Microsoft Defender Application Guard Standalone Mode

If a user wants to use Standalone mode on Windows client or Windows Server, they need to be using either Windows 10 Enterprise edition (version 1709 or higher) or Windows 10 Pro edition (version 1803 or higher). The user must install Application Guard manually on their Windows device and then they need to manually start Microsoft Edge in Application Guard while they are browsing untrusted sites.

Exercise 15.3 will show you how to install Microsoft Defender Application Guard using the Windows Control Panel.

EXERCISE 15.3

Installing Microsoft Defender Application Guard

  1. Right- click Start and choose Windows System Control Panel Large Icon View   Programs And Features.
  2. Click the link Turn Windows Features On Or Off.
  3. Scroll down and check the box for Microsoft Defender Application Guard (shown in Figure 15.28), and then click OK.

FIGURE 15.28 Installing Microsoft Defender Application Guard

4. After Microsoft Defender Application Guard installs, close Control Panel.

You can also install Microsoft Defender Application Guard by using PowerShell. To do this, you need to right- click on PowerShell and choose the top option, Run As Administrator (see Figure 15.29).

FIGURE 15.29 Opening PowerShell as an administrator

Once you are in the PowerShell window, run the following PowerShell command and then restart the Windows client device:

Enable- WindowsOptionalFeature – online – FeatureName

Windows- Defender- ApplicationGuard

You can also install Microsoft Defender Application Guard using Intune. To do so, perform the following steps:

  1. Go to the Microsoft Endpoint admin center at https://endpoint.microsoft.com and sign in.
  2. Choose Devices ➢ Configuration Profiles ➢ + Create Profile, and do the following:
    a. In the Platform list, select Windows 10 and later.
    b. In the Profile list, select Endpoint Protection.
    c. Click Create.
  3. Specify the following settings for the profile:
    ■ Name and description
    ■ In the Select A Category To Configure Settings section, choose Microsoft Defender Application Guard.
    ■ In the Application Guard list, click Enabled for Edge.
    ■ Choose your preferences for Clipboard Behavior, External Content, and the remaining settings.
  4. Click OK, and then click OK again.
  5. Review your settings, and then click Create.
  6. Click Assignments, and then do the following:
    a. On the Include tab, from the Assign To list, choose an option.
    b. If you have any devices or users you want to exclude from this endpoint protection profile, specify them on the Exclude tab.
    c. Click Save.

After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. However, your users may have to restart their devices in order for protection to begin.

In Exercise 15.4, I will show you how to use Windows Defender Application Guard in Standalone mode. I will be using Windows and Microsoft Edge for this exercise. To complete this exercise, you must complete Exercise 15.3 and install Microsoft Defender Application Guard on your Windows device.

EXERCISE 15.4

Using Microsoft Defender Application Guard

  1. Open Microsoft Edge.
  2. From the options menu, choose New Application Guard Window (see Figure 15.30).

FIGURE 15.30 New Application Guard Window option

3. You will need to wait for Application Guard to set up the isolated environment (see Figure 15.31). This may take a few moments.

FIGURE 15.31 Application Guard starting screen

4. As you can see in Figure 15.32, we opened Microsoft’s website in Application Guard mode, and you can see that in the upper- left corner of the window. Close Edge.

FIGURE 15.32 Microsoft’s website in Application Guard mode

Leave a Reply

Your email address will not be published. Required fields are marked *