[Windows 10 Tip] How to Use Windows Defender Application Guard (WDAG) in Microsoft Edge

Windows Defender Application Guard (WDAG) is a new feature present in newer Windows 10 versions which provides users maximum level of protection from malware and zero day attacks against Windows. Windows Defender Application Guard provides unprecedented protection against targeted threats using Hyper-V virtualization technology and containers, so your PC must be capable of running Microsoft Hyper-V to use Application Guard feature. When you browse the Internet in Application Guard, your system is protected from even the most sophisticated browser attacks.

Previously WDAG feature was only available to Windows 10 Enterprise edition but in newer Windows 10 versions, this feature has been added to Windows 10 Pro edition as well. So if you are using Enterprise or Professional edition of latest Windows 10 version, you can take benefit of WDAG feature for more safety and security.

Windows Defender Application Guard (WDAG) feature is not enabled or activated by default and interested users will need to first enable it. After enabling the feature, you can use it in the built-in Microsoft Edge web browser.

If you also want to learn how to enable and use Windows Defender Application Guard (WDAG) feature in Microsoft Edge web browser in Windows 10, following steps will help you:

STEP 1:

First of all we’ll need to install Windows Defender Application Guard (WDAG) feature in Windows 10 as it doesn’t come preinstalled in Windows 10.

To install the WDAG feature, open “Turn Windows features on or off” window. You can direct open it using optionalfeatures.exe command in RUN dialog box or search box. Alternatively, you can open it from Control Panel -> Programs and Features.

Now scroll down in “Turn Windows features on or off” window and you’ll see “Windows Defender Application Guard” option which is unchecked by default.

Enable the checkbox given for Windows Defender Application Guard option and click on OK button. It’ll take a few seconds in installing the feature and will require a reboot.

Restart Windows and it’ll install and enable Windows Defender Application Guard feature in Windows 10.

STEP 2:

Once you install the WDAG feature, Windows 10 automatically activates it in Microsoft Edge web browser.

Open Microsoft Edge web browser and click on 3-dots icon (…) given at the end of the toolbar. You’ll get a new option “New Application Guard window” in the main menu.

Click on the option and Microsoft Edge will start opening a new session window protected with WDAG feature. You’ll get a splash screen with the percentage shown. It’ll take a few seconds in launching Application Guard window.

Once the new Application Guard window opens, you can browse the websites on Internet as usual but this time the session will be isolated in Application Guard.

STEP 3: (Optional)

Windows 10 allows users to customize WDAG feature using Group Policy Editor. If you want to change functionality of WDAG feature, you can do as following:

1. Press “WIN+R” key combination to launch RUN dialog box then type gpedit.msc and press Enter. It’ll open Group Policy Editor.

2. Now go to:

3. In right-side pane, you’ll see several options to enable/disable.

You can enable data persistence feature to allow Application Guard to save user-downloaded files, cookies, favorites, etc for use in future sessions. You can also force Application Guard to allow users to save downloaded files to the host operating system. You can also enable print and clipboard functionality in Application Guard sessions.

Windows 10 stores all these preferences under following key in Registry Editor:

So you can also use regedit to modify these settings and options by changing values of various DWORDs such as DisableHvsi, EnableClipboard, EnablePersistence, EnablePrinters, EnableVirtualGPU and SaveFilesToHostIsEnabled.