Windows Defender Application Guard Extensions for Chrome and Firefox

[German]Microsoft has released extensions for the Windows Defender Application Guard for Google Chrome and Firefox. These extensions are designed to protect users in enterprise environments running Windows 10 from unsafe Web pages.


I already recognized the information about the Windows Defender Application Guard Extensions last Friday in a Tweet from Tero Alhonen and here, but couldn't really sort it out.

Only after a little research things became clearer to me – here is some information about what lies behind it.

What's Windows Defender Application Guard

Windows Defender Application Guard is designed for Windows 10 and Microsoft Edge in enterprise environments. Enterprise administrators can define what belongs to trusted Web sites, cloud resources, and internal networks. Anything that isn't on the list is classified as untrusted. Application Guard helps enterprise administrators isolate untrusted Web sites. This ensures that the company is protected when employees surf the Internet on untrusted web pages.

When an employee visits an untrusted Web site via Microsoft Edge or Internet Explorer, Microsoft Edge opens the Web site in an isolated Hyper-V-enabled container separate from the host operating system. The host PC is protected by container isolation if the untrusted Web site turns out to be malicious. An attacker cannot access the corporate data. For example, this approach makes the isolated container anonymous. As a result, the attacker cannot access an employee's company credentials. Details on this topic may be read within this Microsoft article.


Extensions also for Chrome and Firefox

With the corresponding extensions, this protection is also available in Google Chrome and Firefox browsers in corporate environments. The announcement was made in the Windows Blog at the presentation of the Windows 10 Insider Preview Build 18358. Microsoft writes about it:

To extend our container technology to other browsers and provide customers with a comprehensive solution to isolate potential browser-based attacks, we have designed and developed Windows Defender Application Guard extensions for Google Chrome and Mozilla Firefox.

How it works

The Google Chrome and Mozilla Firefox extensions automatically redirect users to Windows Defender Application Guard for Microsoft Edge when they navigate to an untrusted website. The extension is based on a native application developed by Microsoft to support communication between the browser and the the device's Application Guard settings.

When users navigate to a Web site, the extension checks the URL against a list of trusted Web sites defined by enterprise administrators. If the site is found to be untrusted, the user is redirected to an isolated Microsoft Edge session. That is, the session runs in an Edge container (on Windows 10). In the isolated Microsoft Edge session, the user can freely navigate to any Web site that is not explicitly defined as trusted by their organization, without risk to the rest of the system. Microsoft's already planned dynamic switching feature returns the user to the default browser when attempting to access a trusted Web site during an isolated Microsoft Edge session..

Protection of enterprise environments

The feature is only available in enterprise environments where the administrator has set up the Application Guard. When users open Google Chrome or Mozilla Firefox after deploying and configuring the extension, they see a Windows Defender Application Guard landing page.

Windows Defender Application Guard landing page(Source: Microsoft)

If there are problems with the configuration, the users receive instructions for correcting configuration errors.

Error page instructions for resolving any configuration errors
(Source: Microsoft)

Users can initiate an Application Guard session without entering a URL or clicking a link by clicking the extension icon in the browser's menu bar.

Availability of Application Guard Extensions

The Windows Defender Application Guard extension for Google Chrome and Mozilla Firefox was introduced for Windows Insider on March 15, 2019. Microsoft plans to make this extension generally available soon. The feature will be available to Windows 10 Enterprise and Pro users with version 1803 or later.

Some of the above links only work under Windows 10 (e.g. store access). And the extensions are currently only functional in the current Windows 10 Insider Preview, if the Application Guard is set up. Details about the setup can be found in the Windows Blog in the article about the introduction of the Windows 10 Insider Preview Build 18358.

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *