Office 365 deploys a clever new technique for dealing with dodgy attachments

Application Guard
(Image credit: Microsoft)

Malicious attachments are often used by cybercriminals as a means to gain access to an organization's network which is why Microsoft has developed its Application Guard for Office which is now available in public preview.

Application Guard for Office opens files downloaded from untrusted sources in an isolated sandbox in order to prevent them from gaining access to trusted resources. The sandbox has the ability to automatically block malicious files from exploiting vulnerabilities, downloading other malware or doing anything else that could impact a user's device or data.

Senior Office deployment engineer Eric Wayne provided further details on how the sandbox helps protect users from malicious files in a blog post announcing that Application Guard for Office is now in public preview, saying:

“Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container.”

Application Guard for Office

Microsoft's Application Guard for Office features works with Word, Excel, and PowerPoint for Microsoft 365. However, the feature will be turned off by default for customers with either Microsoft 365 E5 or Microsoft 365 E5 Security enterprise plans.

In order for admins to turn on this feature, their organization's endpoints must be running Windows 10 Enterprise edition version 2004 (20HI) with the KB4566782 cumulative update and the Application Guard for Office Feature enablement package installed.

At the same time, users must remove Application Guard protection from a document to enable an untrusted document to access trusted resources, according to a support document from Microsoft.

By opening files from untrusted sources in an isolated sandbox, Microsoft is making it easier for organizations to protect themselves as well as their employees from email-based threats and malicious documents.

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS