Microsoft today announced the public launch of Guard for Office preview for protection των χρηστών των επιχειρήσεων από απειλές που χρησιμοποιούν κακόβουλα συνημμένα ως τρόπο attacks.
Office Application Protection (also known as Microsoft Defender Application Guard for Office) is designed to prevent files downloaded from unreliable sources from gaining reliable access resources by opening them in an isolated sandbox.
This sandbox will automatically prevent malicious files from exploiting vulnerabilities, downloading other malicious tools, or any malicious behavior.
Disable by default in supported environments
Office malware is one of the most common files used by hackers to develop malware, such as ransomware, RATs, data theft trojans, and malware downloads.
The Office Application Protection feature works with Word, Excel, PowerPoint, Microsoft 365 and will be disabled by default for clients with Microsoft 365 E5 or Microsoft 365 E5 security software.
For administrators to enable it, endpoints are required to run Windows 10 Enterprise Edition, version 2004 (20H1), with cumulative update KB4566782 and the Application Guard activation package for Office applications installed.
Microsoft Defender ATP integration
"Office Application Protection is a limited feature that isolates unreliable documents from accessing trusted corporate resources, user IDs, and computer files," explains Microsoft.
“As a result, if one user tries to access a feature to which it does not have permission, for example by importing an image from a local file on disk, it will fail and display a prompt like the one below.
The Application Guard for Office is integrated with the Microsoft Defender Advanced Threat corporate security platform, providing monitoring of any malicious activity.
Microsoft provides detailed instructions on how to deploy and configure Application Guard for Office.
More details on installing - https://t.co/3V0D1NmoKz
- Tom Gallagher (@secbughunter) August 24
