Sandboxing with Windows 10 – Microsoft Defender Application Guard

shield, grey, plain-296638.jpg

Sandboxing with Windows 10 – Microsoft Defender Application Guard, the feature to sandbox suspicious or unknown documents has been in Windows for some time and is very useful in preventing Malware from Office macros and other runtime nasties from being able to infect your machine.

Sandboxing allows applications / documents etc to run inside their own “virtualised” environment, running an application or document this way ensures that any malicious behaviour is not likely to affect the host computer, more so the running of an application within a sandbox gives security solutions a chance to detect what activity the file tries to initiate and from that generate a score to ascertain whether the file is nasty.

Recently I have had to set up Microsoft Application Guard and I have included some links that may assist with your configuration as well.

Remember there are different types of Sandboxing as well, Attachment and web sandboxing is separate to Application Guard for windows, as is the option within Microsoft Security centre to submit a file for Detonation in a sandbox.

I have to say that there is a lot of sandboxes around, luckily for us there is enough sand to fill them all!

Application Guard for Windows

Microsoft Defender Application Guard (name may change) is designed for Applications to run their associated documents in a protected environment. Application Guard is available in M365 E5 or E5 Mobility + Security.

Note this is not Windows Sandbox, this is Microsoft Defender Application Guard.

Further information:

https://support.microsoft.com/en-au/topic/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46

How to configure:

https://docs.microsoft.com/en-au/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide

How to configure Windows Sandbox

This is not Application Guard, but is useful for completeness of the sandbox journey.

If you want to configure Windows Sandbox for running a full virtualised environment inside Windows then please read below.

https://techcommunity.microsoft.com/t5/windows-kernel-internals-blog/windows-sandbox/ba-p/301849

As always please reach out to us here if you have any questions

Leave a Reply

Your email address will not be published.