The Edge browser was built for Windows 10 from the ground up – it might use the same base as Internet Explorer, but it has built on top of it with advanced features. One such advancement is the upcoming ‘Application Guard’ feature.
Coming to Windows 10 Enterprise edition sometime early next year (perhaps Redstone 2?); system and network administrators will be able to build a list of trusted sites that the employees can visit on their computers. It is essentially a whitelist – anything that is not in this whitelist will be opened by Edge within a “virtual machine” of sorts.
Microsoft is calling this feature ‘Windows Defender Application Guard’ and while the full name is a mouthful – it’s explanation is a lot simpler.
Windows Defender Application Guard is a ‘Virtualization Based Security’ or VBS; Microsoft claims this is the first time an operating system + browser is shipping with technology such as this.
Essentially, a website that opens under the ‘Application Guard’ will be opening within a light-weight hardware-virtualized system that goes beyond the Windows kernel. You can’t get security any better than this.
Now you might be wondering, Chrome already advertises itself as a sandboxed browser – so it must be doing something similar. Although Chrome is sandboxed – as advertised – it is still done on the software level, and there are still several holes left in the security for malware to exploit.
Edge is gracefully spinning a virtual computer where malware can attack if it wants to – but none of that would affect your actual PC. The browser tab in Edge is completely isolated from the rest of the computer at a hardware level.
Issues & Availability
For now, considering Ignite is an enterprise event (for the most part), this technology will remain exclusive to Windows 10 Enterprise.
Perhaps at some point in the future, we might get something similar for the consumer version of Windows 10 and Edge, but that is not happening anytime soon.
Windows 10 Enterprise will get these features sometime early next year, so this could be included in the Redstone 2 update itself.
One of the issues with this virtualization is also that it won’t save any of the cookies or other data that the website generates – because all of it is wiped clean when the tab is closed at a hardware level. Bringing this to the consumer version of Windows 10 and Edge can be problematic due to this.
It can, however, come handy when you need to get information from a compromised website, ending up being useful even with its limitations.