Microsoft deprecates Defender Application Guard for Office


Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative.

Application Guard for Office is a security feature that works with Word, Excel, and PowerPoint for Microsoft 365 Apps, specifically catering to Windows 10 and Windows 11 Enterprise editions.

Its primary objective is to thwart potential threats by restricting files downloaded from untrusted origins, ensuring they are opened within a secure sandbox, and preventing access to trusted resources on the user’s device.

These secure containers shield the device using hardware-based virtualization from potential malware infections after opening downloaded documents in Office applications.

“Microsoft Defender Application Guard for Office is being deprecated and is no longer being updated. This deprecation also includes the Windows.Security.Isolation APIs that are used for Microsoft Defender Application Guard for Office,” Microsoft said.

“We recommend transitioning to Microsoft Defender for Endpoint attack surface reduction rules along with Protected View and Windows Defender Application Control.”

Application Guard alert
Application Guard alert (Microsoft)

​The announcement comes two years after Redmond rolled out Application Guard for Office to all Microsoft 365 customers with supported licenses.

It was officially launched as part of a limited preview in November 2019, and it was only available to organizations with Microsoft 365 E5 or Microsoft 365 E5 Security licenses.

In October, the company said it’s killing VBScript in future Windows releases 30 years after its introduction, making it available as an on-demand feature before being completely removed.

Earlier this year, Microsoft announced that it would phase out WordPad after 28 years and reminded that Windows will disable insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols, but delayed Client Access Rules (CARs) deprecation in Exchange Online by one year until September 2024.

Five years ago, Microsoft also said that the classic Windows Paint app would be deprecated and removed with the release of the Windows 10 Fall Creator’s Update in July 2017.

However, Redmond decided against phasing it out completely and, instead, it made it available through the Microsoft Store following an outpour of love for the app.



Source link