To test some online applications using the Microsoft Edge browser but in an isolated and protected Sandbox environment, we can take the support of Windows 10 office or Edge Defender Application Guard (WDAG). And here in this tutorial, we let you know how to do this…
The new Microsoft Edge based on Chromium offers a possibility to isolate the browser session from the rest of the system. Of course, this is not some feature that we want to use regularly that’s why it is disabled by default. To run Edge browser in a Sandbox environment, we need to first enable the “Microsoft Defender Application Guard” feature.
Well, one thing to be noted that, Defender Application Guard is not available in the home version of Windows 10, but only in the Professional, Enterprise, and Education editions running on Build 16188+. And for good performance, the system should have at least 8 GB of RAM and a CPU that supports Second Level Address Translation (SLAT) which are common nowadays in all modern system running Windows 10 operating systems.
What is Defender Application Guard (WDAG) and how does it work?
To execute Microsoft Edge browser and Office apps such as Word, PowerPoint, and Excel in a safe environment, so that they can’t harm the main system; Microsoft has implemented a feature on Windows 10 called Defender Application Guard. It helps enterprises and other users to run Edge browser and office app in an isolated Hyper-V virtual machine/container to make them separate from the host operating system.
This feature helps developers, enterprises, and common users to visit websites that are not safe to visit in a standard environment. The container isolation means, if the untrusted site or file turns out to be malicious, the host device is protected, and the attacker can’t get credentials or other enterprise data saved on the browser & system.
Note: As this uses the native virtual machine, thus you would need to change the Paravirtualization interface to Hyper-V in VirtualBox to run its VMs. Still, there is no surety that your Vmware or VirtualBox will work properly after enabling this feature.
Enable Defender Application Guard
By default, Windows Defender Application Guard will not be activated, therefore to use this feature we need to manually activate it from the “Turn Windows features on or off” option.
- Go to the Windows 10 search box and type – Turn Windows features and when you see it, click on the Open link.
- Now, scroll and find to enable Microsoft Defender Application Guard.
- Check the box given in front of it.
- Wait for few seconds, the system will install this feature.
- Now, restart your Windows 10 to let the changes take effect.
Alternatively, we can enable it using the PowerShell command. Right-click on Windows 10 Start Menu and select Windows PowerShell (admin) and copy-paste the below command:
Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
Run Microsoft Edge in Application Guard
Once you have restarted your system and activated Application Gaud, it’s time to run your Microsoft Edge browser in with.
- Open Microsoft edge on your Windows 10 system
- Click on the three dots given on the right top side to access settings.
- Select “New Application Guard windows“. Alternatively, you can use the keyboard shortcut “Ctrl+Shift+A“.
- This will start a New Edge browser session in a sandbox environment. The process would take some time depending upon your system speed.
Check Edge Integration
Well, you hardly can make any difference, in the newly opened session because everything looks the same even all settings of the Edge browser are available in Defender mode. Of course, it will be because it is the same browser just running on a virtual machine.
However, if you want to aware that whether the Edge is running in Defender Application Guard or not; you can see an icon right to the URL bar. Click that and it will show “You are browsing in Application Guard for Microsoft Edge. This helps keep your computer safer by creating a separate browsing environment.”
If you go to Settings, a message appears “Your browser is managed by your organization”. Well, you can access all settings of the browser as you do in a normal session including Extensions, Import of bookmarks, Save data to clipboard or paste from the clipboard, and more… But things like Sign in with a Microsoft or company account and Store files outside of the sandbox will not be available to use.
How to Enable Application Guard features for Edge browser
Well, few features will not be accessible while using Edge on Defender Application Guard unless you enable them manually from the setting such as Saving of Edge Data, Copy-paste from the Application Guard for Microsoft Edge, Print files, Camera and microphone, and Advanced Graphics. Thus, to use them follow the below steps…
- In the Windows 10 Search box type- Windows Security.
- Select App & browser control.
- Select the “Change Application Guard Settings” link from the right-side panel.
- Now, you will have all the settings related to Guard. Enable the one you want such as copy-paste.
Disable or Uninstall
Well, you can either go to the Turn windows feature on or off, from where you have enabled this Sandbox feature. And just uncheck it again to revert to old settings. Alternatively, click on the link given in Windows Security under Apps & Browser control to uninstall Application guard.
Or Directly run the below command in PowerShell as Admin.
Disable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard
Thus, this was the way to use this Edge Sandbox feature while running the whole system in a normal regular environment. Whatever happens in the sandbox stays in the sandbox. So if you actually land on a malicious site, it cannot access the actual system. This means some possible threat, malicious file, script, code, or any other type of infected file will remain trapped in the sandbox and automatically disappear unless and until you enable copy-paste feature and deliberately copy some file from sandbox to your main system.
Thus, saying that the Application Guard is primarily intended for use in companies will not be wrong. Also, remember one thing, after enabling this feature you perhaps face slow down or some issues with VirtualBox or Vmware Workstation player VMs. Know about this Windows 10 feature from the official website.