Microsoft equips Edge with hardware-based container

Microsoft has announced a new capability that will make its Edge browser the most secure web browsing option for enterprises: Windows Defender Application Guard.

Windows Defender Application Guard makes isolated sessions look different

Windows Defender Application Guard is a lightweight virtual machine that prevents malicious activity coming from the web from reaching the operating system, apps, data, and the enterprise network.

“Unlike other browsers that use software-based sandboxes, which still provide a pathway for malware and vulnerability exploits, Microsoft Edge’s use of Application Guard isolates the browser and employee activity using a hardware-based container,” Yusuf Mehdi, corporate VP, Windows and Devices Group, explained.

This virtualization technology extends beyond the kernel level.

The technology will be introduced in the next major Windows 10 update, and only in the Enterprise edition.

Enterprise administrators will be able to configure a trusted network site list policy and distribute it to devices across the network.

Websites that are considered untrustworthy (i.e. are not on the list) will automatically launch Microsoft Edge in an isolated session (a virtual container). Once that browsing session is closed, any malware that wanted to enter the network will disappear along with the container.

This also means that any cookies will be destroyed, too. This is the reason why the technology will not be extended to “regular” users for now, as it makes web browsing a less streamlined affair.

For now, Application Guard will only be available for Edge.