With the release of Window 10, Microsoft introduced a new browser called Edge. As the successor to IE, the browser stripped away legacy code in favor of a modern environment that the company hoped would be a success with consumers and the enterprise but the initial reception was not as warm as they had hoped.
The release of the Anniversary update included a number of new features for Edge such as extension and at Ignite this week, the company has started to detail new features coming with the next major release of Windows arriving in 2017. Like many of the topics this week at Ignite, Edge is getting a new security feature that will better protect corporate networks.
Windows Defender Application Guard is coming to Edge in 2017, Windows Insiders will gain access to the feature much sooner if they are running the Enterprise SKU, and it utilizes virtualization-based security technology that uses isolated containers built directly into the hardware to prevent malicious code from moving across employee devices and the corporate network.
How it works is that if a user clicks on a link that goes to a domain that is not on an approved list, as determined by network administrators, Edge will open the link in an isolated container, at the hardware level, to keep any malicious attacks generated by the user clicking on a link, to be contained in a locked-down instance of the browser. The goal is to contain any potential threat that may arise by the user clicking the link and if needed, to be able to quickly eliminate it in the isolated environment.
When talking to Microsoft about this new feature, they highlighted some challenges that they have to overcome; namely performance. Once a user launches a page in this mode, things like hardware acceleration no longer function which means videos and pages with lots of graphics will have degraded performance.
Windows Defender Application Guard is still in the early phases of development and the company hopes to make the new feature appear more fluid to the user by the time this feature reaches production. For now, know that they company is working on a new way to help stop one of the most pervasive threats to corporate network integrity: users clicking on malicious links.
Putting a browser in a container to isolate a threat is not a new idea but Microsoft claims that they have built a better mousetrap. They state that current browsers that try to do this method to protect the end user don’t protect from 90 percent of the most prevalent security attacks because they don’t offer hardware-based protection.
At this time, this feature is not explicitly stated to come to the consumer version of Windows 10; this feature will be for the E5 SKU of Windows 10 Enterprise. That being said, it’s hard to image that Microsoft would keep this feature locked to the Enterprise SKU forever and they could bring a streamlined version of the feature to consumers once they perfect the functionality of the virtualization component but for now, the company has nothing to announce on this front.