Home > Wiki Tips

Understanding & Enabling Windows Defender Application Guard

Published/Updated on Saturday, January 25, 2025

M3 Software author Yuri Zhang

Written by

Yuri Zhang

English

Summary: This post helps comprehend Windows Defender Application Guard, how to enable it to defend your PC including its extension and Managed Mode. If it's unavailable in your device, its alternatives are covered here.

Windows Defender Application Guard

 

"Windows Defender Application Guard" and "Microsoft Defender Application Guard" refer to the same feature. To avoid threats such as phishing, drive-by downloads, and malicious web scripts, use Windows Defender Application Guard to isolate web browsing and untrusted files in a secure environment. 

Now let's have a command of Windows Defender Application Guard's protection, extensions, and Managed Mode from this article. Whether browsing the web or opening unknown email attachments, WDAG acts as a safeguard.

What is Windows Defender Application Guard (WDAG)? 

Windows Defender Application Guard is a feature built into Windows 10 and Windows 11 (Pro and Enterprise editions) that isolates potentially dangerous websites or files in a secure, sandboxed environment. By doing this, it prevents any malicious content from accessing your personal files or system settings.

Originally branded as Windows Defender, Microsoft rebranded it as Microsoft Defender in 2020, but the functionality of Application Guard remains the same. Whether you refer to it as Windows Defender Application Guard or Microsoft Defender Application Guard, the feature is designed to protect users against web-based threats by ensuring potentially dangerous web pages and files run in an isolated virtual container.

Key features of Windows Defender Application Guard

  • Microsoft Edge automatically opens untrusted websites in an isolated container to prevent any malicious content from harming your device.
  • Files from untrusted sources (like email attachments) are opened in a secure container to keep them isolated from your system.
  • Once enabled, WDAG integrates seamlessly into Microsoft Edge to ensure that untrusted websites are handled securely without requiring user intervention.
  • After closing an isolated session, all data associated with the session, including cookies and downloads, is discarded, ensuring there's no lasting impact on your system. 

Share these insights and continue to read the detailed tutorial to protect your Windows device.

 

How to enable Windows Defender Application Guard 

Step 1. Enable Windows Defender Application Guard in Windows Features:

  1. Press Windows + R, type optionalfeatures, and hit Enter.
  2. Scroll down and check the box next to Microsoft Defender Application Guard.
  3. Click OK and restart your computer.

Enable WDAG in Windows Features 

Step 2. Enable WDAG in Microsoft Edge:

Once WDAG is enabled in Windows, you need to activate it in Microsoft Edge.

  1. Open Microsoft Edge.
  2. Go to Settings > Privacy and Services > Security.
  3. Toggle on Use Microsoft Defender Application Guard for Microsoft Edge.

This ensures that websites flagged as untrusted are automatically opened in an isolated container.

Microsoft Edge Settings

What is the Windows Defender Application Guard extension? 

In addition to its core functionality, Windows Defender Application Guard integrates with Microsoft Edge through an extension. The extension works as a layer that manages the interaction between Edge and MDAG. When MDAG is enabled, the extension automatically opens any untrusted websites (those that Microsoft Defender identifies as potentially harmful) in a secure, isolated container.

What is the Managed Mode for WDAG? 

Managed Mode is particularly useful in organizations where employees regularly interact with untrusted content, such as email attachments, external websites, or unknown downloads. By enforcing specific security policies, admins can ensure that WDAG is used consistently and effectively.

How to Enable WDAG in Managed Mode 

For Enterprise environments, Managed Mode can be configured through Group Policy or Mobile Device Management/ MDM (like Intune):

Option 1. Enabling WDAG Managed Mode via Group Policy

  1. Press Windows + R on your keyboard to open the Run dialog.
  2. Type gpedit.msc and press Enter. This will launch the Group Policy Editor.
  3. Navigate to Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Application Guard.
  4. Enable the setting for “Turn on Microsoft Defender Application Guard”.
  5. Select Managed Mode to enforce enterprise-level security policies.

 Note: The Group Policy Editor is available on Windows Pro, Enterprise, and Education editions. It's not available on Windows Home.

Enable WDAG in Manged Mode

Option 2. Enabling WDAG in Managed Mode via Intune 

  1. Sign in to the Microsoft Endpoint Manager Admin Center.
  2. Create a new Configuration Profile with Administrative Templates.
  3. Configure the Microsoft Defender Application Guard settings to enforce Managed Mode.

This setup allows administrators to centrally manage the deployment and enforcement of WDAG across all managed devices.

Alternatives to Windows Defender Application Guard 

If you're using Windows Home Edition, you can't use Windows Defender Application Guard (WDAG), but there are still several alternatives to keep your system safe when browsing risky websites or dealing with unknown files.

  • Sandboxie is a free tool that lets you run programs or browsers in a secure, isolated environment.
  • Microsoft Defender SmartScreen is a built-in feature in Windows Home that helps protect you from malicious websites and files.
  • Cloud-based browser isolation-third-party services like Cloudflare Browser Isolation or Menlo Security isolate web traffic in the cloud, preventing malicious sites from ever touching your local system.
  • Virtual Machine (VM) lets you run a separate computer inside your current one. This is useful for isolating risky browsing or testing files.

These features can complement WDAG by offering additional layers of protection against various threats.

Conclusion

Windows Defender Application Guard (WDAG) is a crucial security feature that helps safeguard your system from malicious websites, files, and other web-based threats. Whether you're using it as an individual or managing it across an enterprise, WDAG provides a robust solution for isolating potentially harmful content in a virtualized container.

The Managed Mode ensures that enterprises can enforce consistent security policies, while the extension for Microsoft Edge makes it easy to use this feature without extra configuration. With its continued relevance in Windows 10 and Windows 11, WDAG remains a powerful tool in the fight against cyber threats.

Also read:

Microsoft To Do App: Download and Uses It with Strategy 
Comprehending & Troubleshooting Error Image 
How to Turn Off Windows Defender Swiftly

Share and comment to let me know if you need further details on any section!

 

M3 Software author Yuri Zhang
Yuri Zhang

Yuri, a chief writer at M3 Software, has excelled at computer-related expertise in Windows, BitLocker, macOS, data security, disk management, and other cyber-knowledge. She is overwhelmed with joy by outputting specialized content, and she will keep going in the career of a pro-editor and help computer users to the greatest extent.

About | Refund Policy | Privacy Policy | Uninstall | Contact Us
Copyright© 2024 M3 Software. All Rights Reserved.