Microsoft has announced that Application Guard for Office is now generally available for all Microsoft 365 users with supported licenses.

Application Guard for Office (aka Microsoft Defender Application Guard for Office) blocks files downloaded from untrusted sources from gaining access to trusted resources by opening them in sandboxes.

These secure containers are isolated with the help of hardware-based virtualization preventing potentially unsafe documents opened in Office from infecting users with malware.

The Application Guard sandbox will also automatically block malicious attachments from downloading other malicious tools, exploiting system or software vulnerabilities, or executing malicious tasks that could impact the users’ device and data.

“When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container,” Microsoft explained.

Application Guard for Office was launched in limited preview in November 2019 and it is only available to organizations that have Microsoft 365 E5 or Microsoft 365 E5 Security licenses.

Alert shown when opening untrusted files in Office
Application Guard alert (Microsoft)

Off by default

Application Guard for Office works with Word, Excel, and PowerPoint for Microsoft 365 and it will be toggled off by default.

Admins can only deploy it on endpoints running at least Windows 10 Enterprise edition, version 2004 (20H1), with the cumulative monthly security update KB4571756 installed.

Application Guard for Office is also integrated with Microsoft Defender for Office 365 and the Microsoft Defender for Endpoint enterprise endpoint security platform for malicious activity monitoring and alerting within secure containers.

Microsoft provides instructions on how to deploy and configure Application Guard for Office within supported environments.

Detailed Application Guard for Office system requirements information can also be found on Microsoft’s support website.

Earlier this month, Microsoft has announced that Microsoft Defender for Endpoint’s detection and response (EDR) capabilities are generally available on Linux servers.

Microsoft will also enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who opted into public previews starting next month.