Protect Office documents from malware

Microsoft Application Guard for MS-Office Protect Office documents from malware

Application Guard is a technology in Windows 10 that can use protection functions to protect your browser and PC from malware. Microsoft is extending its functionality to Microsoft Office to be able to better protect documents from attackers.

So far, Microsoft has only made Defender Application Guard security technology available in Windows 10 for the Microsoft Edge browser. There is also one Extension for Google Chrome and Microsoft FirefoxHowever, applications outside of the browser are not yet supported.

We have discussed the functionality in detail in the article “Safe Browser with Windows Defender Application Guard”. In the post we also show you setting up and using Defender Application Guard in a video.

Advantages of using Application Guard for Microsoft Office

If Application Guard for Microsoft Office is in use on a Windows 10 Enterprise PC, users can edit and use Office documents sent from the Internet without any other distractions and without changing settings.

Application Guard locks the document so that potentially malicious code cannot be executed and the document cannot leave the secure office environment. Application Guard isolates the document from the host operating system, but this also applies to the file system. So editing is a bit inconvenient.

Office programs protect computers from malware even without protecting applications. Protected View is used for this. However, in this case it is not possible to edit protected documents. Application Guard opens documents in an isolated environment where editing is also possible on the spot. The PC is still protected by Application Guard during processing. Users can read, edit, print and save files securely without having to reopen the files outside the container. Application Guard uses Hyper-V based containers which also protect against kernel based attacks.

Using Application Guard for Microsoft Office: Requirements

Microsoft 365 E5 subscribers and current Office version 16.0.13530.10000 can use computers with Windows 10 Enterprise version 2004 (20H1) and have the update installed. KB4571756 Safety function can be used.

The computer must also meet the same requirements here when using Defender Application Guard for Microsoft Edge. CPU virtualization functions must be active, and setup is possible on virtual computers via detours. At the same time, documents are scanned for malware using Microsoft Defender.

Additionally, administrators can configure Application Guard settings for specific file types. This allows special protection for different file types, for example for Outlook attachments, text files (.csv, .dif, .sylk), database files (.dbf), or files that come from the Internet. It can also protect files stored in potentially unsafe locations.

Install and set up Microsoft Defender Application Guard

How to install the functionality in Windows 10 Enterprise is shown in the article linked above. In addition to the option to install the optional Windows feature via “Optionalfeatures.exe”, the installation can also be done in PowerShell:

Enable-WindowsOptionalFeature -online -FeatureName Windows-Defender-ApplicationGuard

When used in professional environments, Application Guard can also be configured with local or group policies. The settings on English computers are in the path: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application Protection

Settings on German computers can be found in the following path: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application Protection<

The setting “Activate Microsoft Defender Application Guard in managed mode” is responsible for the configuration. In order to protect Microsoft Office also with Application Guard, the policy is activated and the value is set to 2 or 3.

If an Office program is now opened on your computer and a document is opened from the Internet, Office reports “For your protection, we will open this document in Application Guard” as soon as it starts. After the start, a corresponding message can also be seen in the menu bar at the top right.

At the same time, Application Guard also uses other policy settings that can be found in this path.

(ID: 47563694)