K
Kate Li
Guest
Today, I will introduce some new changes of WDAG in 1809 version for your guys.
As we know, Windows Defender Application Guard is designed to prevent attacks on local machines and from expanding malicious activity throughout a corporate network.
We can enable this feature via Windows Features and configure it via Change Application Guard settings interface.
WDAG makes two progress in version 1809
1. New user interface in Windows Security (Previous called windows defender security center)
WDAG was first introduced in 1709, and the configuration could be only made in GPO as below:
For detailed GPO configuration, please refer to Configure Windows Defender Application Guard policy settings
Computer Configuration\Administrative Templates\Network\Network Isolation
Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard
Here in 1809, Windows Defender Application Guard (WDAG) introduces a new user interface inside Windows Security. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without changing registry key settings.
Here are what we can configure in Change Application Guard Settings. Changes take effect after restarting the PC. For the rest of settings, we still need to work out in Group policy.
Additionally, users under enterprise policies can see what their administrators have configured for their machine and better understand the behavior of Windows Defender Application Guard. The new UI improves the overall user experience as users manage to check their Windows Defender Application Guard settings. These settings will appear in Windows Security for all devices meeting minimum system requirement.
2. New policies have been introduced.
Group Policy: Computer Configuration\Administrative Template\Windows Components\Windows Defender Application Guard
Allow camera and microphone access in Windows Defender Application Guard
Settings/AllowCameraMicrophoneRedirection
After learning the above content, I believe you have a general sense of the changes in 1809 Windows Defender Application Guard. I look forward to meeting you again.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
More...
As we know, Windows Defender Application Guard is designed to prevent attacks on local machines and from expanding malicious activity throughout a corporate network.
We can enable this feature via Windows Features and configure it via Change Application Guard settings interface.
| Note: Windows Defender Application Guard cannot be installed on virtual machine, because the processor doesn’t have required virtualization capabilities. Require for CPU virtualization extensions: Extended page tables, also called Second Level Address Translation (SLAT) and VT-x (Intel) or AMD-V For testing and automation on non-production machines, you may enable WDAG on a VM by enabling Hyper-V nested virtualization on the host. |
WDAG makes two progress in version 1809
1. New user interface in Windows Security (Previous called windows defender security center)
WDAG was first introduced in 1709, and the configuration could be only made in GPO as below:
For detailed GPO configuration, please refer to Configure Windows Defender Application Guard policy settings
- Network isolation settings
Computer Configuration\Administrative Templates\Network\Network Isolation
- Application-specific settings
Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard
Here in 1809, Windows Defender Application Guard (WDAG) introduces a new user interface inside Windows Security. Standalone users can now install and configure their Windows Defender Application Guard settings in Windows Security without changing registry key settings.
Here are what we can configure in Change Application Guard Settings. Changes take effect after restarting the PC. For the rest of settings, we still need to work out in Group policy.
Additionally, users under enterprise policies can see what their administrators have configured for their machine and better understand the behavior of Windows Defender Application Guard. The new UI improves the overall user experience as users manage to check their Windows Defender Application Guard settings. These settings will appear in Windows Security for all devices meeting minimum system requirement.
2. New policies have been introduced.
Group Policy: Computer Configuration\Administrative Template\Windows Components\Windows Defender Application Guard
Allow camera and microphone access in Windows Defender Application Guard
- MDM: WindowsDefenderApplicationGuard.CSP
Settings/AllowCameraMicrophoneRedirection
- MDM: WindowsDefenderApplicationGuard.CSP Settings/CertificateThumbprints
- Group Policy: Computer Configuration\Administrative Template\Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the user’s device
After learning the above content, I believe you have a general sense of the changes in 1809 Windows Defender Application Guard. I look forward to meeting you again.
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
More...