Skip to main content
Microsoft Security

Making Microsoft Edge the most secure browser with Windows Defender Application Guard

Innovation in the attack space is constant as adversaries increase in both determination and sophistication. In response to increased investments in defense, attackers are adapting and improving tactics at breakneck speed. The good news is that defenders are also innovating and disrupting long reliable attack methods with new technologies. In Windows 10 we’re not just delivering tit for tat point solutions for the latest attacks; instead we’re looking closely at the root causes and are transforming the platform such that we can eradicate entire classes of attacks. Some of the most impactful improvements will come by way of attack surface area reduction and architectural change. One example of these kinds of disruptive approaches can be found in Windows Defender Application Guard (WDAG).

WDAG introduces a slimmed down version of the Hyper-V virtualization technology to bring Azure cloud-grade isolation and security segmentation to Windows applications with Microsoft Edge. WDAG for Microsoft Edge is the strongest form of isolation today, and now with the recently released Windows 10 version 1709, also known as the Fall Creators Update, users of Windows 10 Enterprise can run the Microsoft Edge browser in a fully isolated hardware environment. Doing so provides the highest level of protection against zero-day exploits, unpatched vulnerabilities, and web-based malware. The WDAG container provides a temporary, contained environment for users to experience the Internet. The ability to refresh the container when a user logs off means malware does not have a place to persist.

Threat landscape

In recent years, software isolation of commonly attacked applications such as browsers and document readers have become ubiquitous. Software isolation seeks to contain the damage in the event an application is successfully compromised by an exploit. When sandboxes are in place, malicious code delivered by a successful application exploit is restricted from accessing data and resources on the host operating system, which prevents attacks from performing lateral movement or exfiltrating sensitive information.

Attackers have adapted their tactics rapidly in response to widespread sandboxing by shifting their attention to kernel attacks. In most software sandboxes, the kernel attack surface is left unrestricted providing attackers who have achieved code execution within a sandboxed app the opportunity to “escape” and escalate the attack. This growing trend is evidenced by the data collected by Microsoft threat analysts on the number of known kernel exploits for Windows

The sharp increase in recent years is attributed to attackers leveraging kernel exploits to escape software sandboxes. Security-conscious enterprises can augment Microsoft Edge top level exploit mitigation and isolation features with an additional layer of kernel protection provided by Windows Defender Application Guard for Microsoft Edge.

Virtualization-based isolation

Microsoft has moved to counter the increase in kernel attacks through a major technological breakthrough in sandbox technology. Leveraging the power of hardware-supported virtualization technology, Windows Defender Application Guard creates what can be thought of as a “miniature” version of the parent Windows OS to host Microsoft Edge when browsing the untrusted internet. In the event that a user clicks a link or visits a site containing a full exploit chain, the container “guest” kernel is fully isolated from the host machine that contains the sensitive or enterprise data and enterprise credentials. This means even a zero-day kernel exploit will only result in a container compromise, which means that user data, apps, the organization’s network, and the rest of the OS can remain secure. The container will be disposed of, removing all traces of the attack when the user logs off.

This isolation breakthrough was achieved by creating a new form of container technology that safely shares resources between a guest container and the parent OS. Unlike a standard virtual machine, the WDAG container technology securely shares DLL, executables, and other operating system resources between the guest and host, minimizing the resources needed to create a WDAG VM. As result, the unique disk footprint of the WDAG container image is an incredible 18 megabytes! In addition, the Windows operating system has been “enlightened” with full support for WDAG container apps, which includes the ability to suspend or deprioritize the container when not in use, helping to preserve battery life and make the experience of using a container app comparable to a native app. Core operating system functions like language settings, accessibility, and many other features all work across the container, making the advanced security provided by WDAG nearly transparent to the user.

Security is paramount to the value proposition for the WDAG container technology, so the Microsoft Offensive Security Research (OSR) and Windows Security Assurance (SA) partnered with the WDAG engineering team to build the technology securely from the ground up. The benefits of this partnership had a dramatic impact on WDDAG and the security promise we were ultimately able to make with it. The process we used will be detailed at the upcoming Microsoft BlueHat Conference as we think it represents a powerful model for future security-related research and development here at Microsoft. With WDAG now shipping, the effort to better secure it will continue; WDAG is continuously reviewed with a standing WDAG security bug bounty with payouts of up to $250K for discovery of issues effecting the hypervisor that it is built upon.

So in a nutshell, WDAG offers VM-grade isolation at significantly lower system resources and user experience cost.

WDAG management and Windows Defender ATP integration

User experience and isolation customizations are some of the most commonly discussed topics when we talk about isolation based security solutions. Windows Defender Application Guard offers several policies to let organizations customize the user experience and security policies based on the enterprise risk profile and security posture.

The most critical policy from a trust decision perspective is the network isolation policy that defines what URL or network locations are not managed or explicitly trusted by an enterprise and thus will open in the isolated container environment, versus those that will open on the native host browser. WDAG makes this simple to manage with options for IP- and host-based policy definitions. This policy is also shared across security features such as Windows Information Protection, where it is used to protect against enterprise data leakage

Clipboard and print policies control user initiated data exchange between Windows 10 host and the WDAG container. Persistence policy determines whether WDAG should discard all user generated session data (cookies, downloaded files, temporary Internet files etc.) on container recycle or preserve it for later use in the container.

For more details on the WDAG policies, please refer to product documentation.

For customers of Windows Defender ATP and Microsoft 365, WDAG offers deep integration with WDATP’s post-breach and EDR capabilities. This is an important integration point as it allows WDAG customers a view into any malicious attacks that have been prevented and isolated within the container and enables further remediation and defensive actions across the Windows multiple layers of security.

The WDATP team has developed a full range of container specific indicators of attack (IOAs) that are capable of detecting browser and kernel compromises. We recently demonstrated some of these capabilities in a Microsoft mechanics session that highlights the power of WDAG + WDATP as the pre- and post-breach solutions in a synthetic zero-day attack scenario:

Windows Defender ATP users benefit from an investigation experience that combines events from the container and host into unified timeline while still allowing container-specific investigation through visual cues and event filtering.

The combination of the pre-breach isolation capability of WDAG and the deep investigation and analytics provided by Windows Defender ATP can provide customers with a robust defense even against the most sophisticated apex attackers.

To test how Windows Defender ATP can help your organization detect, investigate, and respond to advanced attacks, sign up for a free trial.


Windows Defender Application Guard provides an additional hardware isolation-level capability on top of Microsoft Edge’s formidable exploit mitigation and sandbox features. This was enabled by engineering hardware container-based isolation capabilities into the Windows core. WDAG provides a near-native user experience with low resource consumption, deep OS enlightenment, and moderate hardware requirements. Enterprises deploying the Fall Creators Update can immediately deploy WDAG and enjoy the benefits of world-class hardware-rooted security that has enabled Microsoft Edge to become the most secure browser for enterprises.

David Weston (@dwizzzleMSFT)

Principal Group Manager, Windows & Devices Group, Security & Enterprise

Learn more about Windows 10 Fall Creators Update

Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Stopping ransomware where it counts: Protecting your data with Controlled folder access

Making Microsoft Edge the most secure browser with Windows Defender Application Guard

Introducing Windows Defender Application Control

Hardening the system and maintaining integrity with Windows Defender System Guard

Move away from passwords, deploy Windows Hello. Today!

What’s new in Windows Defender ATP Fall Creators Update

Antivirus evolved

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity.