We have already reported several times about the new security function of Windows Defender Application Guard from Windows 10 in connection with the Microsoft Edge Browser. On the one hand, we showed you how you can install WDAG and where you can find the appropriate setting options from Application Guard .
In this WDAG tutorial we would like to show you how you can make further WDAG configuration adjustments. You can find them all in the group policy editor under the GPO path
Computer Configuration / Administrative Templates / Windows Components / Windows Defender Application Guard
Here you will find numerous GPOs for configuring WDAG , as you can see in the figure below.
The following WDAG GPOs are available to you.
- Start Windows Defender Application Guard in managed mode .
- Allow camera and microphone access in Windows Defender Application Guard.
- Allow data persistence for Windows Defender Application Guard.
- Allow hardware accelerated rendering for Windows Defender Application Guard.
- Audit events allow Windows Defender Application Guard.
- Prevent company websites from loading non-company content in Internet Explorer and Microsoft Edge.
- Allow Windows Defender Application Guard to use user device host root certification authorities.
- Configure clipboard settings for Windows Defender Application Guard.
- Allow users to trust files that open in Windows Defender Application Guard.
- Configure additional sources for untrusted files in Windows Defender Application Guard.
- Configure print settings for Windows Defender Application Guard.
- Files can be downloaded from Windows Defender Application Guard and saved in the host operating system.
Microsoft has published a very good and detailed document on the current GPOs for WDAG, which you can find under ” Configuring the Policy Settings for Windows Defender Application Guard “.
It allows the WDAG to be configured wonderfully, but we miss the possibility that the Windows user can start the Edge Browser automatically in WDAG mode or that a corresponding taskbar icon can be set up for the WDAG call . If you know of a possibility here, it would be nice if you would leave a comment at the end of this post.
