Updated: March 9, 2021 (October 10, 2016)

  Analyst Report

Edge Application Guard Isolates Untrusted Sites

My Atlas / Analyst Reports

888 wordsTime to read: 5 min
Michael Cherry by
Michael Cherry

Michael analyzed and wrote about Microsoft's operating systems, including the Windows client OS, as well as compliance and governance. Michael... more

Windows Defender Application Guard for Microsoft Edge uses Windows Hyper-V virtualization technology to isolate the Edge browser when loading untrusted sites. By loading untrusted sites into a browser running in an isolated environment, malware cannot get to the Windows OS. However, the technology relies on organizations maintaining trusted site lists, and, like Windows Defender Advanced Threat Protection, it will only be available in future releases of the Enterprise editions of Windows 10.

Application Guard Browsing

A user with Windows 10 Enterprise edition and Application Guard, browsing to a site trusted by the user’s organization, will run the Edge browser on the Windows 10 host environment, just as all Edge browser users do today.

In contrast, a user browsing to a nontrusted site will run the Edge browser in an isolated virtual environment that should largely be transparent to the user. This Hyper-V hardware virtualization-based environment contains only the Windows kernel and a minimum set of the Windows platform services to run the browser. In this virtualized environment, Edge will not have access to Windows 10 host memory, local storage, other installed applications, corporate network endpoints, or any other resources that might be vulnerable to malicious software attacks.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now