News

Microsoft Defender Application Guard for Office Hits Public Preview

Aimed at top-tier Microsoft 365 subscribers, the Microsoft Defender Application Guard for Office solution (also called "Application Guard for Office") became available for public preview this week.

The solution is designed to "isolate untrusted documents away from the system," Microsoft explained in a document on the topic. It adds a virtualized container or "sandbox" for users of Microsoft 365 productivity applications, such as Excel, PowerPoint and Word. It lets end users safely view and open attached Microsoft 365 application files in e-mails. Any scripts (macros or ActiveX controls) or malicious links in those files, when activated, don't escape the sandbox.

Application Guard for Office, while seemingly useful for all Office users, is just aimed at Microsoft 365 E5 plan subscribers. The licensing requirements for the product, when generally released, will be subscriptions to "Microsoft 365 E5 or Microsoft 365 E5 Security" licensing.

Requirements for testing the preview include having Windows 10 version 2004 (build 19041) Enterprise edition and Office 365 version 2008 (build 16.0.13212 or later). In addition, security update KB4566782 needs to be installed. There's also hardware requirements for client devices, such as Intel Core i5 or equivalent at minimum, 8GB of RAM and 10GB of storage space.

End users get a warning pop-up box when documents get opened using Application Guard for Office. An opened document will show another pop-up notice in the ribbon menu, and there will be a shield icon displayed in the taskbar. However, it's still possible for end users to remove the Application Guard for Office protection on a document if they trust the source.

In addition, it's possible for users to save a copy of an untrusted file, which lets them work on it in the container. Untrusted files from outside the organization appear as "read-only" files to end users.

IT pros can set certain policies for Application Guard for Office, such as disabling copy-and-paste actions, restricting printing and turning off app access to a device's microphone and camera.

Back in February, this solution was at the "limited preview" stage and went by the name "Application Guard for Office 365 ProPlus." (In April, Microsoft switched the Office 365 ProPlus product name to "Microsoft 365 Apps for enterprise," by the way.) Now this security solution is called Microsoft Defender Application Guard for Office, but it's just for top-of the-line Microsoft 365 E5 subscribers.

When Application Guard for Office reaches general availability, it'll be turned off by default for Microsoft 365 E5 tenancies, the announcement indicated. A listing in the Microsoft 365 Roadmap showed Application Guard for Office getting a product release in December.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.