Microsoft Application Guard helps protect against malware in Office documents by opening each document in its own segregated virtual machine.
Microsoft says in the release notes:
Application Guard is a virtualization-based sandbox that’s used to isolate untrusted documents you may encounter. It brings the same technology that powers Azure to your desktop.
Untrusted documents are opened in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if a document is malicious, the host PC is protected and the attacker can’t access your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t access your employee’s enterprise credentials.
Email is the primary delivery mechanism for targeted ransomware and Microsoft’s new service offers a novel solution. Each time a suspicious document needs to be open, a new secure container is automatically created and the document is opened within that container – isolated from the host device and the rest of the corporate network.
Application Guard is currently in public preview for eligible Office 365 users.
Microsoft Office also offers a Protected View mode which disables editing and macro execution when a file is opened from an untrusted location including being an attachment in outlook which came from outside the organisation. Network Managers can further configure the behaviour of Protected View to optimise the protection for their network to block certain file types.
“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”
Aim Ltd Chief Technology Officer (CTO)