Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Edge Security with Windows Defender Application Guard

Published byColin Malone Modified over 6 years ago

Similar presentations

Presentation on theme: "Microsoft Edge Security with Windows Defender Application Guard"— Presentation transcript:

1 Microsoft Edge Security with Windows Defender Application Guard
9/11/2018 4:41 AM Microsoft Edge Security with Windows Defender Application Guard Chas Jeffries Principal Program Manager Windows Enterprise and Security © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Threat Landscape Windows Defender Application Guard Overview
Demo Containers Q&A

3 Evolution of attacks Mischief Fraud and theft Damage and disruption
9/11/2018 Evolution of attacks Mischief Script kiddies Unsophisticated Fraud and theft Organized crime More sophisticated Damage and disruption Nations, terror groups, activists Very sophisticated and well resourced © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

4 Attacks happen fast and are hard to stop
9/11/2018 Attacks happen fast and are hard to stop If an attacker sends an to 100 people in your company… …30 people will open it… …12 people will open the attachment or click on the link… …and all will do it in the 3 minutes 45 seconds… Source: Verizon 2016 Data Breach Investigations Report © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

5 Anatomy of an attack ENTER ESTABLISH EXPAND ENDGAME
9/11/2018 Anatomy of an attack ATTACK Browser or doc exploit delivery USER Malicious attachment delivery ENTER Phishing attacks DEVICE Kernel exploits ESTABLISH Kernel-mode malware NETWORK Credential Theft EXPAND ENDGAME Business disruption Lost productivity Data theft Espionage, loss of IP Ransom © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

6 Anatomy of an attack: strontium
9/11/2018 Anatomy of an attack: strontium ATTACK Mon, 9 November 2015, 13:20 RE: Mission In Central African Republic John Smith John Smith Dear Sir! Please be advised that The Spanish Army personnel and a large number of Spanish Guardia Civil officers currently deployed in the Central African Republic (CAR) as part of the European EUFOR RCA mission will return to Spain in early March as the mission draws to a close. Visit for additional info. Best regards, Capt. John Smith, Defence Adviser, Public Diplomacy Division NATO, Brussels USER PHISHING DEVICE Browser or Doc Exploit Execution NETWORK PASS-THE-HASH ENDGAME Theft of sensitive information, disruption of government. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

7 Anatomy of an attack: strontium
9/11/2018 Anatomy of an attack: strontium 1 2 3 ATTACK USER PHISHING DEVICE Browser or Doc Exploit Execution NETWORK PASS-THE-HASH Land on exploit page Exploit runs Redirected to legitimate page ENDGAME Theft of sensitive information, disruption of government. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

8 Normal looking website 9/11/2018
© 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

9 Anatomy of an attack: strontium
9/11/2018 Anatomy of an attack: strontium ATTACK USER PHISHING DEVICE Browser or Doc Exploit Execution NETWORK Attacks hard to clean up and are very costly PASS-THE-HASH ENDGAME Theft of sensitive information, disruption of government. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

10 Microsoft’s security posture
9/11/2018 Microsoft’s security posture Protect Detect Respond Today’s cloud-first, mobile-first world demands the highest level of identity & data security Comprehensive monitoring tools to help you spot abnormalities and respond to attacks faster Leading response and recovery technologies plus deep consulting expertise At Microsoft our overall security vision is focused around the idea of protect, detect, and defend… <talk a bit about what each means in the larger context> © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

11 Protect Detect Respond Windows 7 Windows 10
9/11/2018 Protect Detect Respond Windows 7 Trusted Platform Module (TPM) SmartScreen BitLocker BitLocker to Go Windows 10 Windows Trusted Boot Microsoft Edge Windows Defender Windows Hello Companion Device Framework Windows Information Protection Windows Defender Advanced Threat Protection Legacy or Modern Devices (Upgraded from Win 7 or 32-bit Windows 8) Virtualization based security UEFI Secure Boot Device Guard Credential Guard Device Encryption Security management Conditional Access Windows Hello Biometric Sensors Modern Devices (Fresh install or upgrade from 64-bit Win 8 )    (Click) Windows 7 delivered support for TPM, and data protection features like BitLocker. We also introduced the first version of our SmartScreen service… (Click) …but clearly you need more today. Now with Windows 10 we are giving YOU more tools and features to protect your business. (Call out one or two features quickly)… (Click) …and when you are running W10 on modern hardware you get some of the most powerful security features… So when thinking about what you want to use to protect your business, it’s clear Windows 10 is a huge step forward… When I look at this list what I’m most proud of are the investments we have made in containerization/virtualization and in identity. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

12 Current threat landscape Driving the need for hardware based isolation
Our research indicates that there has been a dramatic increase in kernel exploits over the past two years Source: MSRC and Microsoft One Protection Team

13 Traditional platform stack
9/11/2018 Apps Windows Platform Services Traditional platform stack Kernel Device Hardware © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

14 Hardware based isolation
9/11/2018 System Container Kernel Device Guard Credential Guard Trustlet Apps Hardware based isolation Windows 10 Windows Platform Services Kernel Device Hardware Hypervisor © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

15 Microsoft Edge with Windows Defender Application Guard
9/11/2018 Microsoft Edge with Windows Defender Application Guard Moves browser sessions to an isolated, virtualized environment Provides significantly increased protection and hardens attacker favorite entry-point Device Hardware System Container Kernel Windows Platform Services Microsoft Edge Hypervisor (Hyper-V) Critical System Processes Apps © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

16 Application Guard Experience

17 User receives a suspicious email, unwittingly the user clicks the link.

18 Natoint.com A new browser window appears, with window decoration and notification that the site the user wants to open is not an enterprise site and needs to open in a container.

19 The malware runs and the container is infected.
Natoint.com A new browser window appears, with window decoration and notification as the user lands on an untrusted website. The malware runs and the container is infected.

20 Natoint.com The user closes the Edge window and the session is discarded when the user logs off.

21 Back on the host, all is good
Back on the host, all is good. The malware was not able to jump out of the container, it’s isolated to the container.

22 Demo Windows Defender Application Guard

23 Next Generation Client Containers

24 WDAG Internals Enterprise client (Host) Host browser GP or MDM
POLICY SITE LIST Host browser Browser plug-in GP or MDM Microsoft Edge Browser plug-in Policy store Read Windows Platform Services Enterprise client (Host) Management Hypervisor Security Isolation (HVSI) Notification of a new URL Kernel Windows Platform Services Hypervisor Kernel Virtual Switch Virtual Switch plug-in

25 WDAG Internals Enterprise client (Host) Host browser GP or MDM
POLICY SITE LIST Host browser Browser plug-in GP or MDM Microsoft Edge Browser plug-in Policy store Read Windows Platform Services Enterprise client (Host) Management Hypervisor Security Isolation (HVSI) Kernel Lookup fails, inject into Container Windows Platform Services Hypervisor Kernel Virtual Switch Virtual Switch plug-in

26 Productivity Features
Windows Defender Application Guard

27 Windows Defender Application Guard
Kernel Windows Platform Services Microsoft Edge Non-enterprise sites Windows Host OS Enterprise sites Clipboard Controlled with policy, users can copy and paste plain text and graphics from the container to the host

28 Printing from a container
Controlled through policy, users can print web content and documents from a container Windows Host OS Kernel Windows Platform Services Microsoft Edge Enterprise sites

29 Persistence of user state between sessions
The state of the container is persisted between sessions, i.e. cookies, remembered passwords, favorites, temporary files will be persisted from session to session in a container using temp VHD VM VHD HOST

30

31 Where can I try it? Microsoft Technology Adoption (TAP) Program
TAP is a pre-release program run by Windows engineering to obtain deep customer feedback, early and throughout the development cycle to ensure new technology investments meets the needs of the marketplace Interested in joining TAP? Contact to Microsoft Windows Insider Program (WIP) This program is designed exclusively for people who want be involved in the process. So if you want to help us build the best Windows yet, we want you to join us. be first to experience the new ideas and concepts we’re building. In return, we want to know what you think. You’ll get an easy-to-use Feedback Hub app to send us your feedback, which will help guide us along the way Interested in joining WIP? Visit

32 Redstone 3 TAP TAP is a pre-release program run by Windows engineering to obtain deep customer feedback, early and throughout the development cycle to ensure new technology investments meets the needs of the marketplace. TAP is not a Deployment Support Program Criteria for participation Actively deploying Windows 10 Leading edge in adopting new technologies Has a long term vision on IT Strategy and willing to share Willing to commit resources to participate and invest in program partnership Willing to share feedbacks through Yammer. Next Steps Contact to TAP team will follow up with your account manager.

33 Questions?

34 9/11/2018 4:41 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Planning and environment setup
HW requirements CPU – 64bit with virtualization extensions RAM – 4GB min, 8GB recommended Windows 10 Enterprise RS3 TAP Miscellaneous Enable CPU virtualization from BIOS

36 Planning and environment setup
1. Install Turn Windows feature on or off PowerShell (Covers SCCM, MDT, etc.) 2. Configure Group Policies (ADMX) System Center (Configuration Manager) Microsoft Intune 3. Enable Group Policies (ADMX) System Center (Configuration Manager) Microsoft Intune

Download ppt "Microsoft Edge Security with Windows Defender Application Guard"

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.

Working with Applications Lesson 7. Objectives Administer Internet Explorer Secure Internet Explorer Configure Application Compatibility Configure Application.
WINDOWS 10 BUSINESS. Windows 10 for SMB Best platform for modern business Affordable and innovative devices Simple to setup and manage Enterprise-quality.

WINDOWS 10 BUSINESS. Windows 10 for SMB Best platform for modern business Affordable and innovative devices Simple to setup and manage Enterprise-quality.
The information contained in this document represents the current view of Microsoft Corp on the issues discussed as of the date of publication. Because.

The information contained in this document represents the current view of Microsoft Corp on the issues discussed as of the date of publication. Because.
Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.

Network and Server Basics. Learning Objectives After viewing this presentation, you will be able to: Understand the benefits of a client/server network.
Network customization

Network customization
Moving to Windows 10 Vishal Ladwa – PowerONPlatforms Consultant

Moving to Windows 10 Vishal Ladwa – PowerONPlatforms Consultant
Microsoft Virtual Academy

Microsoft Virtual Academy
Windows 10 in einem Bio Reservoire

Windows 10 in einem Bio Reservoire
Protect your endpoints from malware threats with Windows Defender

Protect your endpoints from malware threats with Windows Defender
Deployment Planning Services

Deployment Planning Services
Windows 10 Enterprise Subscriptions in CSP

Windows 10 Enterprise Subscriptions in CSP
Deploy and Manage BitLocker using MBAM

Deploy and Manage BitLocker using MBAM
Deployment Planning Services

Deployment Planning Services
Secure Windows 10 with Intune, Azure AD and Configuration Manager

Secure Windows 10 with Intune, Azure AD and Configuration Manager
5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.

5/31/2018 3:40 PM BRK3113 How Microsoft IT builds Privileged Access Workstation using Windows 10 and Windows Server 2016 Jian (Jane) Yan Sr. Program Manager.
Deployment Planning Services

Deployment Planning Services
The changing of the guard

The changing of the guard
Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM

Windows Server 2016 Secure IaaS Microsoft Build /1/2018 4:00 AM
Hybrid Management and Security

Hybrid Management and Security

Similar presentations

Ads by Google