diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png new file mode 100644 index 0000000000..3c1b046b93 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-camera-and-mic.png differ diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png new file mode 100644 index 0000000000..78552bf6db Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-root-certificates.png differ diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png new file mode 100644 index 0000000000..08cb4d5676 Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png differ diff --git a/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png new file mode 100644 index 0000000000..9e58d99ead Binary files /dev/null and b/windows/security/threat-protection/windows-defender-application-guard/images/appguard-security-center-settings.png differ diff --git a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md index 56de78b9a3..e7f9fe2f97 100644 --- a/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md +++ b/windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md @@ -8,7 +8,7 @@ ms.pagetype: security ms.localizationpriority: medium author: justinha ms.author: justinha -ms.date: 10/19/2017 +ms.date: 10/16/2018 --- # Application Guard testing scenarios @@ -66,9 +66,9 @@ Before you can use Application Guard in enterprise mode, you must install Window ![Group Policy editor with Neutral resources setting](images/appguard-gp-network-isolation-neutral.png) -4. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting. +4. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Turn on Windows Defender Application Guard in Enterprise Mode** setting. -5. Click **Enabled**. +5. Click **Enabled** and click **OK**. ![Group Policy editor with Turn On/Off setting](images/appguard-gp-turn-on.png) @@ -104,10 +104,11 @@ You have the option to change each of these settings to work with your enterpris - Windows 10 Enterpise edition, version 1709 or higher - Windows 10 Professional edition, version 1803 -**To change the copy and paste options** -1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings**. +#### Copy and paste options -2. Click **Enabled**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard clipboard settings**. + +2. Click **Enabled** and click **OK**. ![Group Policy editor clipboard options](images/appguard-gp-clipboard.png) @@ -129,10 +130,11 @@ You have the option to change each of these settings to work with your enterpris 5. Click **OK**. -**To change the print options** -1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print** settings. +#### Print options -2. Click **Enabled**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Configure Windows Defender Application Guard print** settings. + +2. Click **Enabled** and click **OK**. ![Group Policy editor Print options](images/appguard-gp-print.png) @@ -140,10 +142,11 @@ You have the option to change each of these settings to work with your enterpris 4. Click **OK**. -**To change the data persistence options** -1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard** setting. +#### Data persistence options -2. Click **Enabled**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow data persistence for Windows Defender Application Guard** setting. + +2. Click **Enabled** and click **OK**. ![Group Policy editor Data Persistence options](images/appguard-gp-persistence.png) @@ -164,10 +167,11 @@ You have the option to change each of these settings to work with your enterpris - Windows 10 Enterpise edition, version 1803 - Windows 10 Professional edition, version 1803 -**To change the download options** -1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow files to download and save to the host operating system from Windows Defender Application Guard** setting. +#### Download options -2. Click **Enabled**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow files to download and save to the host operating system from Windows Defender Application Guard** setting. + +2. Click **Enabled** and click **OK**. ![Group Policy editor Download options](images/appguard-gp-download.png) @@ -177,10 +181,11 @@ You have the option to change each of these settings to work with your enterpris 5. Check to see the file has been downloaded into This PC > Downloads > Untrusted files. -**To change hardware acceleration options** -1. Go to the **Administrative Templates\System\Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard** setting. +#### Hardware acceleration options -2. Click **Enabled**. +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard** setting. + +2. Click **Enabled** and click **OK**. ![Group Policy editor hardware acceleration options](images/appguard-gp-vgpu.png) @@ -188,3 +193,45 @@ You have the option to change each of these settings to work with your enterpris 4. Assess the visual experience and battery performance. +**Applies to:** +- Windows 10 Enterpise edition, version 1809 +- Windows 10 Professional edition, version 1809 + +#### File trust options + +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard** setting. + +2. Click **Enabled**, set **Options** to 2, and click **OK**. + + ![Group Policy editor Download options](images/appguard-gp-allow-users-to-trust-files-that-open-in-appguard.png) + +3. Log out and back on to your device, opening Microsoft Edge in Application Guard again. + +4. Open a file in Edge, such an Office 365 file. + +5. Check to see that an antivirus scan completed before the file was opened. + +#### Camera and microphone options + +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard** setting. + +2. Click **Enabled** and click **OK**. + + ![Group Policy editor Download options](images/appguard-gp-allow-camera-and-mic.png) + +3. Log out and back on to your device, opening Microsoft Edge in Application Guard again. + +4. Open an application with video or audio capability in Edge. + +5. Check that the camera and microphone work as expected. + +#### Root certificate sharing options + +1. Go to the **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user's device** setting. + +2. Click **Enabled**, copy the thumbprint of each certificate to share, separated by a comma, and click **OK**. + + ![Group Policy editor Download options](images/appguard-gp-allow-root-certificates.png) + +3. Log out and back on to your device, opening Microsoft Edge in Application Guard again. +