Microsoft wants its security suite, Windows Defender , to offer users comprehensive protection for the entire system. Since the launch of Windows 10, this free antivirus has been improving and adding functions and shields to offer users the best protection. And little by little we are seeing how new functions and features come to this security software that will allow us to always be protected against all kinds of threats. And one of the last shields will be in charge of protecting us from all Office documents downloaded from the Internet that may be a danger to our security.
On the Internet we can find a large number of documents that, although they promise certain types of content, often hide all kinds of threats. In addition, Office documents are one of the most widely used forms of malware distribution through email, since it is very difficult to find malicious macros within these types of files.
Antiviruses usually detect these threats almost always. And the usual thing is that, when doing so, they delete the file from our computer. However, Microsoft has wanted to go further, and it is that, from now on, its security software will be able to isolate documents that may be a danger to our security.
Word, Excel, etc. files will open in an isolated environment
In a similar way to how Windows Sandbox works, Microsoft will make the security suite detect when an Office file comes from an untrusted source (mail, a website, etc.), and instead of opening it directly on our computer it will do so in an isolated environment. We can know that the document opens in an isolated environment because on the loading screen we will see that it opens in Application Guard , the Microsoft Defender security module.
Microsoft Defender will create a safe and isolated container thanks to hardware-based virtualization so that any user can open any document, read it, edit it, print and save it safely. The file that we save will be saved directly on our PC (not in the container) so that we can send it to other users.
In the event that the file contains malware, it will not affect our computer, since nothing that happens inside the container could endanger the security of our PC.
This feature won’t be for everyone
In order to use this security feature, we must meet the following requirements:
- 64-bit Intel Core i5 or higher processor of at least 4 cores with Intel VT-x or AMT-V.
- 8 GB of RAM.
- 10 GB of free hard disk space.
- Patch KB4566782 installed.
Without a doubt, this is a great security measure. But unfortunately, it is not for everyone. Microsoft will only take it (for now) to the Enterprise editions of Windows 10. Specifically to the 2004 version, and later, of the operating system. In addition, to enable it, users must have a subscription to Microsoft 365 E5 or E5 Security.
It will also be necessary to be subscribed to the Office 365 Beta channel in order to enable this new security measure. In a few months it will reach the stable channel and all users, who comply with the above, will be able to use this security measure.
Application Guard, the best Windows Defender feature for business only
Microsoft is taking the security of its operating systems and other products very seriously. However, keep in mind that some of the more advanced security measures, such as Application Guard, are only available to businesses.
If these security measures reached other Windows users, even if they were exclusive to Windows 10 Pro, it would greatly improve the security of Microsoft’s operating system. However, this is highly unlikely.
If we want to avoid risks, we can mimic this security feature using Windows Sandbox, or sandboxing tools like Sandboxie .