Microsoft Application Guard Brings VM to Edge

Over the past couple of years, security threats have grown ever more potent. Software is hard to secure against advanced persistent threats and zero-days. This is especially true of browsers which act as the gateway to the rest of the web, the most visible target. In an effort to bolster security for Windows 10 users, Microsoft is introducing Application Guard for Edge.

As software developers start conceding that no software can truly be secure, the focus has turned to mitigation. One of the chief tools in mitigating an exploit is the use of virtual machines. The host operating system is protected against any exploits as long as it is contained within the VM. The malicious code simply runs in the VM without causing harm and gets extinguished once the virtual machine is closed.

Application Guard Brings Edge up to Standard

Application Guard for Edge applies the same principle but to the Edge browser specifically. This means that exploits that worm their way through Edge’s extensive browser protections will have to break out of the VM before they can attack the user. This brings Edge on par with other major browsers like Google’s Chrome and Mozilla’s Firefox which are both moving in the same sandbox/VM direction.

Microsoft first teased before the Creators Update hit. In the early versions, the VM spun up as a separate Edge instance. Closing the window wipes all cache and user saved data. While this makes for strong security, it limits the daily usefulness of Application Guard. Microsoft is now adding the ability to store cookies or passwords or create bookmarks, great enhancing usability. Hopefully, Edge will use virtualization by default come Fall Creators Update.