Microsoft has begun testing an in-browser security tool for Chrome and Firefox that serves as a 'sandbox mode' which lets users safely access untrusted websites without fear of infecting their machines.
The Windows Defender Application Guard extension, which already exists for the Edge browser, automatically redirects websites that haven't already been whitelisted to an isolated 'sandbox' environment. This effectively disconnects the browsing session from a user's physical machine and its data and files.
Just as it works on Edge, the extension checks the URL against a list of trusted sites defined by an organisation's enterprise administrator and guides a user to an isolated session. Users can then use this session to freely browse any non-white listed sites without fear of sustaining an infection.
Microsoft is now testing the feature before rolling this out as part of its next major flagship update for Windows 10, dubbed 'April 2019' or 19H1. The extension is currently online live for Windows Insiders, and users will need Windows 10 Pro or Enterprise installations to use the feature when it goes live in Spring.
The browser extension works based on an organisation's group policy, meaning once it's established by a network administrator it can be applied on devices across an entire company. The tool can also be configured by network isolation or application, according to Microsoft's guidelines.
When installed and fully deployed, users will see a Windows Defender Application Guard landing page when they open either Chrome or Firefox. Then, during the normal browsing experience, non-whitelisted URLs will open in a new Application Guard window. Users can also initiate a sandbox session themselves by toggling a switch in the menu settings.
However, the extension won't open this 'sandbox' session in a user's native browser of choice, i.e. Chrome or Firefox, but on an isolated Edge tab, meaning they will be forced into using Edge when browsing untrusted sites if their organisation implements the tool.
The extension is among a suite of security features Microsoft has been developing for enterprise users. Microsoft has also recently extended the idea of 'sandboxing' the user experience to desktop browsing, with this idea making its way into a future feature for Windows 10.
The Windows Sandbox desktop tool, which is currently being tested, will launch enterprise users into a virtual machine-like desktop environment when running suspicious software.
It will allow users to run applications in a clean Windows 10 installation in a windowed application, without having to run a fully-fledged virtual machine, eliminating the risk of opening potentially malicious apps on a work machine.
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
The Windows 11 migration conundrum: What role can the channel play?Industry Insights Resellers are instrumental to making the right choice about the next steps...
-
84% of software developers are now using AI, but nearly half 'don't trust' the technology over accuracy concernsNews AI coding tools are delivering benefits for developers, but they’re still worried about security and compliance
-
The NCSC just urged enterprises to ditch Windows 10 – here’s what you need to knowNews The UK cyber agency says those that haven’t migrated to Windows 11 should do so immediately
-
Windows 11 finally overtakes Windows 10 in popularity – but what’s driving this surge?News It’s been a long time coming, but Windows 11 is finally Microsoft’s most popular operating system
-
MCP servers used by developers and 'vibe coders' are riddled with vulnerabilities – here’s what you need to knowNews Security researchers have issued a warning over rampant vulnerabilities found in MCP servers used by developers and 'vibe coders'.
-
AI-generated code is in vogue: Developers are now packing codebases with automated code – but they’re overlooking security and leaving enterprises open to huge risksNews While AI-generated code is helping to streamline operations for developer teams, many are overlooking crucial security considerations.
-
Shifting left might improve software security, but developers are becoming overwhelmed – communication barriers, tool sprawl, and ‘vulnerability overload’ are causing serious headaches for development teamsNews Developers are becoming overwhelmed amid the 'shift left' in development practices, new research shows.
-
The NCSC wants developers to get serious on software securityNews The NCSC's new Software Security Code of Practice has been welcomed by cyber professionals as a positive step toward bolstering software supply chain security.
