Microsoft today announced the launch of Application Guard for Office in public preview to protect enterprise users from threats using malicious attachments as an attack vector.
Application Guard for Office (also known as Microsoft Defender Application Guard for Office) is designed to help prevent block files downloaded from untrusted sources from gaining access trusted resources by opening them within an isolated sandbox.
This sandbox will automatically block maliciously crafted files from exploiting vulnerabilities, downloading other malicious tools, or manifesting any malicious behavior from impacting the users’ device and data.
Application Guard for Office was initially launched in limited preview last year, in November 2019.
Off by default in supported environments
Malicious Office documents are among the most common vectors exploited by threat actors to deploy malware such as ransomware, RATs, data-stealing trojans, and malware downloaders.
“To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization,” Microsoft Sr. Office Deployment Engineer Eric Wayne said.
“When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container.”
The Application Guard for Office feature works with Word, Excel, and PowerPoint for Microsoft 365 and it will be off by default for customers with Microsoft 365 E5 or Microsoft 365 E5 Security enterprise plans that can deploy it in their environments.
For admins to be able to toggle it on, endpoints are required to run Windows 10 Enterprise edition, version 2004 (20H1), with the KB4566782 cumulative update and the Application Guard for Office Feature enablement package installed.
Microsoft Defender ATP integration
“Application Guard for Office is a restricted mode that isolates untrusted documents from accessing trusted corporate resources, intranet, the user’s identity, and arbitrary files present on the computer,” Microsoft explains.
“As a result, if a user tries to access a feature that has a dependency on such access, for example, inserting a picture from a local file on disk, it will fail and produce a prompt like the one below.
“To enable an untrusted document to access trusted resources, users must remove Application Guard protection from the document.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.