Windows 10 Fall update 1709 Security Feature 1: Windows Defender Application Guard

Posted by Ahmed Nabil | 7 comments»
Microsoft celebrated my birthday and released the new Windows 10 fall update on October 17, 2017 with many new exciting features and updates especially in the security field which will be our main concern in this series of articles. My intent is to go through each new Security feature targeted to Endpoint users (Windows 10 users) one by one in a separate blog post and we will start today with the Defender Application Guard.


What is the Windows Defender Application Guard ?

Windows Defender Application Guard is a new security feature in Windows 10 1709 that is integrated in Edge Browser (only Edge for now) that allows you and your Organization users to browse suspicious/un-trusted sites and check them without affecting or exposing your Operating System to any harm.

This happens with the beauty of Virtual machines (Windows Hyper-V) by opening the Edge browser in application guard mode which is simply opening the browser in an isolated virtual machine that totally isolates this web site/sites opened by the defender application guard mode from reaching your Operating System core components as well as your files and data. Once the Edge browser is closed (Virtual Machine turned off), all the site data opened is the browser is deleted and completely wiped.


What are the modes of Defender Application Guard ?

Windows Defender Application Guard comes in two flavors:


  1. Standalone: The user will manually start the Edge in Application Guard mode when he is feeling suspicious regarding opening a specific website and would like to test it in secure mode. There are no policies (Organization forced Group policies) governing this, its just the user perspective.                                                                                                                                                                                          
  2. Enterprise: The organization will set rules and policies to identify trusted sites and un-trusted sites. When users tries to open one of these un-trusted sites, these URLs will be loaded in the Application Guard Edge mode (Isolated Virtual Machine)


How to Install Application Guard ?

In General application Guard  requires a computer capable to run virtualization, remember the Application guard will leverage the Virtual Machine technology to isolate your suspicious URLs. Machines need to be 64 bit with Virtualization extensions support and some RAM for the Virtual machine (Microsoft recommendation is to have a system with at least 8 GB RAM)

Application Guard is disabled and you need to enable it from Control Panel - Turn Windows Features on or off.



After enabling the feature, it will get installed and requires reboot.

You can install it also using Powershell and link it to group policy if needed for mass distribution.

For more info check the below article 



How will the user open Edge Application Guard (Standalone) ?

As agreed before, in the standalone mode, the user will manually open the Edge browser in Application Guard mode to examine and open any suspicious URL

  1. The User will open normal Edge browser - Settings - New Application Guard Window                                                                                                                                                                                                                             

                                                                                                                                                                                                                                                                                                  
  2. It will take few minutes when you open it for the first time as it prepares the environment and loads the isolated virtual machine. Later on when you open another URL it will work faster since the environment is already set and VM is up and running.                                                                  
  3. A new Edge browser is loaded with Application Guard enabled (Top Left)



How to apply the Application Guard for Enterprise Users ?

So this is the second mode we discussed which is applying the application guard settings for the enterprise using group policies.

  1. Installation of Application Guard as discussed earlier by enabling the respective windows feature.                                                                                                                                                          
  2. For Enterprise users we will be controlling the settings using Group policies and for this reason we need to download the latest Windows 10 1709  Group policy Administrative templates (ADMX and ADML) and copy them to the Domain Controllers Central store.                                                                         
  3. To download the latest 1709 administrative template, please check the link below                         https://www.microsoft.com/en-US/download/details.aspx?id=56121                                                                
  4. By default the files will be installed under C:\Program Files (x86)\Microsoft Group Policy\Windows 10 Fall Creators Update (1709)\PolicyDefinitions.                                                               
  5. Copy the Admx files under Local folder Policy definitions (mentioned in step 4) to the Central store (I hope everyone is using central store) Policy definitions  under \\domain.com\SYSVOL\Domain.com\Policies\PolicyDefinitions                                                                  
  6. Repeat the same for the Adml files from the local folder mentioned in step 4 under PolicyDefinitions\en-US to \\domain.com\SYSVOL\Domain.com\Policies\PolicyDefinitions\en-US. This will ensure your domain controllers have the latest needed templates for the network Isolation group policies.                                                                                                                                                           
  7. Next we need to set the Network Isolation policies for the computers. You need to create a new Group policy for the computers OU - Edit Policy - Computer Configuration - Policies - Administrative Templates - Network - Network Isolation                                                                                                                                                                                                                                                                     
                                                                                                                            
  8. There are two main settings that you need to configure as shown in the above image                                                                                                                                                                             Enterprise Resource Domain hosted in the cloud: These are enterprise approved Cloud resource domain URLs that will be opened in the normal Edge, for example *.yourcompany.com or/and *.partner.com...........etc                                                                                                                                                                                                                 Domains Categorized as both work and personal: You can add list of your internal or external work domains as well as personal domains used by users to be safely opened by normal Edge browser.                                                                                                                                                       
  9.  Next step is to enable the Application Guard for Enterprise mode using group policy settings from Administrative Templates - Windows Components - Windows Defender Application Guard                                                                                                                                                                                                                                                                                                                               
                                                                                                                                                              
  10. Other settings in the same location (Step 9) allows you to set the behavior of copying and pasting from sites opened in Application Guard with other components in Desktop as well as print settings. You can enable or disable copying from this virtualized container to other systems.


So this concludes the first blog post in our new Windows 10 version 1709 Security features. Hopefully you are getting excited and see you on our next episode.



                                                                                                                                                                                                                                                                                                                                               



7 Comments
Comments

7 comments:

design Says:

I read that Post and got it fine and useful. the restore point

Bynary Codes Says:

Thank you for sharing this.
Free Windows guides

Bynary Codes Says:

Thank you for sharing this.
Fix dll errors

Bynary Codes Says:

Thank you for sharing this.
dll runtime errors

Amazing Quotes Says:

very amazing and interesting post, thank you for sharing
Great Quotes
Positive Life Quotes
Fitness Quotes - Best Quotes
Future Quotes - Success Quotes
Image Bank - Smile Quotes - Xyore
اقوال وحكم

Blogger Says:

Quantum Binary Signals

Get professional trading signals sent to your mobile phone daily.

Start following our signals today & earn up to 270% per day.

Security Services Australia Says:

Security has now become an indispensable requirement in our day to day life and cannot be ignored even by an inch. So here it becomes very important for one to choose a security company on which one can trust and also falls under budget. Safehands Security Services is one such company in Australia that is ready to serve all your needs and also is available with many services such as crowd controlling, mobile patrolling etc. Visit us at www.safehandssecurityservices.com.au for more details.

Hire Security Guards | Security Guards Companies | Security Guards Services | Security Services Australia | Security Companies Australia | Event Security Services | Private Party Security | K9 Security Services | Mobile Patorls & Alarm Response Service | Crowd Control Services | Security Guards Agencies | Security Companies | Security Services | Security Agencies | Crowd Control Services

Post a Comment