Application Guard for Microsoft Edge helps to protect your device and data by opening untrusted sites in a virtualized container.

Note: Your device firmware has to support virtualization, and it has to be enabled in the device BIOS. Otherwise you won't be able to install or use Application Guard.

Imagine you have a can of soda and you're not sure if it's been shaken or is safe to open. So you put the can inside a plastic bag and open it there - that way if the soda sprays out, only the inside of the plastic bag gets messy. Once the can is open you can safely discard or recycle the plastic bag.

The untrusted website is like the can of soda - it might cause a mess. The virtualized container is like the plastic bag - it contains the mess if the site actually does turn out to be dangerous. And just like the plastic bag, when you're done with the virtualized container (which is just software) it's discarded along with anything inside it.

Because things inside the virtualized container can't access anything outside the virtual container it's much safer to work with untrusted sites, or files, inside that virtual container.

What do these settings do?

Important: Turning on any of these settings may make your system less safe. Each of them allows some kind of data to be transmitted into or out of the container (effectively poking a hole in it) which can be a risk. We recommend you leave them off unless you need to turn them on.

  • Save Data - When this is turned on Application Guard does not totally discard the virtualized container when you're done, but rather saves any files you've downloaded, browser cookies, or favorites for use in a future Application Guard session.

  • Copy and paste - This allows your Windows clipboard to go into and out of the virtualized container. If it's important to copy things out of, or paste things into, web pages that are inside the container you can turn this on.

  • Print files -This lets you print from sites open inside the virtualized container. Printing may seem harmless but remember that it involves sending data from an untrusted site out of the protected virtualized container through your operating system to your printer.

  • Camera and microphone - If this setting is turned on untrusted sites inside the container can access your camera and microphone.

  • Advanced graphics - This lets the browser inside the container use advanced graphic rendering capabilities of your device to improve graphics performance, such as video. This may be risky if the graphics driver you're using has a vulnerability the untrusted site tries to exploit.

See also

Microsoft Application Guard overview

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!