Windows Defender Application Guard hopes to make Microsoft Edge the safest and most secure browser

In the face of dwindling market share and fierce competition, Microsoft appears to be doubling its efforts to make its new Internet browser offering a highly functional part of its Windows 10 strategy. The Microsoft Edge browser thus far has been a fairly lightweight and speedy experience for users, perhaps achieved by the applications lack of features to date, but over the past two years, the Edge engineering team has been slowly targeting user feedback while adding new and familiar user experiences.

Next up on the docket for Edge user experiences is the introduction of Windows Defender Application Guard. According to the Microsoft Edge team, the new Windows 10 browser has the “fewest vulnerabilities of any major browser on Windows” since its release and its seems the new WDAG is an attempt at keeping that title.

What the Edge team is trying to accomplish

We’re taking a systematic approach to disrupting these attackers by providing our customers with the tools they need to defend against these vectors of attack. Application Guard is designed to stop attackers from establishing a foothold on the local machine or from expanding out into the rest of the corporate network.

By using our industry leading virtualization technology, potential threats are not only isolated from the network and system but will be completely removed when the container is closed.”

How it works

The nuts and bolts of Application Guard are that it leverages Microsoft’s Cloud to disrupt the attack flow of would-be nefariously engineered websites.

Application Guard creates a new instance of Windows at the hardware layer, with an entirely separate copy of the kernel and the minimum Windows Platform Services required to run Microsoft Edge. The underlying hardware enforces that this separate copy of Windows has no access to the user’s normal operating environment.

Application Guard’s enforcement includes completely blocking access to memory, local storage, other installed applications, corporate network endpoints, or any other resources of interest to the attacker. This separate copy of Windows has no access to any credentials, including domain credentials, that may be stored in the permanent credential store.”

The Edge team has also engineered this safeguard with developers in mind. Going forward, the cost of Application Guard compliance is zero. Thanks to Edge rendering a site the same way it does in a host version of Windows, by creating temporary containers that are destroyed after visits, site developers can leave Microsoft to do the heavy lifting of safeguarding users. There’s no developer fuss with having to account for different browser behaviors or cookies and caches being locally stored.

Edge sandboxing

Edge sandboxing

Microsoft’s Edge browser has been slowly adding back old internet browsing features such as extensions while also supporting new standards and technologies that will hopefully make it far more robust than its seemingly proprietary processor Internet Explorer. Let us know in the comments if you’re excited to see Microsoft maintaining its commitment to security.

Share This
Further reading: , , , , , , ,