Tag: Edge

Last updated by at .

Microsoft Edge Windows Defender Application Guard

Enable Windows Defender Application Guard on Windows 10 using PowerShell

A couple of days back I saw a tweet form Stefan Stranger (Consultant at Microsoft) which reminded me of a feature called Windows Defender Application Guard, which is included in Windows 10 Enterprise since the Fall Creators Update (1709). If you have never heard of Application Guard, you might want to check out this blog post: Introducing Windows Defender Application Guard for Microsoft Edge

Basically Windows Defender Application Guard starts Microsoft Edge in a Hyper-V Container and uses Hyper-V isolation. So if a user browses on a malicious site, the site is separate from the host operating system.

Application Guard Hardware Isolation

What is Windows Defender Application Guard and how does it work?
Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. As an enterprise administrator, you define what is among trusted web sites, cloud resources, and internal networks. Everything not on your list is considered untrusted.

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can’t get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can’t get to your employee’s enterprise credentials.

Source: Windows Defender Application Guard overview

Usually Windows Defender Application Guard is configured using a Enterprise devices management tool like System Center Configuration Manager, Microsoft Intune or another third-party tool. But if you want to use this on your standalone Windows 10 PC you can also do this using PowerShell.

The only thing you need to run this is:

  • Windows 10 Enterprise 1709 (Fall Creators Update) or higher
  • A computer which supports Hyper-V
    • A 64-bit computer with minimum 4 cores is required for hypervisor and virtualization-based security (VBS)
    • Extended page tables, also called Second Level Address Translation (SLAT)
    • One of the following virtualization extensions for VBS:
      • Intel VT-x
      • AMD-V
    • Microsoft recommends 8GB RAM for optimal performance
    • 5 GB free space, solid state disk (SSD) recommended
    • Input/Output Memory Management Unit (IOMMU) support is strongly recommended
  •  Microsoft Edge and Internet Explorer

Enable Windows Defender Application Guard using PowerShell

You can simply install Application Guard using the following command:

New Application Guard Windows in Microsoft Edge

This will reboot your computer and after this you will be able to open a new Microsoft Edge windows in Application Guard.

Microsoft Edge Windows Defender Application Guard

This does added some extra security, however it does not really protect against like the Meltdown and Spectre attacks.

Application Guard Virtual Machine Worker Process

If you have a look at the processes running on your computer you can now see that there is a new Virtual Machine Worker Process which is used by the Application Guard.

This is a great example how the Hyper-V isolation can not only be used for Hyper-V Virtual Machines but also other features like Hyper-V Containers or for example on the Xbox One.

Open website from PowerShell

Open website from PowerShell

If you want to directly open a website from the PowerShell console, you can use the Start-Process cmdlet. This will open the website in the default browser:

You can also use “Start” which is an alias for Start-Process:


OneNote Overview

This is why OneNote is awesome

Well I know I normally blog more about Microsoft Datacenter and Cloud stuff especially Hyper-V and System Center, but I am a huge fan of Microsoft’s Office Suite. I really live in Outlook and Microsoft OneNote. I organize my private life, my work and university notes in OneNote.

I get often ask by customers or friends how I work and how I get things done. In this case I always show them OneNote, which is maybe one of the best keep secrets inside Microsoft. This post shows you why OneNote is awesome and shows you some of the hidden features you didn’t know about.

If you have more hidden features leave a comment on the post.

OneNote Dock to Desktop

OneNote Dock to Desktop Title

With the Dock to Desktop feature you can keep your notes visible by anchoring an OneNote window to the side of your desktop. Your notes will stay on top of your desktop while you are working in other programs.

Dock to Desktop

Linked Note taking


OneNote Linked Note Talking

While you are using the Dock to Desktop mode you can enable Linked Note Taking. This will automatically create a link to the page or office document you have open while you have taken note. This is perfect, while I was write a whitepaper for university and I had to do a lot of research I used this feature. While I was write the document I had to mention the sources as foot notes and sometimes it’s hard to find the source of something you have found on the internet. With linked notes I only had to check my nodes and all the sources and references were linked.

 Visio Integration

OneNote Visio Integration

A lot of other Microsoft products to integrate into OneNote. One of them is Visio, if you have Visio installed on our computer you can add an existing Visio diagram to you notes. You can also directly create a new Visio diagram from OneNote and add it to your notes.