What is Application Guard and what it means for Office 365

Microsoft is touting Application Guard as a defence against Office 365 macro viruses. What is it and will it truly prevent viruses in Word, Excel or PowerPoint documents?

Application Guard is already in the Edge browser and Microsoft has announced that it will be extended into Office 365 sometime in early 2020.  They’ve not said which Office 365 plans will get this security feature (Enterprise customers only or consumer plans too?).

Office virus protections now

At the moment, opening a document from an unknown source, email or Internet puts the document into ‘Protected View’.

Protected View is a ‘read only’ mode and not a lot of use for many people who need to edit the document.

Hackers use all manner to tricks to get people to click the ‘Enable Editing’ button or enable macros.  That lets the malicious code, spyware or ransomware run on the computer.

Office needs a way to isolate editable documents with macros which users have unwittingly enabled.

Office itself is a problem

The other problem is the dangers in Microsoft Office.  Every month there are patches for Office or Windows to block newly found bugs that hackers exploit.

Those patches will continue for the foreseeable future due to the complexity of software and hardware.

How will Application Guard help?

There’s no chance of Windows/Office becoming hacker proof with no security patches needed.  Users, being human, will always make mistakes or be tricked.

What’s needed is a way to open Office documents with macros enabled but still unable to infect or cause trouble to your computer.

Application Guard aims to isolates the document’s access to the rest of the machine and network.

Even if a malicious macro or security bug is exploited, the bad code won’t be able to access other parts of the computer.

It’s an extension of the Hyper/V and Sandbox technology already in Windows 10.  The document opens in an isolated sub-system with limited access to the rest of the computer.

Here’s Microsoft’s diagram of how Application Guard works with their Edge browser.

Replace ‘Microsoft Edge’ with ‘Microsoft Word, Excel, PowerPoint, Outlook, Access and Publisher’.

Application Guard will only apply to Office on Windows 10, not Mac or other devices.

The devil is in the detail

It sounds great and we look forward to seeing Application Guard in practice.

Hackers will immediately look for new opportunities, either technical lapses or way to trick people into bypassing Application Guard.

We’ve seen this before.  Microsoft overhyped Office Protected View as a panacea but it wasn’t.

It didn’t take long for hackers to make emails or documents worded to fool people.