Windows Defender Application Guard as browser extensions in Google Chrome and Mozilla Firefox – Still need to use Legacy Control Panel to enable Windows Defender Application Guard

In the newest release of Windows Insider Fast Ring build on March 15th 2019 18358 a new feature has been added to allow Application Guard to work on Google Chrome Browser and Mozilla Firefox. Cool. https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/#cYmJ3abB6vdUHptq.97

The guide to enable is good but missed one step.

How do you enable Windows Defender Application Guard?

Hint: It is not in the Modern Settings but the Legacy Control Panel. I am sure this will be changed 🙂

  1. Open Start Menu or Cortana Search
  2. Type in Control Panel
  3. If you are running 1809 you can select Programs and Features directly. If not you’ll need to navigate through the control panel to open Programs and Features.

4. On the left panel select Turn Windows features on or off
5. Scroll down to Windows Defender Application Guard and select

6. You may need to have HyperV installed and Reboots will ensue!

Snippet from original blog post

Windows Defender Application Guard as browser extensions in Google Chrome and Mozilla Firefox

To extend our container technology to other browsers and provide customers with a comprehensive solution to isolate potential browser-based attacks, we have designed and developed Windows Defender Application Guard extensions for Google Chrome and Mozilla Firefox.

Windows Defender Application Guard extension on Chrome web store

How it works

The extensions for Google Chrome and Mozilla Firefox automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge. The extension relies on a native application that we’ve built to support the communication between the browser and the device’s Application Guard settings.

When users navigate to a site, the extension checks the URL against a list of trusted sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session. In the isolated Microsoft Edge session, the user can freely navigate to any site that has not been explicitly defined as trusted by their organization without any risk to the rest of system. With our upcoming dynamic switching capability, if the user tries to go to a trusted site while in an isolated Microsoft Edge session, the user is taken back to the default browser.

To configure the Application Guard extension under managed mode, enterprise administrators can follow these recommended steps:

  1. Ensure devices meet requirements.
  2. Turn on Windows Defender Application Guard.
  3. Define the network isolation settings to ensure a set of trusted sites is in place.
  4. Install the new Windows Defender Application Guard companion application from the Microsoft Store.
  5. Install the extension for Google Chrome or Mozilla Firefox browsers provided by Microsoft.
  6. Restart the devices.

Intuitive user experience

We designed the user interface to be transparent to users about Windows Defender Application Guard being installed on their devices and what it does. We want to ensure that users are fully aware that their untrusted navigations will be isolated and why.

  1. When users initially open Google Chrome or Mozilla Firefox after the extension is deployed and configured properly, they will see a Windows Defender Application Guard landing page.
  2. If there are any problems with the configuration, users will get instructions for resolving any configuration errors.
  3. Users can initiate an Application Guard session without entering a URL or clicking on a link by clicking the extension icon on the menu bar of the browser.

Where to get it

The Windows Defender Application Guard extension for Google Chrome and Mozilla Firefox is rolling out to Windows Insiders today and will be generally available very soon. This is available for users on Win 10 Enterprise and Pro SKUs on 1803 or later.

Submit feedback here. Contact our team if you have any questions.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s