mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-19 08:47:22 +00:00
copy edits, testing scenarios, screenshots
This commit is contained in:
Marty Hernandez Avedon
parent
c62604fc5f
commit
ef1ceba5f8
Binary file not shown.
|
After Width: | Height: | Size: 68 KiB |
Binary file not shown.
|
After Width: | Height: | Size: 114 KiB |
@ -20,14 +20,14 @@ ms.custom: asr
|
||||
|
||||
- Windows 10
|
||||
|
||||
Microsoft Defender Application Guard Extension is a web browser extension that protects your device from advanced attacks, by redirecting untrusted websites to an isolated version of the [Microsoft Edge](https://www.microsoft.com/en-us/edge) browser. If an untrusted website turns out to be malicious, it remains within Application Guard's secure container, keeping your device protected.
|
||||
Microsoft Defender Application Guard Extension is a web browser extension that protects your device from advanced attacks, by redirecting untrusted websites to an isolated version of the [Microsoft Edge](https://www.microsoft.com/edge) browser. If an untrusted website turns out to be malicious, it remains within Application Guard's secure container, keeping your device protected.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Application Guard (the feature, not the browser extension) must be installed and enabled — either locally, in Standalone mode, or as part of an enterprise environment, in Enterprise-managed mode. Application Guard itself has its own set of [requirements](reqs-md-app-guard.md).
|
||||
|
||||
> [!TIP]
|
||||
> Application Guard offers [native support](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard) to Microsoft Edge, so the extension and companion app are not necessary for users running that browser.
|
||||
> Application Guard offers [native support](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard) to Microsoft Edge and Internet Explorer, so the extension and companion app are not necessary for users running those browsers.
|
||||
|
||||
The Microsoft Defender Application Guard Extension works with the following editions of Windows 10, version 1803 or later:
|
||||
|
||||
@ -56,12 +56,12 @@ Error message | Cause | Actions
|
||||
-|-|-
|
||||
Application Guard undetermined state | The extension was unable to communicate with the companion app during the last information request. | • Install the [companion app](https://www.microsoft.com/p/windows-defender-application-guard-companion/9n8gnlc8z9c8?activetab=pivot:overviewtab) and reboot</br> • If the companion app is already installed, reboot and see if that resolves the error</br> • If you still see the error after rebooting, uninstall and re-install the companion app</br> • Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
ExceptionThrown | An unexpected exception was thrown. | • File a bug </br> • Retry the operation
|
||||
Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | • Restart the browser </br> • Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Failed to determine if Application Guard is enabled | The extension was able to communicate with the companion app, but the information request failed in the app. | • Restart the browser </br> • Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Launch in WDAG failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running. | • Make sure the companion app is installed </br> • If the companion app is installed, reboot and see if that resolves the error </br> • If you still see the error after rebooting, uninstall and re-install the companion app </br> • Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | • File a bug </br> • Retry the operation
|
||||
Main page navigation caught an unexpected error | An unexpected exception was thrown during the main page navigation. | • File a bug </br> • Retry the operation
|
||||
Process trust response failed with a companion communication error | The extension couldn't talk to the companion app, but was able to at the beginning of the session. This can be caused by the companion app being uninstalled while Chrome was running.| • Make sure the companion app is installed. </br> • If the companion app is installed, reboot and see if that resolves the error </br> • If you still see the error after rebooting, uninstall and re-install the companion app </br> • Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Protocol out of sync | The extension and native app cannot communicate with each other. This is likely caused by one being updated without supporting the protocol of the other. | Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Security patch level does not match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Security patch level does not match | Microsoft determined that there was a security issue with either the extension or the companion app, and has issued a mandatory update. | Check for updates in both the Microsoft store and the respective web store for the affected browser (Chrome or Firefox)
|
||||
Unexpected response while processing trusted state | The extension was able to communicate with the companion app, but the API failed and a failure response code was sent back to the extension. | • File a bug </br> • Check if Edge is working </br> • Retry the operation
|
||||
|
||||
## Related articles
|
||||
|
||||
@ -15,21 +15,19 @@ ms.custom: asr
|
||||
|
||||
# Application Guard testing scenarios
|
||||
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
||||
|
||||
|
||||
We've come up with a list of scenarios that you can use to test hardware-based isolation in your organization.
|
||||
|
||||
|
||||
## Application Guard in standalone mode
|
||||
|
||||
You can see how an employee would use standalone mode with Application Guard.
|
||||
|
||||
### To test Application Guard in Standalone mode
|
||||
|
||||
1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard).
|
||||
1. [Install Application Guard](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard).
|
||||
|
||||
2. Restart the device, start Microsoft Edge, and then click **New Application Guard window** from the menu.
|
||||
|
||||
@ -81,7 +79,7 @@ Before you can use Application Guard in enterprise mode, you must install Window
|
||||
>[!NOTE]
|
||||
>Enabling this setting verifies that all the necessary settings are properly configured on your employee devices, including the network isolation settings set earlier in this scenario.
|
||||
|
||||
6. Start Microsoft Edge and type <em>www.microsoft.com</em>.
|
||||
6. Start Microsoft Edge and type *www.microsoft.com*.
|
||||
|
||||
After you submit the URL, Application Guard determines the URL is trusted because it uses the domain you've marked as trusted and shows the site directly on the host PC instead of in Application Guard.
|
||||
|
||||
@ -108,6 +106,7 @@ Application Guard provides the following default behavior for your employees:
|
||||
You have the option to change each of these settings to work with your enterprise from within Group Policy.
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Enterprise edition, version 1709 or higher
|
||||
- Windows 10 Professional edition, version 1803
|
||||
|
||||
@ -129,11 +128,11 @@ You have the option to change each of these settings to work with your enterpris
|
||||
|
||||
4. Choose what can be copied:
|
||||
|
||||
- **1.** Only text can be copied between the host PC and the isolated container.
|
||||
- Only text can be copied between the host PC and the isolated container.
|
||||
|
||||
- **2.** Only images can be copied between the host PC and the isolated container.
|
||||
- Only images can be copied between the host PC and the isolated container.
|
||||
|
||||
- **3.** Both text and images can be copied between the host PC and the isolated container.
|
||||
- Both text and images can be copied between the host PC and the isolated container.
|
||||
|
||||
5. Click **OK**.
|
||||
|
||||
@ -163,14 +162,19 @@ You have the option to change each of these settings to work with your enterpris
|
||||
|
||||
4. Add the site to your **Favorites** list and then close the isolated session.
|
||||
|
||||
5. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
|
||||
5. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
|
||||
|
||||
The previously added site should still appear in your **Favorites** list.
|
||||
|
||||
>[!NOTE]
|
||||
>If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10.<br><br>If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br><br>**To reset the container, follow these steps:**<br/>1. Open a command-line program and navigate to Windows/System32.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
|
||||
> [!NOTE]
|
||||
> If you don't allow or turn off data persistence, restarting a device or logging in and out of the isolated container triggers a recycle event that discards all generated data, including session cookies, Favorites, and so on, removing the data from Application Guard. If you turn on data persistence, all employee-generated artifacts are preserved across container recycle events. However, these artifacts only exist in the isolated container and aren't shared with the host PC. This data persists after restarts and even through build-to-build upgrades of Windows 10.
|
||||
>
|
||||
> If you turn on data persistence, but later decide to stop supporting it for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.
|
||||
> <!--- Inline HTML is used on the next several lines so that the ordinal numbers will be rendered correctly; Markdown would otherwise try to render them as letters (a, b, c...) because they would be treated as a nested list --->
|
||||
> **To reset the container, follow these steps:**<br/>1. Open a command-line program and navigate to Windows/System32.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Enterprise edition, version 1803
|
||||
- Windows 10 Professional edition, version 1803
|
||||
|
||||
@ -201,6 +205,7 @@ You have the option to change each of these settings to work with your enterpris
|
||||
4. Assess the visual experience and battery performance.
|
||||
|
||||
**Applies to:**
|
||||
|
||||
- Windows 10 Enterprise edition, version 1809
|
||||
- Windows 10 Professional edition, version 1809
|
||||
|
||||
@ -242,3 +247,16 @@ You have the option to change each of these settings to work with your enterpris
|
||||
|
||||
3. Log out and back on to your device, opening Microsoft Edge in Application Guard again.
|
||||
|
||||
## Application Guard Extension for Chrome and Firefox
|
||||
|
||||
The [Application Guard Extension](md-app-guard-browser-extension.md) available for Chrome and Firefox allows Application Guard to protect users even when they are running a web browser other than Microsoft Edge or Internet Explorer.
|
||||
|
||||
Once a user has the extension and its companion app installed on their enterprise device, you can run through the following scenarios.
|
||||
|
||||
1. Open either Firefox or Chrome — whichever browser you have the extension installed on.
|
||||
1. Navigate to an enterprise website, i.e. an internal website maintained by your organization. You might see this evaluation page for an instant before the site is fully loaded.
|
||||
|
||||
1. Navigate to a non-enterprise, external website site, such as [www.bing.com](https://www.bing.com). The site should be redirected to Microsoft Defender Application Guard Edge.
|
||||
|
||||
1. Open a new Application Guard window, by select the Microsoft Defender Application Guard icon, then **New Application Guard Window**
|
||||
![The "New Application Guard Window" option is highlighted in red]()
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user