Microsoft has confirmed it is offering Application Guard to users of Microsoft 365, formerly known as Office 365. The advanced threat perception and protection engine isolates files to thwart cyberattacks.
Microsoft had launched several new security features for Microsoft 365 last year. One of the features was Application Guard. The company has now confirmed the general availability of Application Gard for all users or subscribers of Microsoft 365.
What is Microsoft Application Guard?
Application Guard is essentially a sandbox protection platform. It basically puts documents from untrusted sources in a container before opening them. The process essentially isolates the entire desktop PC, laptop, or smartphone from the files.
At its core, Microsoft Application Guard for Microsoft 365 is a virtual container. It relies on the Hyper-V-based virtual containers to create a strong digital perimeter for every file that Microsoft 365 subscribers receive or gain access to. Incidentally, the feature can also shield users from kernel-based attacks owing to the Hyper-V-based containers.
Whether you work remotely, in the office, or both, protecting data is crucial. Opening files from unsafe locations can put your computer and data at risk. To protect your organization and data, make sure you enable Application Guard for Office! Learn more: https://t.co/Z2PmgUsKDg pic.twitter.com/X1cDGUg8Jh
— Tech Community (@MSTCommunity) January 28, 2021
There are several ongoing attempts to gain unauthorized access to computers with files that are loaded with malicious code. Advanced Persistent Threat (APT) groups as well as virus or malware creators routinely deploy mass emailing campaigns with Trojan-laced files.
Microsoft has confirmed that it analyzes every malicious attack contained by Application Guard to bolster its threat intelligence. In other words, the platform uses Artificial Intelligence to continually learn from the threats it handles. Needless to add, the new security feature should get better as it fields more malware and viruses embedded within seemingly innocent-looking files and email attachments.
How does the security feature differ from Protected View and how to activate it?
Microsoft 365 and even Microsoft Office productivity suites come with ‘Protected View’. It is the first but elementary line of defense.
Protected View opens documents in read-only mode. It essentially disables editing and macros. However, users can still download and open the file.
There have been several malicious campaigns involving files that users merely need to download and open. Users need not exit the Protected View to activate the hidden virus or malware.
@Microsoft rolls out #ApplicationGuard for Office to all customers. Application Guard for @Office365 blocks files downloaded from untrusted sources from gaining access to trusted resources by opening them in #sandboxes. @DynamicCISO #girlswhocode https://t.co/I1oPz81vF7
— rneelmani (@rneelmani) January 27, 2021
Taking protection much further, the Microsoft Application Guard opens files in a virtualized sandbox. Users can perform all the relevant functions such as editing or printing the documents.
While users are working on the files, they remain inside the Hyper-V containers. Moreover, if the platform determines that the file is from untrusted sites, it stores the same in potentially unsafe folders or networks. Moreover, it blocks the documents using ‘File Block’.
Strangely, Microsoft has chosen to keep the security feature off by default. In other words. Administrators will need to activate the same. Moreover, they will need to set the right policy for each user in an organization.
#ApplicationGuard 🛡️ for #Office is NOW generally available 👊 See the official announcement + how to get started at https://t.co/TotNlzn9pX – Thanks to Eric Wayne for letting us know 🙏#Word #Excel #PowerPoint #Security #Microsoft365 pic.twitter.com/7KZV0NwgFE
— Patrick (@blog_afraIT) January 27, 2021
Microsoft Application Guard for Microsoft 365 cloud-based productivity suite is available to customers on Current Channel and Monthly Enterprise Channel. The company has indicated that Semi-Annual Enterprise Channel will receive the feature later this year.
Users can choose to disable Application Guard protection for a specific file. Needless to add, users will need to be very confident and trusting of the file’s source and sender.
If enabled, the platform will scan any suspicious file with the Safe Documents feature. Incidentally, Application Guard and Microsoft Defender for Office 365 combined, currently protect files and emails.