functionality for these versions, so we will have to call the Control Panel.
The easiest way to get to the screen we need is to type “Windows features” into the search box on your Windows 10 desktop. Make sure you select the Turn Windows features on or off item in the Search results. You should see a dialog window that looks like Figure A.
Scroll down the list of features until you see Microsoft Defender Application Guard. Check the box for that item and click the OK button. The MDAG app will install and then ask you to restart to activate it.
Now that MDAG is installed and activated, it’s time to check its settings. Click or tap the Start menu button and select Settings (gear icon). On the Settings page, select Update & Security, and then select the Windows Security item in the left navigation bar, as shown in Number B.
In the right pane, click the Application and Browser Control item to display the screen displayed in Figure C.
As you can see under Isolated Browsing, MDAG runs and works with Edge to protect you from malware.
The security settings under MDAG are more stringent than what many of us are used to, so you may want to make some adjustments. Click the Change Application Guard Settings link on this page to view a list of security features that you can enable or disable based on your activity. As you can see in Number D, by default, these potential security vulnerabilities are disabled.
The settings on this page are self-explanatory. If you need to print from a website or want to allow access to your camera and microphone, you will need to go to this page and toggle the appropriate switches to the “on” position. This will increase potential security risks, so approach these decisions with caution.