As of Jan 27, 2021, the Office Application Guard is now generally available.
Internet files and other potentially unsafe locations may contain viruses, worms, or other types of malware that may harm the computer and data of your users. Office opens files from potentially unsafe locations in the Application Guard, a secure container isolated from the device via hardware-based virtualization, to help protect your users. When Office opens files in the Application Guard, users can read, edit, print, and save files securely without having to re-open files outside the container. This feature will be disabled by default.
Here’s the installation guide to get started:
Application Guard for Office 365 for admins – Office 365 | Microsoft Docs
Customers have received a post from the Message Center on Wednesday, 1/27/2021. Microsoft’s 365 Roadmap Featured ID is 67101. Application Guard for Office is only accessible that have a Microsoft 365 E5 or a Microsoft 365 E5 Security license.
Defender Application Guard for Microsoft Office
Defender Application Guard for Microsoft Office helps prevent untrusted files from trying to access trusted resources, keeping your business safe from new and emerging attacks. This article walks admins through the setting up of the Office Application Guard preview devices. It provides information on system requirements and installation steps to enable Office Application Guard on a device.
- CPU: 64-bit, 4 cores (physical or virtual), virtualization extensions (Intel VT-x OR AMD-V), Core i5 equivalent or higher recommended
- Physical memory: 8-GB RAM
- Hard disk: 10 GB of free space on the system drive (SSD recommended)
- Windows 10: Windows 10 Enterprise edition, Client Build version 2004 (20H1) build 19041 or later
- Office: Office Current Channel Build version 2011 16.0.13530.10000 or later. Both 32-bit and 64-bit versions of Office are supported.
- Update package: Windows 10 cumulative monthly security update KB4571756
How do I enable Application Guard?
Organizations with Microsoft 365 E5 or Microsoft 365 E5 Mobility + Security licenses can use Application Guard. Users in those organizations must be using Microsoft 365 enterprise apps on the Current Channel or the Monthly Enterprise Channel. Organizations can get Microsoft 365 E5 or Microsoft 365 E5 Mobility + Security from office365.com/setup.
When will a file open in Application Guard?
If Application Guard is enabled, files that are currently open in Protected View will be opened in Application Guard. These are some examples:
- Files originating from the internet: Files downloaded from domains that aren’t part of your device’s local intranet or a Trusted Sites domain, files received as email attachments from senders outside your organization, files received from other types of internet messaging or sharing services, or files opened from a OneDrive or SharePoint location outside your organization are all examples of this.
- Files that are located in potentially unsafe locations: This refers to unsafe folders on your computer or network, such as the Temporary Internet folder or other folders assigned by your administrator.
- Files that are blocked by File Block: File Block prevents the opening of outdated file types, opens your file in Protected View, and disables the Save and Open features.
Because Office documents are a popular vector for attacks, this new security feature will help your organization stop Office file attacks by keeping them contained. This enhanced security feature will boost user productivity across your enterprise.
Author: Jace Mrazz is a Microsoft Office expert with 5 years of experience in the technology industry. He has written technical and SEO blogs, white papers, and reviews for a variety of websites including office.com/setup.