From c353652b97e343590665d0af65b811437858d39e Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 15 Nov 2022 19:53:26 +0530 Subject: [PATCH 1/5] Update install-md-app-guard.md Made changes to the navigation in the steps to install by using Intune fixes #https://github.com/MicrosoftDocs/windows-itpro-docs/issues/10770 --- .../install-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index b4fb01a3c6..ea6fccbf62 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -100,7 +100,7 @@ Application Guard functionality is turned off by default. However, you can quick 1. In the **Platform** list, select **Windows 10 and later**. - 1. In the **Profile** list, select **Endpoint protection**. + 1. In the **Profile** Type, Choose **Templates** and select **Endpoint protection** . 1. Choose **Create**. From 13fdf16793f4547c1b74e968631d54f5b8ee952d Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Wed, 16 Nov 2022 10:13:49 +0530 Subject: [PATCH 2/5] Update windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../install-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index ea6fccbf62..0eb70f9270 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -100,7 +100,7 @@ Application Guard functionality is turned off by default. However, you can quick 1. In the **Platform** list, select **Windows 10 and later**. - 1. In the **Profile** Type, Choose **Templates** and select **Endpoint protection** . + 1. In the **Profile** type, choose **Templates** and select **Endpoint protection**. 1. Choose **Create**. From 059c0d6e2c46512dd49e7973297c5db8515f8f3c Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Nov 2022 12:47:40 -0800 Subject: [PATCH 3/5] Update install-md-app-guard.md --- .../install-md-app-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index 0eb70f9270..dba507f3c0 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft ms.author: vinpa -ms.date: 09/09/2021 +ms.date: 11/30/2022 ms.reviewer: manager: aaroncz ms.custom: asr From d23d717dcbfc8d789a8d20451afed341b2155046 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 30 Nov 2022 12:50:46 -0800 Subject: [PATCH 4/5] Update install-md-app-guard.md --- .../install-md-app-guard.md | 39 ++++++++++--------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index dba507f3c0..97f4e14332 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -27,10 +27,12 @@ ms.collection: ## Review system requirements See [System requirements for Microsoft Defender Application Guard](./reqs-md-app-guard.md) to review the hardware and software installation requirements for Microsoft Defender Application Guard. ->[!NOTE] ->Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. + +> [!NOTE] +> Microsoft Defender Application Guard is not supported on VMs and VDI environment. For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. ## Prepare for Microsoft Defender Application Guard + Before you can install and use Microsoft Defender Application Guard, you must determine which way you intend to use it in your enterprise. You can use Application Guard in either **Standalone** or **Enterprise-managed** mode. ### Standalone mode @@ -51,6 +53,7 @@ Applies to: You and your security department can define your corporate boundaries by explicitly adding trusted domains and by customizing the Application Guard experience to meet and enforce your needs on employee devices. Enterprise-managed mode also automatically redirects any browser requests to add non-enterprise domain(s) in the container. The following diagram shows the flow between the host PC and the isolated container. + ![Flowchart for movement between Microsoft Edge and Application Guard.](images/application-guard-container-v-host.png) ## Install Application Guard @@ -59,22 +62,22 @@ Application Guard functionality is turned off by default. However, you can quick ### To install by using the Control Panel -1. Open the **Control Panel**, click **Programs,** and then click **Turn Windows features on or off**. +1. Open the **Control Panel**, click **Programs,** and then select **Turn Windows features on or off**. ![Windows Features, turning on Microsoft Defender Application Guard.](images/turn-windows-features-on-off.png) -2. Select the check box next to **Microsoft Defender Application Guard** and then click **OK**. +2. Select the check box next to **Microsoft Defender Application Guard** and then select **OK**. Application Guard and its underlying dependencies are all installed. ### To install by using PowerShell ->[!NOTE] ->Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only. +> [!NOTE] +> Ensure your devices have met all system requirements prior to this step. PowerShell will install the feature without checking system requirements. If your devices don't meet the system requirements, Application Guard may not work. This step is recommended for enterprise managed scenarios only. -1. Click the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**. +1. Select the **Search** or **Cortana** icon in the Windows 10 or Windows 11 taskbar and type **PowerShell**. -2. Right-click **Windows PowerShell**, and then click **Run as administrator**. +2. Right-click **Windows PowerShell**, and then select **Run as administrator**. Windows PowerShell opens with administrator credentials. @@ -94,17 +97,15 @@ Application Guard functionality is turned off by default. However, you can quick :::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune."::: -1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). - -1. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following:
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following:
1. In the **Platform** list, select **Windows 10 and later**. - 1. In the **Profile** type, choose **Templates** and select **Endpoint protection**. + 2. In the **Profile** type, choose **Templates** and select **Endpoint protection**. - 1. Choose **Create**. + 3. Choose **Create**. -1. Specify the following settings for the profile: +2. Specify the following settings for the profile: - **Name** and **Description** @@ -114,16 +115,16 @@ Application Guard functionality is turned off by default. However, you can quick - Choose your preferences for **Clipboard behavior**, **External content**, and the remaining settings. -1. Choose **OK**, and then choose **OK** again. +3. Choose **OK**, and then choose **OK** again. -1. Review your settings, and then choose **Create**. +4. Review your settings, and then choose **Create**. -1. Choose **Assignments**, and then do the following: +5. Choose **Assignments**, and then do the following: 1. On the **Include** tab, in the **Assign to** list, choose an option. - 1. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab. + 2. If you have any devices or users you want to exclude from this endpoint protection profile, specify those on the **Exclude** tab. - 1. Click **Save**. + 3. Select **Save**. After the profile is created, any devices to which the policy should apply will have Microsoft Defender Application Guard enabled. Users might have to restart their devices in order for protection to be in place. From 71496988589b2ed0952461098b405db0ae8d381b Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Tue, 3 Jan 2023 12:16:07 -0500 Subject: [PATCH 5/5] Update install-md-app-guard.md --- .../microsoft-defender-application-guard/install-md-app-guard.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md index 97f4e14332..57977dcbe6 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md @@ -15,6 +15,7 @@ ms.custom: asr ms.technology: itpro-security ms.collection: - highpri +ms.topic: how-to --- # Prepare to install Microsoft Defender Application Guard