Microsoft is working on a new security feature for Windows 10’s Edge web browser designed to let businesses and other enterprise customers keep computers safe from malware.
IT administrators can basically create a list of trusted websites that can be accessed normally. Any time a user opens a site that’s not on that list, Edge will run in a virtualized environment that keeps the browser separate from everything else on your PC.
Since Edge is basically running in a virtual machine, it won’t have access to your computer’s local storage… and that means any malware you accidentally download from the web will be contained in the virtual machine. Close the browser session and any malicious software you downloaded disappears.
Microsoft has a catchy name for this new feature: Windows Defender Application Guard for Microsoft Edge. OK, maybe not so catchy. But it’s still useful, since it essentially creates a temporary new instance of Windows with a separate Windows kernel. So even if you somehow corrupt that kernel, everything goes back to normal when you close the window.
You can still interact with your primary Windows environment while using Application Guard: while data from the browser isn’t saved, you can copy and paste content from a browser session to the Windows clipboard, for example.
So why not use the Application Guard every time you open a web page? Because then you wouldn’t be able to save cookies, login details, or other information that you might want to have when you login to trusted sites.
The Application Guard will only be available for Windows 10 Enterprise users at launch.
via Windows Blog