diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md index 9ca68f3126..02aea574e1 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-browser-extension.md @@ -1,6 +1,6 @@ --- title: Microsoft Defender Application Guard Extension -description: Learn about the Microsoft Defender Application Guard browser extension for Chrome, and how you can manage it for yourself and your users. +description: Learn about the Microsoft Defender Application Guard browser extension , which extends Application Guard's protection to third-party web browsers. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library @@ -20,33 +20,26 @@ ms.custom: asr - Windows 10 -Microsoft Defender Application Guard Extension is a web browser extension that protects your device from advanced attacks, by redirecting untrusted websites to an isolated version of the [Microsoft Edge](https://www.microsoft.com/edge) browser. If an untrusted website turns out to be malicious, it remains within Application Guard's secure container, keeping your device protected. +Microsoft Defender Application Guard Extension is a web browser add-on available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). + +[Microsoft Defender Application Guard](md-app-guard-overview.md) provides Hyper-V isolation on Windows 10, to protect users from potentially harmful content on the web. The extension helps Application Guard protect users running other web browsers. + +> [!TIP] +> Application Guard, by default, offers [native support](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard) to both Microsoft Edge and Internet Explorer. These browsers do not need the extension described here for Application Guard to protect them. + +Microsoft Defender Application Guard Extension defends devices in your organization from advanced attacks, by redirecting untrusted websites to an isolated version of [Microsoft Edge](https://www.microsoft.com/edge). If an untrusted website turns out to be malicious, it remains within Application Guard's secure container, keeping the device protected. ## Prerequisites -Application Guard (the feature, not the browser extension) must be installed and enabled — either locally, in Standalone mode, or as part of an enterprise environment, in Enterprise-managed mode. Application Guard itself has its own set of [requirements](reqs-md-app-guard.md). - -> [!TIP] -> Application Guard offers [native support](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard) to Microsoft Edge and Internet Explorer, so the extension and companion app are not necessary for users running those browsers. - -The Microsoft Defender Application Guard Extension works with the following editions of Windows 10, version 1803 or later: +Microsoft Defender Application Guard Extension works with the following editions of Windows 10, version 1803 or later: - Windows 10 Professional - Windows 10 Enterprise - Windows 10 Education -The Microsoft Defender Application Guard Extension is available for [Chrome](https://chrome.google.com/webstore/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj/) and [Firefox](https://addons.mozilla.org/en-US/firefox/addon/application-guard-extension/). It can be deployed across the enterprise by an administrator, or downloaded and installed manually by a user on their own device. +Application Guard itself must be installed and enabled. It has its own set of [requirements](reqs-md-app-guard.md). -The extension also requires that the [Application Guard companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) be installed locally. The app enables Application Guard to work with web browsers other than Microsoft Edge. - -## Known issues - -Issue | Mitigation | Notes --|-|- -Extensions cannot automatically turn on for private browsing or "Incognito" mode | Disable Incognito via policy, by setting **IncognitoModeAvailablity** to **1** | Chrome and Firefox extensions are turned off by default when running those browsers in Incognito mode. -Extensions can be turned off | Use ExtensionSettings policy by setting **Installation_mode** to **force_installed**. | -Chrome does not offer url to extensions on cold start | Don’t let users disable background process via policy, by setting **backgroundModeEnabled** to **1**. | The cold start issue is caused by a user abruptly exiting Chrome, via the tray icon or task manager, then re-starting the browser. -If the user's network roams or the network isolation policy changes, an untrusted page may load | N/A | Although Application Guard will attempt to redirect the untrusted page and invalidate the cache, under certain circumstances, this issue leaves browsers open to drive-by attacks. +The extension also requires the [Application Guard companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab). This companion app enables Application Guard to work with web browsers other than Microsoft Edge or Internet Explorer. ## Troubleshooting guide @@ -54,15 +47,15 @@ If the user's network roams or the network isolation policy changes, an untruste Error message | Cause | Actions -|-|- -Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | • Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot
• If the companion app is already installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -ExceptionThrown | An unexpected exception was thrown. | • File a bug
• Retry the operation -Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | • Restart the browser
• Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running. | • Make sure the companion app is installed
• If the companion app is installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | • File a bug
• Retry the operation -Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running.| • Make sure the companion app is installed.
• If the companion app is installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -Protocol out of sync | The extension and native app cannot communicate with each other. This is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -Security patch level does not match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox) -Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | • File a bug
• Check if Edge is working
• Retry the operation +Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | • Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot
• If the companion app is already installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser +ExceptionThrown | An unexpected exception was thrown. | • [File a bug](feedback-hub:?contextid=713)
• Retry the operation +Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | • Restart the browser
• Check for updates in both the Microsoft store and the respective web store for the affected browser +Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running. | • Make sure the companion app is installed
• If the companion app is installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser +Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | • [File a bug](feedback-hub:?contextid=713)
• Retry the operation +Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running.| • Make sure the companion app is installed.
• If the companion app is installed, reboot and see if that resolves the error
• If you still see the error after rebooting, uninstall and re-install the companion app
• Check for updates in both the Microsoft store and the respective web store for the affected browser +Protocol out of sync | The extension and native app cannot communicate with each other. This is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store and the respective web store for the affected browser +Security patch level does not match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store and the respective web store for the affected browser +Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | • [File a bug](feedback-hub:?contextid=713)
• Check if Edge is working
• Retry the operation ## Related articles diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md index 9e5e334ce1..7a3ff735c4 100644 --- a/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md +++ b/windows/security/threat-protection/microsoft-defender-application-guard/test-scenarios-md-app-guard.md @@ -247,7 +247,7 @@ You have the option to change each of these settings to work with your enterpris 3. Log out and back on to your device, opening Microsoft Edge in Application Guard again. -## Application Guard Extension for Chrome and Firefox +## Application Guard Extension for third-party web browsers The [Application Guard Extension](md-app-guard-browser-extension.md) available for Chrome and Firefox allows Application Guard to protect users even when they are running a web browser other than Microsoft Edge or Internet Explorer. @@ -255,8 +255,8 @@ Once a user has the extension and its companion app installed on their enterpris 1. Open either Firefox or Chrome — whichever browser you have the extension installed on. 1. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded. - ![The evaluation text displayed while the page is being loaded](images/app-guard-chrome-extension-evaluation-page.png) + ![The evaluation page displayed while the page is being loaded, explaining that the user must wait](images/app-guard-chrome-extension-evaluation-page.png) 1. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge. - ![A non-enterprise website being redirected to an Application Guard container](images/app-guard-chrome-extension-launchIng-edge.png) + ![A non-enterprise website being redirected to an Application Guard container -- the text displayed explains that the page is being opened in Application Guard for Microsoft Edge](images/app-guard-chrome-extension-launchIng-edge.png) 1. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window** ![The "New Application Guard Window" option is highlighted in red]()