Application Guard Deployment by MECM


This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will be focusing on Application Guard and the correct configuration/deployment for Microsoft Endpoint Configuration Manager (MECM). I have deployed with many of my customers and will show you what I have found useful in these deployments.  

Microsoft Defender Application Guard  


Microsoft Defender Application Guard is a hardware Isolation leveraging a Hyper-V enabled container. The container uses a lightweight Virtual Machine (VM) that is resistant to kernel attacks and runs on a separate kernel from the host. There are two types of modes - Enterprise Management Mode and Standalone Mode.  

In Enterprise Management Mode, the administrator defines trusted sites through GPOs, Microsoft Intune, MECM, or your current mobile device management solution. Untrusted sites launch in the isolated Hyper-V container giving the user a malicious free browsing session. 

In Standalone Mode, users start the isolated-based browser session independently without any administrators or policy configurations which I do not personally recommend as you are letting the user choose use your enterprise security tools and not Security Administrators. More Information on the details of Application Guard and pre-requisites can be found in my Tech Blog on App Guard for Office. 

A method I use regularly with customers transitioning off GPOs ( Objects) and without access to Intune, is using MECM. This method is solidly reliable, easy to control Application Guard policy updates by scheduled interval or by manually trigger updates in CM Client Device. You could take the benefits of the SMS Agent to quickly deploy Application Guard and updates happen in several minutes – depending on connectivity. This seems to be a replaced solution if you face the obstacles when deploying Application Guard by other methods. 

How the MECM Deployment of Application Guard Policy Works 

After the Application Guard Policy is deployed by the MECM Console and then on Clients of MECM, the machine policy will update the Application Guard Policy as Configuration Items. The following screenshot is shown in the Configuration Manager Client's Properties under Configuration Tab: 


Just like with other Baseline Configuration Items, you could choose the Application Guard policy from the list, then click on the highlighted button to Refresh, Evaluate its compliance status, and View Report. 

Whenever you make a change to the Application Guard Policy on the Client Device, you just need to use the Machine Policy Retrieval & Evaluation Cycle to get the latest version of Application Guard applied to the Client and manually evaluate the Application Guard Policy. The whole process usually only takes several minutes and it is convenient compared to Application Guard Deployment like GPOs. 

Deployment Steps 

The Application Guard Deployment Steps include: 

  1. Create Application Guard Policy in MECM
  2. Configure Application Guard
  3. Define Network Boundaries: Cloud Resources (Cloud App URLs), Subnets, Enterprise Network Domain Names (AD () Domains FQDN (Fully Qualified Domain Name)), Neutral Resources (Search URLs, Redirection Endpoints' URLs)
  4. Testing in Dev environment or small Proof of Concept
  5. Deployment Enterprise-wide

Create Application Guard Policy 

In MECM Console 

  • Go to Asset and ComplianceEndpoint Protection
  • Windows Defender Application Guard (Right Click)
  • Create Application Guard Policy.


  •  nbsp;nbsp;Configure Application Behavior with the following options:
  • Allow copy and paste of text, images from container's clipboard to host direction or vice versa or both directions.


  • Allow XPS Printing, PDF Printing, Local Printer Printing, Network Printer Printing from Applications running in Container or not.



  • Allow Graphics from Virtual GPU or not.
  • Allow save files from Applications running in Container to Host or not.
  • Host Interaction
  • Allow non-enterprise content, third-party plug-ins or not.
  • Allow to save browser's data originated from Virtual Container or not.
  • Audit security events during sessions of Application Guard or not


  •  nbsp;nbsp;File Management (obsolete in Windows 10 20H1 and later)

Starting in Configuration Manager version 1906, There's a policy setting that enables users to trust files that normally open in Application Guard. Upon successful completion, the files will open on the host device instead of in Application Guard. 

  • Allow trust files on Host to be opened by Application Guard:



  • Prohibited: Don't allow users to mark files as trusted (default). 
  • File checked by : Allow users to mark files as trusted after an check. 
  • All files: Allow users to mark any file as trusted. 

Known Issues with File Trust Management: 

When you enable file management, you may see errors logged in the client's DCMReporting.log. The errors below typically do not affect functionality.

On compatible devices: 

FileTrustCriteria_condition not found 

  • On non-compatible devices: 

FileTrustCriteria_condition not found 

FileTrustCriteria_condition could not be located in the map 

FileTrustCriteria_condition not found in digest 

  • Devices running Windows 10, version 2004 will show failures in compliance reporting for Microsoft Defender Application Guard File Trust Criteria. This issue occurs because some subclasses were removed from the WMI (Windows Management Instrumentation) class MDM_WindowsDefenderApplicationGuard_Settings01 in Windows 10, version 2004
  • Network Definition
  • Enable auto-detect proxy server or not.
  • Enable auto-detect Network IP (Internet Protocol) ranges or not


  • Define Enterprise Network Boundaries and Resources:


Network Isolation Configuration 

To support all sub-domains of Contoso we need a wildcard in the form of “.”:    


for sub-sub-domain: 

Policy name 

Supported versions 


Enterprise Cloud Resource domains hosted in the cloud 

At least 2012, Windows 8, or Windows RT 

  • A pipe-separated (|) list of your domain cloud resources.  
  • Sub-domain and Wildcard represented by “.” 


In the above example, all in-house apps of will be supported, like,, … and will be supported. 

In our test, only one “.” is accepted, sub-sub-domain (..) was not working. 

The private network ranges for apps 

At least 2012, Windows 8. 

A comma-separated list of IP address ranges  

Domains categorized as both work and personal 

At least 2012, Windows 8, or Windows RT 

  • A comma-separated list of domain names used as both work or personal resources. 
  •  … 

Neutral Resources 

  • Neutral Resources like the search engine (,, authentication redirection endpoints, 
  • Neutral Resource to be used by both Work and Personal accounts. 
  • Define Enterprise Cloud Resources:


  •   Define Network Domain Names:



  • Define Neutral Resources:


Application Guard Limitations and Considerations for Office 365 and Windows 10  

  • Active content in documents like macros and ActiveX controls are disabled in Application Guard for Office. Users need to remove Application Guard protection to enable active content. 
  • Selecting web links (HTTP or HTTPS) does not open the browser. 
  • Files that are protected by Information Rights Management (IRM) are blocked by default. If users want to open such files in Protected View, an administrator must configure policy settings for unsupported file types for the organization. 
  • Any customizations to Office applications in Application Guard for Office will not persist after a user signs out or after the device restarts. 
  • Network connectivity is required for the first launch of Application Guard after installation. Connectivity is required for Application Guard to validate the license (E5). 
  • In the document's info section, the Last-Modified By property may display WDAGUtilityAccount as the user. WDAGUtilityAccount is the anonymous user configured in Application Guard. The desktop user's identity is not shared inside the Application Guard container. 
  • Updates to .NET might cause files to fail to open in Application Guard. As a workaround, users can restart their devices when they come across this failure.  
  • Some language keyboards based on Input Method Editor (IME) may not work: 
  • Vietnam Telex keyboard, Hindi phonetic keyboard, Bangla phonetic keyboard, Marathi phonetic keyboard, Malayalam phonetic keyboard, and several other IMEs not supported 
  • Only Windows 10 Enterprise will work on Application Guard Enterprise-Managed mode (with Application Guard Policy). The Windows 10 Pro edition only works on Application Guard Standalone mode. 
  •  If an driver prevents a  (Virtual Hard Disks) from being mounted or from being written to, Application Guard does not work and results in an error message  


Thanks for taking the time to read this article and I hope you have a better understanding of the configurations required for deployment for Application Guard for MECM. Hope to see you in the next blog and always protect your endpoints!  

Thanks for reading and have a great Cybersecurity day!  

Follow my Microsoft Security Blogs:  and also on LinkedIn. 


(0x80070013 ERROR_WRITE_PROTECT). 

Application Guard  Devices running Windows 10, version 2004 will show failures 

Application Guard for Office 365 Limitations and Considerations 

Configuration for Application Guard Network Isolation 

Manage Application Guard policies – Configuration Manager | Microsoft Docs 

Microsoft Defender Application Guard FAQ 

Microsoft Application Guard Policy  

Microsoft Testing Scenarios 

Receiving an error message when attempting to open Windows Defender Application Guard or Windows Sandbox 


This article was originally published by Microsoft's Virtualization Blog. You can find the original article here.