deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Updated for 5358858

Browse Source
This commit is contained in:
Ashok Lobo 2021-09-20 17:55:46 +05:30
parent 5f9f95715d
commit 54672073b3
4 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md
View File

@ -1,5 +1,5 @@
--- ---
title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows 10) title: Configure the Group Policy settings for Microsoft Defender Application Guard (Windows)
description: Learn about the available Group Policy settings for Microsoft Defender Application Guard. description: Learn about the available Group Policy settings for Microsoft Defender Application Guard.
ms.prod: m365-security ms.prod: m365-security
ms.mktglfcycl: manage ms.mktglfcycl: manage
@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium ms.localizationpriority: medium
author: denisebmsft author: denisebmsft
ms.author: deniseb ms.author: deniseb
ms.date: 09/16/2021 ms.date: 09/20/2021
ms.reviewer: ms.reviewer:
manager: dansimp manager: dansimp
ms.custom: asr ms.custom: asr

2
windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
View File

@ -1,5 +1,5 @@
--- ---
title: Enable hardware-based isolation for Microsoft Edge (Windows 10) title: Enable hardware-based isolation for Microsoft Edge (Windows)
description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise. description: Learn about the Microsoft Defender Application Guard modes (Standalone or Enterprise-managed), and how to install Application Guard in your enterprise.
ms.prod: m365-security ms.prod: m365-security
ms.mktglfcycl: manage ms.mktglfcycl: manage

3
windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md
View File

@ -24,7 +24,7 @@ ms.technology: mde
[Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). [Microsoft Defender Application Guard Extension](https://www.microsoft.com/security/blog/2019/05/23/new-browser-extensions-for-integrating-microsofts-hardware-based-isolation/) is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/).
[Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers. [Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10 and Windows 11, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers.
> [!TIP] > [!TIP]
> Application Guard, by default, offers [native support](/deployedge/microsoft-edge-security-windows-defender-application-guard) to both Microsoft Edge and Internet Explorer. These browsers do not need the extension described here for Application Guard to protect them. > Application Guard, by default, offers [native support](/deployedge/microsoft-edge-security-windows-defender-application-guard) to both Microsoft Edge and Internet Explorer. These browsers do not need the extension described here for Application Guard to protect them.
@ -38,6 +38,7 @@ Microsoft Defender Application Guard Extension works with the following editions
- Windows 10 Professional - Windows 10 Professional
- Windows 10 Enterprise - Windows 10 Enterprise
- Windows 10 Education - Windows 10 Education
- Windows 11
Application Guard itself is required for the extension to work. It has its own set of [requirements](reqs-md-app-guard.md). Check the Application Guard [installation guide](install-md-app-guard.md) for further steps, if you don't have it installed already. Application Guard itself is required for the extension to work. It has its own set of [requirements](reqs-md-app-guard.md). Check the Application Guard [installation guide](install-md-app-guard.md) for further steps, if you don't have it installed already.

11
windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md
View File

@ -1,5 +1,5 @@
--- ---
title: Testing scenarios with Microsoft Defender Application Guard (Windows 10) title: Testing scenarios with Microsoft Defender Application Guard (Windows 10 or Windows 11)
description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode. description: Suggested testing scenarios for Microsoft Defender Application Guard, showing how it works in both Standalone and Enterprise-managed mode.
ms.prod: m365-security ms.prod: m365-security
ms.mktglfcycl: manage ms.mktglfcycl: manage
@ -51,7 +51,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
### Install, set up, and turn on Application Guard ### Install, set up, and turn on Application Guard
Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings. Before you can use Application Guard in managed mode, you must install Windows 10 Enterprise edition, version 1709, and Windows 11 which includes the functionality. Then, you must use Group Policy to set up the required settings.
1. [Install Application Guard](./install-md-app-guard.md#install-application-guard). 1. [Install Application Guard](./install-md-app-guard.md#install-application-guard).
@ -112,6 +112,7 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1709 or higher - Windows 10 Enterprise edition, version 1709 or higher
- Windows 10 Professional edition, version 1803 - Windows 10 Professional edition, version 1803
- Windows 11
#### Copy and paste options #### Copy and paste options
@ -170,7 +171,7 @@ You have the option to change each of these settings to work with your enterpris
The previously added site should still appear in your **Favorites** list. The previously added site should still appear in your **Favorites** list.
> [!NOTE] > [!NOTE]
> If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10. > If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10 and Windows 11.
> >
> If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data. > If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
> <!--- Inline HTML is used on the next several lines so that the ordinal numbers will be rendered correctly; Markdown would otherwise try to render them as letters (a, b, c...) because they would be treated as a nested list ---> > <!--- Inline HTML is used on the next several lines so that the ordinal numbers will be rendered correctly; Markdown would otherwise try to render them as letters (a, b, c...) because they would be treated as a nested list --->
@ -180,6 +181,7 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1803 - Windows 10 Enterprise edition, version 1803
- Windows 10 Professional edition, version 1803 - Windows 10 Professional edition, version 1803
- Windows 11
#### Download options #### Download options
@ -211,12 +213,13 @@ You have the option to change each of these settings to work with your enterpris
- Windows 10 Enterprise edition, version 1809 - Windows 10 Enterprise edition, version 1809
- Windows 10 Professional edition, version 1809 - Windows 10 Professional edition, version 1809
- Windows 11
#### File trust options #### File trust options
1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow users to trust files that open in Microsoft Defender Application Guard** setting. 1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow users to trust files that open in Microsoft Defender Application Guard** setting.
2. Click **Enabled**, set **Options** to 2, and click **OK**. 2. Click **Enabled**, set **Options** to **2**, and click **OK**.
![Group Policy editor File trust options.](images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png) ![Group Policy editor File trust options.](images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png)