Microsoft Brings Hardware-Based Isolation to Chrome, Firefox
Microsoft this week made the Windows Defender Application Guard extensions generally available, which now provides hardware-based isolation to all Chrome and Firefox users on Windows 10.
First introduced in 2017 and designed to isolate browser-based attacks, the container technology has been available only to Microsoft Edge until earlier this year, when Microsoft released the Windows Defender Application Guard extensions to Windows Insiders.
The extensions leverage a native application that handles the communication between the browser and the device’s Application Guard settings and were designed to automatically redirect untrusted navigations to Windows Defender Application Guard for Microsoft Edge.
“When users navigate to a site, the extension checks the URL against a list of enterprise sites defined by enterprise administrators. If the site is determined to be untrusted, the user is redirected to an isolated Microsoft Edge session,” Microsoft explains.
The isolated Microsoft Edge session allows the user to freely navigate to any site that the organization hasn’t defined as trusted, while resting assured that the system is not at risk. When the user attempts to navigate to an enterprise site while in an isolated Microsoft Edge session, they are taken back to the default browser.
To configure the Application Guard extension under managed mode, admins should ensure the devices meet the necessary requirements, then turn on Windows Defender Application Guard, define network isolation settings, install the companion application from the Microsoft Store and the browser extensions, and then restart the device.
Microsoft also says it is being transparent about the installation of Windows Defender Application Guard and its purpose, and that a Windows Defender Application Guard landing page will be displayed in Firefox and Chrome after the extension has been installed and configured. Users will also receive information on how to resolve issues with the configuration.
To initiate an Application Guard session without entering a URL or clicking on a link, users need to click on the extension icon on the menu bar of the browser.
Microsoft points out that hardware-based isolation has been introduced in Windows 10 to improve the platform’s security, and is a critical component of the attack surface reduction capabilities in Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) and Microsoft Threat Protection.
“With the new Application Guard extension for Google Chrome and Mozilla Firefox, customers can extend the security benefits of isolation in their environments and further reduce attack surface. Customers can confidently navigate the expansive internet with protection for enterprise and personal data,” the software giant says.
Microsoft has made the Windows Defender Application Guard extensions for Chrome and Firefox available for Windows 10 Professional, Enterprise, and Education SKUs, version 1803 and later with latest updates.
Related: Site Isolation Is Coming to Firefox