Untrusted files from the internet, and other unsafe locations, can contain bugs, viruses and other malware that can harm your computer and data. Dyrand would like you to be aware of the new security feature that Microsoft has added to Office 365. It’s called Application Guard and is now available to all supported licensed 365 users, specifically organizations running Microsoft 365 E5 or Microsoft 365 E5 security licenses.
Application Guard blocks downloads from untrusted sources, shunting them to sandboxes. Application Guard is a defence technology that quarantines untrusted office documents to prevent them from reaching the operating system or its applications. If you feel that the file is safe, you can always choose to remove Application Guard protection from that file.
When Application Guard is enabled, Office opens the file in Application Guard if the document is opened in an unsafe location. They are placed in secure containers and are isolated with the aid of hardware-based virtualization preventing untrusted documents opened in Office to affect the operation and security of the operating system and applications.
Application Guard for Office opens and isolates files in Office’s three main applications: Word, Excel, and PowerPoint. If documents come from untrusted internet or intranet domains or are untrusted attachments in the Outlook email client, they are opened in a virtual environment called a sandbox.
Application Guard opens untrusted documents as read-only for the operating system, yet these files can be manipulated, printed, edited and saved, remaining in the isolation container. Each time they are opened they are quarantined in the sandbox. Outdated file types are also quarantined.
Application Guard will also block malicious attachments from downloading other malicious tools that exploit systems and software. It also prevents malicious software from executing tasks that could have a negative impact on devices and data.
This feature debuted in 2018, originally designed for Edge, Microsoft’s Windows 10 browser. It was based on Microsoft 365 Defender. Microsoft Defender Antivirus was known as Windows Defender Antivirus. It was a malware component of Microsoft Windows.
Application Guard is set to “off” by default, requiring an IT admin to turn it on. Then the IT needs to set and distribute group policies to individual users. See the installation guide for ITs and admins: click here.
This is an excellent enhancement that will make your network safer and more secure. Contact us and we can explain how it can help your organization. We consider this another way to stay ahead of those evolving threats. We help small businesses handle big issues.