One of the biggest security risks for computer users is their web browser. According to Microsoft, 90 percent of phishing emails use the browser to initiate attacks, which can then be used to help attackers establish a beachhead inside a company.
Microsoft has unveiled Windows Defender Application Guard for Microsoft Edge, a new system that will isolate the browser on Windows 10 Enterprise PCs, making them harder to hack.
So any website which isn’t on an organisation’s trusted list will automatically launch in an isolated browsing session (which will be clearly marked with a red icon so users know when they are in a secure session). IT admins can of course decide which sites are trusted and will launch in Edge normally.
The system is only available on Windows 10 Enterprise for now, so administrators will need to choose sites that do and don’t run inside Application Guard.
According to Rob Lefferts, Microsoft’s director of program management for Windows Enterprise and Security, the other key thing about the feature is that the container’s isolation is enforced using a secure root of trust that runs on the computer’s processor itself.
Application Guard will become available later this year in Insider builds of Windows, hitting a stable version some time in 2017.