Microsoft has begun testing an in-browser security tool for Chrome and Firefox that serves as a 'sandbox mode' which lets users safely access untrusted websites without fear of infecting their machines.
The Windows Defender Application Guard extension, which already exists for the Edge browser, automatically redirects websites that haven't already been whitelisted to an isolated 'sandbox' environment. This effectively disconnects the browsing session from a user's physical machine and its data and files.
Just as it works on Edge, the extension checks the URL against a list of trusted sites defined by an organisation's enterprise administrator and guides a user to an isolated session. Users can then use this session to freely browse any non-white listed sites without fear of sustaining an infection.
Microsoft is now testing the feature before rolling this out as part of its next major flagship update for Windows 10, dubbed 'April 2019' or 19H1. The extension is currently online live for Windows Insiders, and users will need Windows 10 Pro or Enterprise installations to use the feature when it goes live in Spring.
The browser extension works based on an organisation's group policy, meaning once it's established by a network administrator it can be applied on devices across an entire company. The tool can also be configured by network isolation or application, according to Microsoft's guidelines.
When installed and fully deployed, users will see a Windows Defender Application Guard landing page when they open either Chrome or Firefox. Then, during the normal browsing experience, non-whitelisted URLs will open in a new Application Guard window. Users can also initiate a sandbox session themselves by toggling a switch in the menu settings.
However, the extension won't open this 'sandbox' session in a user's native browser of choice, i.e. Chrome or Firefox, but on an isolated Edge tab, meaning they will be forced into using Edge when browsing untrusted sites if their organisation implements the tool.
The extension is among a suite of security features Microsoft has been developing for enterprise users. Microsoft has also recently extended the idea of 'sandboxing' the user experience to desktop browsing, with this idea making its way into a future feature for Windows 10.
The Windows Sandbox desktop tool, which is currently being tested, will launch enterprise users into a virtual machine-like desktop environment when running suspicious software.
It will allow users to run applications in a clean Windows 10 installation in a windowed application, without having to run a fully-fledged virtual machine, eliminating the risk of opening potentially malicious apps on a work machine.
