If you wish to configure Microsoft Defender Application Guard settings on Home windows 11/10, right here is how. With the assistance of the Registry Editor or the Native Group Coverage Editor, you possibly can allow, disable, and modify settings and use this safety characteristic in line with your necessities.
Configure Microsoft Defender Application Guard settings utilizing GPEDIT
To handle Microsoft Defender Application Guard settings utilizing Group Coverage Editor, observe these steps:
- Press Win+R > sort gpedit.msc, and hit the Enter button.
- Navigate to this path: Pc Configuration > Administrative Templates > Home windows Parts > Microsoft Defender Application Guard.
- Double-click on a specific setting.
- Select the Enabled/Disabled choice.
- Enter values if required.
- Click on the OK button.
- Signal out and re-sign into your consumer account.
To get began, you could open the Native Group Coverage Editor. To do this, press Win+R to open the Run immediate, sort gpedit.msc and hit the Enter button.
Then, navigate to this path:
Pc Configuration > Administrative Templates > Home windows Parts > Microsoft Defender Application Guard
Right here you’ll find these settings:
1] Enable auditing occasions in Microsoft Defender Application Guard: This setting helps Microsoft Defender Application Guard acquire knowledge from occasions and system logs of your machine.
2] Enable digicam and microphone entry in Microsoft Defender Application Guard: When you allow this setting, your machine’s digicam and microphone will likely be utilized by apps inside Microsoft Defender Application Guard.
3] Enable knowledge persistence for Microsoft Defender Application Guard: Enabling this setting is important if you wish to preserve your knowledge from earlier periods.
4] Enable information to obtain and save to the host working system from Microsoft Defender Application Guard: By default, Microsoft Defender Application Guard saves or downloads information in a digital or remoted setting. Nevertheless, if you wish to save information to the host working system, flip this setting ON.
5] Enable hardware-accelerated rendering for Microsoft Defender Application Guard: Wish to render graphics utilizing {hardware}? This setting must be turned ON.
6] Enable Microsoft Defender Application Guard to make use of Root Certificates Authorities from the consumer’s machine: At occasions, you would possibly have to share the foundation certificates out of your machine with the Microsoft Defender Application Guard. If that’s the case, you could allow this setting.
7] Configure Microsoft Defender Application Guard clipboard settings: This selection permits you to synchronize clipboards between the host laptop and the Microsoft Defender Application Guard setting. You possibly can allow, disable, or modify the clipboard synchronization settings.
8] Configure Microsoft Defender Application Guard print settings: It’s the identical as clipboard settings. Nevertheless, there are different choices. You possibly can allow or disable printing, particular file printing, community printing, and so on.
9] Stop enterprise web sites from loading non-enterprise content material in Microsoft Edge and Web Explorer: If you wish to permit non-enterprise content material within the Microsoft Defender Application Guard setting, you could disable this setting.
10] Activate Microsoft Defender Application Guard in Managed Mode: It helps you allow or disable Microsoft Defender Application Guard.
Let’s say you wish to configure the print settings. For that, you could double-click on the Configure Microsoft Defender Application Guard print settings and select the Enabled choice.
Then, you could enter a worth. As there are numerous choices, you could resolve on the type of printing you wish to permit. Then, enter the worth per the necessities and click on OK.
Be aware: You could allow the Activate Microsoft Defender Application Guard in Managed Mode setting first earlier than you allow or change any of the opposite settings.
After modifying any setting, shut all of the home windows, signal out of your account, and re-sign into it.
Learn: The right way to Allow Microsoft Defender Application Guard on Home windows 11
Handle Microsoft Defender Application Guard settings utilizing REGEDIT
To configure Microsoft Defender Application Guard settings utilizing Registry Editor, observe these steps:
- Open Registry Editor in your laptop.
- Navigate to Microsoft in HKLM.
- Proper-click on Microsoft > New > Key.
- Identify it as AppHVSI.
- Proper-click on AppHVSI > New > DWORD (32-bit) Worth.
- Identify it as AllowAppHVSI_ProviderSet.
- Double-click on it and set the Worth knowledge as 0/1/2/3.
- Click on the OK button.
- Create one other REG_DWORD worth named AllowAPPHVSI and set the Worth knowledge as 0.
- Repeat the identical steps to create REG_DWORD values for different settings as talked about beneath.
- Shut all home windows and restart your laptop.
To be taught extra about these steps, proceed studying.
First, you could open the Registry Editor in your laptop. Then, navigate to this path:
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoft
Proper-click on Microsoft > New > Key and title it AppHVSI.
Subsequent, right-click on AppHVSI > New > DWORD (32-bit) Worth and title it as AllowAppHVSI_ProviderSet.
Double-click on it to set the Worth knowledge as follows:
- Disable Microsoft Defender Application Guard: 0
- Allow Microsoft Defender Application Guard for Microsoft Edge ONLY: 1
- Allow Microsoft Defender Application Guard for remoted Home windows environments ONLY: 2
- Allow Microsoft Defender Application Guard for Microsoft Edge AND remoted Home windows environments: 3
Then, click on the OK button.
Subsequent, you could create one other REG_DWORD worth, title it as AllowAPPHVSI, and preserve the Worth knowledge as 0.
These two REG_DWORD values have to be saved whereas configuring different Microsoft Defender Application Guard settings.
1] Enable auditing occasions in Microsoft Defender Application Guard:
- REG_DWORD Worth title: AuditApplicationGuard
- Worth knowledge: 1 to Allow and 0 to Disable.
2] Enable digicam and microphone entry in Microsoft Defender Application Guard:
- REG_DWORD Worth title: AllowCameraMicrophoneRedirection
- Worth knowledge: 1 to Allow and 0 to Disable.
3] Enable knowledge persistence for Microsoft Defender Application Guard:
- REG_DWORD Worth title: AllowPersistence
- Worth knowledge: 1 to Allow and 0 to Disable.
4] Enable information to obtain and save to the host working system from Microsoft Defender Application Guard:
- REG_DWORD Worth title: SaveFilesToHost
- Worth knowledge: 1 to Allow and 0 to Disable.
5] Enable hardware-accelerated rendering for Microsoft Defender Application Guard:
- REG_DWORD Worth title: AllowVirtualGPU
- Worth knowledge: 1 to Allow and 0 to Disable.
6] Enable Microsoft Defender Application Guard to make use of Root Certificates Authorities from the consumer’s machine:
- String Worth title: CertificateThumbprints
- Worth knowledge: As per the foundation certificates.
7] Configure Microsoft Defender Application Guard clipboard settings:
- REG_DWORD Worth title: AppHVSIClipboardSettings
- Block clipboard operations: 0
- Allow clipboard operation from an remoted session to the host: 1
- Allow clipboard operation from a number to the remoted session: 2
- Allow clipboard operation in each instructions: 2
- REG_DWORD Worth title: AppHVSIClipboardFileType
- Permits textual content copying: 1
- Enable picture copying: 2
- Enable each textual content and picture copying: 3
8] Configure Microsoft Defender Application Guard print settings:
- REG_DWORD Worth title: AppHVSIPrintingSettings
- Worth knowledge:
- Disables all print performance: 0
- Allows solely XPS printing: 1
- Allows solely PDF printing: 2
- Allows each PDF and XPS printing: 3
- Allows solely native printing: 4
- Allows each native and XPS printing: 5
- Allows each native and PDF printing: 6
- Allows native, PDF, and XPS printing: 7
- Allows solely community printing: 8
- Allows each community and XPS printing: 9
- Allows each community and PDF printing: 10
- Allows community, PDF, and XPS printing: 11
- Allows each community and native printing: 12
- Allows community, native, and XPS printing: 13
- Allows community, native, and PDF printing: 14
- Allows all printing: 15
9] Stop enterprise web sites from loading non-enterprise content material in Microsoft Edge and Web Explorer:
- REG_DWORD Worth title: BlockNonEnterpriseContent
- Worth knowledge: 1 to Allow and 0 to Disable.
After establishing all of the REG_DWORD values and Worth knowledge, you should restart your laptop to use the modifications.
That’s all! I hope this information helped you.
Learn: What’s WDAGUtilityAccount in Home windows?
The right way to activate Microsoft Defender Application Guard Managed Mode utilizing GPO?
To activate Microsoft Defender Application Guard Managed Mode utilizing GPO, open the Native Group Coverage Editor and go to this path: Pc Configuration > Administrative Templates > Home windows Parts > Microsoft Defender Application Guard. Double-click on the Activate Microsoft Defender Application Guard in Managed Mode setting and select the Enabled choice. Enter the worth as per the necessities and click on the OK button.
Learn: The right way to Flip On Defender Application Guard for Microsoft Edge
How do I allow Home windows Defender in GPEDIT?
To allow Home windows Defender or Microsoft Defender utilizing GPEDIT, open the Native Group Coverage Editor and go to this path: Pc Configuration > Administrative Templates > Home windows Parts > Microsoft Defender Antivirus. Double-click on the Flip off Microsoft Defender Antivirus setting and select the Not Configured or Disabled choice. Click on the OK button.