Windows Defender Application Guard is an extra security feature of Windows 10. When enabled, it implements a sandbox for the built-in web browsers in Windows 10, Edge and Internet Explorer. Here is how to enable it.
Windows Defender Application Guard provides protection against targeted threats by utilizing the Hyper-V virtualization technology. It adds a special virtual layer between the browser and the OS, preventing web apps and the browser from accessing the actual data stored on the disk drive and in memory.
Prior to Windows 10 build 17063, the feature was exclusively available to Enterprise editions of Windows 10. Now, the feature is available to Windows 10 Pro users.
If you are running Windows 10 Pro build 17063 and above, you can try it in action. Let's see how to activate it.
To enable Windows Defender Application Guard in Windows 10, do the following.
- Press the Win + R keys to open Run and type
optionalfeatures.exeinto the Run box.
- Find Windows Defender Application Guard in the list and check the box next to it.
- Wait for the installation to finish and restart Windows 10.
As of this writing, the system requirements for Windows Defender App Guard look as follows:
- Windows 10 Professional, Build: 17053 (or later)
- en-us only for the current builds; full localized support will arrive soon
- PC must support virtualization; Hyper-V (some older PCs may not support Hyper-V or have this feature disabled in BIOS)
- Windows Defender Application Guard is Off by default, it must be enabled manually or by policy
Some of these requirements will be eliminated with the final version of Windows 10 Redstone 4.
How to Use Windows Defender Application Guard
- Open Edge and click on the menu in the top right corner.
- Click on "New Application Guard window" in the menu.
- You will see the following splash screen after which a new instance of Edge will open with Windows Defender Application Guard enabled.