Microsoft Office 365 gets ‘Application Guard’ that opens documents in Hyper-V sandbox to prevent cyberattacks

Microsoft Office 365 Application Guard
All Microsoft 365 users get Application Guard. Pic credit: Pixaline/Pixabay

Microsoft has confirmed it is offering Application Guard to users of Microsoft 365, formerly known as Office 365. The advanced threat perception and protection engine isolates files to thwart cyberattacks.

Microsoft had launched several new security features for Microsoft 365 last year. One of the features was Application Guard. The company has now confirmed the general availability of Application Gard for all users or subscribers of Microsoft 365.

What is Microsoft Application Guard?

Application Guard is essentially a sandbox protection platform. It basically puts documents from untrusted sources in a container before opening them. The process essentially isolates the entire desktop PC, laptop, or smartphone from the files.

At its core, Microsoft Application Guard for Microsoft 365 is a virtual container. It relies on the Hyper-V-based virtual containers to create a strong digital perimeter for every file that Microsoft 365 subscribers receive or gain access to. Incidentally, the feature can also shield users from kernel-based attacks owing to the Hyper-V-based containers.

There are several ongoing attempts to gain unauthorized access to computers with files that are loaded with malicious code. Advanced Persistent Threat (APT) groups as well as virus or malware creators routinely deploy mass emailing campaigns with Trojan-laced files.

Microsoft has confirmed that it analyzes every malicious attack contained by Application Guard to bolster its threat intelligence. In other words, the platform uses Artificial Intelligence to continually learn from the threats it handles. Needless to add, the new security feature should get better as it fields more malware and viruses embedded within seemingly innocent-looking files and email attachments.

How does the security feature differ from Protected View and how to activate it?

Microsoft 365 and even Microsoft Office productivity suites come with ‘Protected View’. It is the first but elementary line of defense.

Protected View opens documents in read-only mode. It essentially disables editing and macros. However, users can still download and open the file.

There have been several malicious campaigns involving files that users merely need to download and open. Users need not exit the Protected View to activate the hidden virus or malware.

Taking protection much further, the Microsoft Application Guard opens files in a virtualized sandbox. Users can perform all the relevant functions such as editing or printing the documents.

While users are working on the files, they remain inside the Hyper-V containers. Moreover, if the platform determines that the file is from untrusted sites, it stores the same in potentially unsafe folders or networks. Moreover, it blocks the documents using ‘File Block’.

Strangely, Microsoft has chosen to keep the security feature off by default. In other words. Administrators will need to activate the same. Moreover, they will need to set the right policy for each user in an organization.

Microsoft Application Guard for Microsoft 365 cloud-based productivity suite is available to customers on Current Channel and Monthly Enterprise Channel. The company has indicated that Semi-Annual Enterprise Channel will receive the feature later this year.

Users can choose to disable Application Guard protection for a specific file. Needless to add, users will need to be very confident and trusting of the file’s source and sender.

If enabled, the platform will scan any suspicious file with the Safe Documents feature. Incidentally, Application Guard and Microsoft Defender for Office 365 combined, currently protect files and emails.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x