Microsoft Defender Application Guard for Office is a security feature that protects your system from malware using virtualization technology. It opens sketchy Microsoft Office files in an isolated container through hardware-based virtualization so they can’t harm or infect your computer.
Users may be familiar with Microsoft Office’s Protected View, but Microsoft Defender Application Guard is different from that. Protected View opens the file normally but restricts you from editing it.
However, Application Guard opens the documents in a virtual container, and you can read and edit the files without re-opening it outside the virtual container.
UPDATE: Microsoft Defender Application Guard for Office has been deprecated.
Microsoft Defender Application Guard for Office
Here are the following aspects we’ll explore in Microsoft Defender Application Guard for Office:
- Minimum requirements for Application Guard.
- How to deploy Application Guard for Office.
- Double-check if Application Guard for Office is enabled and working.
- How to remove protection from a document.
- How to restore Application Guard protection on a file.
- Frequently asked questions (FAQs).
Read this post to the end to learn all you need to know about Windows Defender Application Guard for Office.
1] Minimum requirements for Application Guard
Software prerequisites
- Microsoft Office Channel Build version 2008 16.0.13212 and higher.
- Windows 10 Enterprise edition, Client Build version 2004 (20H1) build 19041.
- Windows 10 cumulative monthly security updates KB4571756.
Hardware prerequisites
- 8 GB RAM.
- 10 GB system drive free space. SSD is recommended.
- Processor: 64-bit, physical or virtual four cores, AMD-V or Intel VT-x virtualization extensions, Core i5 and above.
2] How to deploy Application Guard for Office
Currently, Microsoft Defender Application Guard for Office is only available to organizations with Microsoft 365 E5 or Microsoft 365 E5 Mobility + Security licenses and is available in public preview.
First, download and install the latest Windows 10 cumulative monthly security updates.
Press Windows key + R and type appwiz.cpl and strike ENTER. This takes you to the Programs and Features skin.
Click on the Turn Windows features on or off link on the left. Mark on the checkbox next to Microsoft Defender Application Guard and click OK.
Allow the computer to restart or do it manually after activating Microsoft Defender Application Guard.
3] Double-check if Application Guard for Office is enabled and working
After enabling Microsoft Defender Application Guard, you get no confirmation that it’s working. You may want to confirm that you’ve enabled it and it’s working correctly.
Before you go ahead and double-check that you’ve enabled Application Guard for Office, open a Microsoft Office app (Word, PowerPoint, Excel, etc.) on a computer that has policies deployed and ensure that you have an activated copy of Microsoft Office. You must activate it to use Application Guard for Office if it’s not activated.
To check that Application Guard is enabled and working, download a document or email attachment off the internet so that it’s classed an untrusted. Next, open it in the corresponding Office application.
The first time you use the Office application to open an untrusted document, you might notice that the splash screen shows for a longer time. This delay is because it’s activating Application Guard for Office and opening the file. However, it happens only the first time. Other opens will be quicker.
If Microsoft Defender Application Guard is enabled, you’ll see an indication of that in the splash screen. For example, Microsoft Word will say,
To keep you safe, we’re opening this document in Application Guard…
When the file finally opens, another indicator of an active Application Guard for Office is that you’ll see a callout in the ribbon that says,
File opened in Application Guard.
This file is from an untrusted soure. To keep you safe, we’ve opened it in a protected mode.
Also, you’ll notice a black shield on the Microsoft application’s icon in the taskbar. This is another indicator that Application Guard is enabled and working.
4] How to remove protection from a document
While Application Guard gives you edit rights to the file, there may be some restrictions. If the document is safe, you can remove the protection from the file.
Start by opening the document and click on the File menu. Go to Info and click on the Remove protection option.
5] How to restore Application Guard protection on a file
Windows Defender Application Guard for Office also lets you restore the file protection after removing it. To do this, open the Microsoft Office application and click on the File menu. Go to Trust Center > Trust Center Settings > Trusted Documents. Here, click on Clear all Trusted Documents so that they are no longer trusted.
NOTE: Restoring protection following the above steps will apply for all the documents on your PC from which you previously removed protection.
Which files open in Windows Defender Application Guard for Office?
Application Guard will typically open the following types of files:
- Documents downloaded from the internet.
- File originating from potentially unsafe locations, such as the Temporary Internet folder.
- Documents that File Block has prevented from opening.
Read: How to Turn On Defender Application Guard for Microsoft Edge
What are the restrictions in Application Guard?
If a document opens in Windows Defender Application Guard, the restrictions on it include:
- Can’t access arbitrary system locations.
- Can’t access the identity of the user.
- Can’t access network locations within the boundary of the enterprise security.
- Restricted from Microsoft Office features that depend on the above capabilities.
- Capabilities that extend Microsoft Office applications’ functionalities are unavailable. Some examples include Macros, VSTO, COM, and Web Add-ins.
We hope you find the post useful.