Office 365 to Prevent Malicious Docs From Infecting Windows

Microsoft Office 365 ProPlus is getting a new feature called Application Guard that will allow users to open attachments in a virtualized container to protect Windows from malicious macros and exploits.

Microsoft Edge for Windows 10 includes a feature called Windows Defender Application Guard that allows you to launch a browser tab into a special sandboxed environment.  As this browsing environment is sandboxed, any malicious sites that attempt to exploit vulnerabilities, download malicious software, or exhibit malicious behavior will be blocked from affecting the normal machine.

Microsoft Edge Application Guard
Microsoft Edge Application Guard

This same virtualized sandbox is now coming to Microsoft Office in order to protect users from malicious attachments that are commonly used to install malware.

Microsoft Office Application Guard

Microsoft Office 365 ProPlus users are now getting a similar feature called Microsoft Office Application Guard.

With this feature, an Office document such as a Word document or Excel spreadsheet can be opened in a virtualized container that is protected with hardware level security and restricted from accessing the normal Windows operating environment.

While users will be able to print, edit, and save changes, this sandboxed environment will prevent malicious macros from installing malware, exploiting vulnerabilities, or executing PowerShell or JavaScript commands that can affect your normal Windows environment.

If a user decides to “trust” a document, before being allowed to use the document, it will be scanned first using the Microsoft Defender Advanced Threat Protection threat cloud for extra protection.

As spam emails containing malicious Word and Excel documents are one of the most common vectors for installing malware such as ransomwaredata-stealing and keylogging TrojansRATs, and malware downloaders, this protection is a very useful feature for any user.

This feature is currently in limited preview and will become generally available in the summer of 2020

By Lawrence Abrams