Microsoft Defender Application Guard protects your networks and data from malicious applications running in your web browser, but you must install and activate it first.
In a previous article, we noted that many of the security features listed as absolute requirements for a successful Windows 11 installation are already available as options in Windows 10, you just have to turn them on manually. If you are wondering if your current Windows 10 PC will run Windows 11, activating these security protocols will give you the answers you seek.
Activation for TPM 2.0 and HVCI were explained before, but now we will look at the activation procedures for Microsoft Defender Application Guard in Windows 10. MDAG uses virtualization-based technology to help safeguard your systems from malicious and criminal websites that you visit with your enabled web browsers like Edge, Chrome and Firefox.
SEE: Checklist: Securing Windows 10 systems (TechRepublic Premium)
How to activate Microsoft Defender Application Guard
Microsoft Defender Application Guard works by creating an isolated memory instance of your browser. These Hyper-V containers prevent malicious scripts or other malware attacks from reaching the inner workings of your Windows 10 operating system protecting your networks and your data. MDAG also works with applications like Word and Excel running as part of a Microsoft 365 productivity environment.
Unfortunately, for Windows 10 Home users, MDAG is included with Windows 10 Professional, Enterprise and Educational versions by default. MDAG is part of Windows Features for those versions, so we will have to call up the Control Panel.
The easiest way to get to the screen we need is to type “windows features” into the search box on your Windows 10 desktop. Be sure to select the Turn Windows Features On or Off item from the search results. You should see a dialog window that looks like Figure A.
Scroll down the list of features until you see Microsoft Defender Application Guard. Place a check in the checkbox for that item and click the OK button. The MDAG application will install and then ask you to reboot to activate.
Now that MDAG is installed and activated, it is time to check its settings. Click or tap the Start Menu button and select Settings (gear icon). On the Settings page, select Update & Security and then select the Windows Security item from the left-hand navigation bar, as shown in Figure B.
From the right windowpane, click the App & Browser Control item to reveal the screen shown in Figure C.
As you can see under Isolated Browsing, MDAG is running and working with Edge to protect you from malware.
The security settings under MDAG are stricter than many of us are used to, so you may find yourself wanting to make some tweaks. Click the Change Application Guard settings link on this page to see a list of security features that you may want to turn on or off depending on your activity. As you can see in Figure D, by default these potential security vulnerabilities are off.
The settings on this page are self-explanatory. If you need to print from a website or want to allow access to your camera and microphone, you will have to come to this page and flip the appropriate switches to the “on” position. Doing so will increase the potential security risks, so approach these decisions with caution.