Home Cyber Crime Microsoft puts Application Guard for Office into public preview

Microsoft puts Application Guard for Office into public preview

by Gregg Keizer

Microsoft has launched a public preview of “Microsoft Defender Application Guard for Office,” a defensive technology that quarantines untrusted Office documents so that attack code carried by malicious files can’t reach the operating system or its applications.

On Monday, a senior cybersecurity engineer with the Redmond, Wash. company explained how Application Guard for Office worked and more importantly, walked customers through its operation – something that existing documentation omitted when the public preview was launched late last month.

“Microsoft Office will open files from potentially unsafe locations in Microsoft Defender Application Guard, a secure container, that is isolated from the device through hardware-based virtualization,” John Barbare wrote in a post to a Microsoft blog. “When Microsoft Office opens files in Microsoft Defender Application Guard, a user can then securely read, edit, print, and save the files without having to re-open files outside of the container.”

Application Guard has some history. The feature debuted in 2018 and was originally designed for Edge, Microsoft’s Windows 10 browser. (We’re talking about the original Edge here, the one using Microsoft’s own technologies, including the EdgeHTML rendering engine.)

Application Guard creates a disposable instance of both Windows and Edge – very condensed versions of the OS and the browser – in a virtualized environment using Windows’ baked-in HyperVisor technology. Every opening between the pseudo machine, the virtual machine, and the real deal is bricked up, barring almost all interaction between the web session and the physical device.

Users can then browse in a more secure environment because it prevents malware from reaching the real operating system and real applications on the real device (as opposed to the virtual instance). When the user is finished, the virtualized Windows+Edge is discarded. Think of it as a very brutal quarantine that erases the patient if he or she gets sick.

Works with Word, Excel and PowerPoint

Application Guard for Office works in much the same way, but rather than protect Edge, it isolates certain files opened in Word, Excel or PowerPoint. Documents obtained from the general Internet – intranet domains or domains that have not been marked as trusted – files from potentially unsafe areas and attachments received via Outlook are opened in a virtualized environment, or sandbox, where malicious code can’t wreak havoc.

For the public preview, customers must be running Windows 10 Enterprise 2004 or later, the Office Beta Channel build 2008 16.0.13212 or later, this update, and a license for Microsoft 365 E5 (the most comprehensive, most expensive edition) or Microsoft 365 E5 Mobility + Security.

Unlike the much older Protected View, another Office defensive feature, which opens potentially dangerous documents as read-only, files opened in Application Guard can be manipulated. They can be printed, edited and saved. When saved, however, they remain in the isolation container and when reopened later, again are quarantined in that sandbox.

Word, Excel or PowerPoint indicates that the current document has been opened within Application Guard with several visual signals, including a pop-up notice in the app’s ribbon and a differently-marked icon in the Windows taskbar.

If the user decides to definitely trust the document – which may be the weak link in Application Guard’s protections – he or she can move it out of quarantine and deposit it in in a local or network folder. (Confirmations are required here, though, so at least the user is prompted to reconsider before pulling the trust trigger.)

IT administrators can control much of this, and more, through Application Guard’s configuration settings, which range from copy-paste (allow/not allow) and printing (limit to, say, print-as-PDF only) to making it even more difficult for employees to open a file outside of Application Guard.

Copyright © 2020 IDG Communications, Inc.

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We will assume you are ok with this, but you can opt-out if you wish. Accept Read More

%d bloggers like this: