Application Guard for Office is the new up and coming security technology from Microsoft.  And Microsoft are giving the public a seek preview, as they edge closer to general availability of the new security technology for Microsoft 365 apps. Most importantly, the Application Guard for Office gives IT admins and security staff a little more confidence that staff opening high-risk attachments aren’t going to cause a malware outbreak. And that’s good news!

It also offers additional protections for the Office suite such as Word, Excel, and PowerPoint for Microsoft 365 and Windows 10 Enterprise. 

Application Guard for Office or Microsoft Defender Application Guard for Office as it’s also known, according to Microsoft say it “helps prevent untrusted files from accessing trusted resources, keeping your enterprise safe from new and emerging attacks”.

Firstly, back in February at their private preview of Application Guard for Office release Microsoft extended a feature that up until that point had only been available for the new Edge browser.

What was the feature you ask? Well the feature:

  1. allows users to open websites safely with the protection of hardware-level containerization.
  2. isolates browser processes from the underling operation system and the device.

Microsoft said in a recent blogpost about the public preview, “in Application Guard Office opens files from potentially unsafe locations, in a secure container that is isolated from the device through hardware-based virtualization.”

To clarify this point, Microsoft explain, “when Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to reopen files outside the container.”

Who is the feature available to? Well the feature:

  1. is off by default
  2. is available to customers that have a Microsoft 365 E5 or Microsoft 365 E5 Security licenses.

What do I need to have to in order to set up the feature? Well the feature:

  1. needs a PC to be on Windows 10 Enterprise edition, build version 2004, 20H1, 19041
  2. requires the Office Beta Channel Build version 2008 16.0.13212 or later

As outlined in Microsoft’s technical documents. 

Therefore, Microsoft Defender Advance Threat Protection (ATP) for short, works with Application Guard for Office for monitoring and providing alerts about malware in the isolated environment.   

Microsoft has confirmed that the technology does create a few restrictions. For instance,

  1. it stops an untrusted document from accessing trusted resources. So, Admins in that case will need to turn off the feature to access files across boundaries, if the user needs.
  2. both macros and ActiveX controls are disabled in Application Guard for Office.

Office 365 E5 is a product taken up by Executives such as CFO, CEO’s and admins that require advanced security and other features. So, having Application Guard for Office added on as a “feature” that allows you to open attachments without fear of malware, will ensure the security for those most targeted accounts. And that’s welcomed news for business.