Windows Defender Application Guard makes sure that any file you download stays in the virtual container. This makes sure that malicious files don’t breach into the host system. However, sometimes you need to download files to the host. Microsoft has offered this feature i.e. Download files to the host in Windows 10 Enterprise when using Edge. This feature is off by default, so let’s take a look on how you can enable download files to host with Microsoft Edge

Allow files to download and save to the host operating

Do remember that once you or IT admin enable this feature, all files that the user downloads will be available in the Downloads Folder. You will be able to open all files on the host and install it if applicable. This feature is available with Windows 10 Enterprise v1809 with Windows Defender Application Guard feature installed, and Network Isolation policies configured.

1. Run gpedit.msc to open the Local Group Policy Editor.
2. Navigate to Administrative Templates > Windows Components > Windows Defender Application Guard.
3. Select Allow files to download and save to the host operating system from the right hand side.
4. Select Enabled and Apply.
5. Restart Windows 10.

After this, all files which you download will be available in a folder called Untrusted files nested inside the Downloads folder. WDAG creates this folder when you download the first file post policy activation.

When this feature is off, and you try to run an EXE Application Guard will block it. This is applicable to any file from the internet.

Application Guard makes sure that enterprise devices are not breached by any malware or untrusted software. Specially designed for Windows 10 and Microsoft Edge, it makes sure only trusted websites, and resources have access. However, with this option, users will have to be responsible for any risks of opening the files on the host.

• Tags: Edge, Group Policy