The web browser may pose serious threats to PC users, but Microsoft has that covered with Windows Defender Application Guard, which keeps untrusted browsing sessions locked away from the rest of the operating system.
This means that even if you venture down a risky path in your browsing, the integrity of the OS, and hence the PC on the whole, should not be compromised.
According to Microsoft, the vast majority of phishing emails — a whopping 90 percent — initiate attacks by exploiting the browser, and potentially establish a position from which it can initiate further attacks within a company.
With its new Windows Defender Application Guard, Microsoft aims to better protect companies and users from such threats. The feature works by isolating Microsoft Edge from the other processes and files on a computer, thus preventing breaches from doing further damage.
Of course, Windows Defender Application Guard only works to isolate Microsoft Edge from the rest of the OS, but it will not offer the same "safety bubble" for any browser. Considering that Edge usage didn't exactly skyrocket and Microsoft's browser is facing fierce competition from Google and others, this enhanced safety feature could be just what it needs to stand out from the crowd and boost adoption rates.
To pull off this security scheme, Edge launches new sessions running in virtualized containers on Windows 10 when the Windows Defender Application Guard is enabled. Should any malicious code on a site try to deploy on the Windows 10 PC or tablet in use, the feature would automatically push the code into the container, locking it away from the OS and everything else on the user's machine.
That container will be destroyed as soon as you quit the Edge browsing session, destroying the malicious code with it in the process. On the other hand, the drawback is that destroying the container each time you quit Edge also means that any cached items or cookies collected during those secure browsing sessions will be destroyed too. At the same time, taking advantage of these containers to virtualize Edge may also translate into slower performance.
Nevertheless, Edge will allow administrators to whitelist trusted websites so they can run in a normal, non-containerized form to deliver a traditional browsing experience.
"Unlike other browsers that use software-based sandboxes, which still provide a pathway for malware and vulnerability exploits, Microsoft Edge's use of Application Guard isolates the browser and employee activity using a hardware-based container to prevent malicious code from impacting the device and moving across the enterprise network," Microsoft explains. "This robust security service helps protect enterprises from malware, viruses, vulnerabilities, and even zero-day attacks."
While this virtualization may not be suitable for everyone, it could be a great fit for finance, military or other such organizations that need to keep their data safe and lock down their browsers.
The feature has yet to reach its final form, but Windows Insiders will get a taste of it in the following months, after Microsoft works on it some more. The company plans to make Windows Defender Application Guard available sometime next year, at least for organizations on the Windows 10 Enterprise E3 or E5 plans.
In the meantime, check out the video below to get a better idea of what Microsoft's new Windows Defender Application Guard entails.