Windows Defender Application Guard redirects ‘untrusted’ sites to Edge

Chrome and Firefox users can now benefit from the same hardware-based isolation technology that for the past three years has been shielding Microsoft Edge users from browser-based attacks.

Windows Defender Application Guard (WDAG) extensions for Google Chrome and Mozilla Firefox were released by Microsoft last week as updates to Windows 10 Professional and Enterprise.

Once installed, the extensions automatically redirect attempts to reach untrusted sites in Chrome or Firefox to an isolated session running in Microsoft Edge.

The WDAG extension checks URLs against a list of sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session running in a virtual machine.

If a site is trusted, then an enterprise user will stay with their default browser.

“With the new Application Guard extension for Google Chrome and Mozilla Firefox, customers can extend the security benefits of isolation in their environments and further reduce attack surface,” explained Tanmay Ganacharya, general manager of the Microsoft’s threat protection security research team in a Twitter update.

The Daily Swig asked Ganacharya whether or not Microsoft might consider extending its isolation technology further to protect enterprise users from the risks that can arise from running macros in Office 365.

No reply as yet, but we’ll update this story as and when more information comes to hand.

Dynamic switching

Redmond introduced container-based browser isolation technology back in September 2016.

Microsoft is pitching the rollout of WDAG to non-native browsers as a means of extending the benefits of the security technology to more Windows users, rather than an attempt to encourage surfers to migrate away from their preferred browser.

Upcoming ‘dynamic switching’ capabilities will mean that if a user tries to visit an enterprise site while in an isolated Microsoft Edge session, they will be taken back to their default browser.

“We know that many of our customers depend on multi-browser environments to allow enterprise apps to meet various compatibility requirements and enable productivity,” Rona Song of the Windows platform security team, explains in a blog post.

Song goes on to offer advice to enterprise administrators on how to apply the changes.

In related product news, Microsoft released a public preview of Defender Advanced Threat Protection (ATP) for Mac. The move means enterprises running mixed shops of windows and Mac desktops can use Microsoft’s technology across the board, as a means to provide cross-platform protection.

In response to questions, Microsoft said it would release licensing (and pricing) information for the technology once closer to the unspecified time of a full “general availability” release.


RELATED Billion-dollar blue team: MSRC spearheads Microsoft’s security defense