Sandboxing with Windows 10 – Microsoft Defender Application Guard, the feature to sandbox suspicious or unknown documents has been in Windows for some time and is very useful in preventing Malware from Office macros and other runtime nasties from being able to infect your machine.
Sandboxing allows applications / documents etc to run inside their own “virtualised” environment, running an application or document this way ensures that any malicious behaviour is not likely to affect the host computer, more so the running of an application within a sandbox gives security solutions a chance to detect what activity the file tries to initiate and from that generate a score to ascertain whether the file is nasty.
Recently I have had to set up Microsoft Application Guard and I have included some links that may assist with your configuration as well.
Remember there are different types of Sandboxing as well, Attachment and web sandboxing is separate to Application Guard for windows, as is the option within Microsoft Security centre to submit a file for Detonation in a sandbox.
I have to say that there is a lot of sandboxes around, luckily for us there is enough sand to fill them all!
Application Guard for Windows
Microsoft Defender Application Guard (name may change) is designed for Applications to run their associated documents in a protected environment. Application Guard is available in M365 E5 or E5 Mobility + Security.
Note this is not Windows Sandbox, this is Microsoft Defender Application Guard.
Further information:
How to configure:
How to configure Windows Sandbox
This is not Application Guard, but is useful for completeness of the sandbox journey.
If you want to configure Windows Sandbox for running a full virtualised environment inside Windows then please read below.
https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/windows-sandbox/ba-p/301849
As always please reach out to us here if you have any questions
Leave a Reply