Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Microsoft stopped actively developing Defender Application Guard for Office and the Windows Security Isolation APIs. This means they also might remove the security feature in the future.
Threat actors often use Office document attachments to spread blackmail Trojans through malicious emails. So, most security specialists said they didn`t expect Microsoft to phase out this feature.
The company recommends users switch to alternatives like Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control.
What does Defender Application Guard for Office do
Defender Application Guard is part of Microsoft’s security for its Office apps on Windows 10 and 11. It applies to Word, Excel, and PowerPoint for Microsoft 365 Apps.
Application Guard for Office`s role is to protect devices from malware coming through untrusted files.
The feature works by opening suspicious files in a secure, isolated environment. Defender Application Guard for Office became available to all Microsoft 365 users two years ago.
According to Microsoft`s documentation:
Application Guard for Office is a protected mode that isolates untrusted documents so that they can’t access trusted corporate resources. For example, an intranet, the user’s identity, and arbitrary files on the computer. If a user tries an action that requires access to trusted resources (for example, inserting a local picture file), the action fails and displays a prompt like the following example.
Source – Microsoft Learn
How does Microsoft`s dropping Application Guard for Office impact security
Application Guard for Office is currently in use on enterprise desktops, laptops, and a variety of BYODs.
To mitigate the effect of Microsoft deprecating this security feature, the company advised IT professionals to use Defender for endpoint in conjunction with attack surface reduction rules.
Microsoft`s decision results into a lot of manual work for system admins, in order to maintain an additional protection layer against file-based attacks. Cybersecurity specialist Robertino Matausch said:
The problem is that unless the admins go through a lot of manual work, Windows users will risk a higher probability to get infected through malicious Office docs.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
