Citrix Endpoint Management

Application Guard device policy

March 6, 2024

Contributed by:

K C

The Application Guard policy specifies Windows Defender Application Guard settings. The settings include whether to enable Application Guard and controls for clipboard behavior.

Windows Defender Application Guard protects your environment from sites that haven’t been defined as trusted by your organization. When users visit sites that aren’t listed in your isolated network boundary: The sites open in a virtual browsing session in Hyper-V. Enterprise cloud resources define trusted sites.

Requirements

Devices running Windows 10 Enterprise (64-bit) or Windows 11 Enterprise (64-bit). A device restart is required to install the Windows Defender Application Guard.
Microsoft Edge browser

Windows Desktop and Tablet settings

Device Policies configuration screen

Application guard: Enables Application Guard. Default is Off.
- Enterprise cloud resources: A comma-separated list of enterprise cloud domains.
Clipboard behavior: Controls which directions content can be copied and pasted. The options are as follows:
- Not configured
- Allow copy and paste only from browser to PC: Allows users to copy and paste content only from their browser to their PC.
- Allow copy and paste only from PC to browser: Allows users to copy and paste content only from their PC to their browser.
- Allow copy and paste between PC and browser: Allows users to copy and paste content freely between their PC and browser.
- Block copy and paste between PC and browser: Does not allow users to copy and paste content between their PC and browser.
Clipboard content: Controls which content users can copy and paste. The options are as follows:
- No restriction
- Allow text copying: Allows users to copy text only.
- Allow image copying: Allows users to copy images only.
- Allow both text and image copying: Allows users to copy both text and images.
Block external content on enterprise sites: If On then the Windows Defender Application Guard prevents content from unapproved sites from loading on enterprise sites. Default is Off.
Retain user-generated browser data: If On then allows saving user data created during an Application Guard virtual browsing session. This data includes things like passwords, favorites, and cookies. Default is Off.

The official version of this content is in English. Some of the Cloud Software Group documentation content is machine translated for your convenience only. Cloud Software Group has no control over machine-translated content, which may contain errors, inaccuracies or unsuitable language. No warranty of any kind, either expressed or implied, is made as to the accuracy, reliability, suitability, or correctness of any translations made from the English original into any other language, or that your Cloud Software Group product or service conforms to any machine translated content, and any warranty provided under the applicable end user license agreement or terms of service, or any other agreement with Cloud Software Group, that the product or service conforms with any documentation shall not apply to the extent that such documentation has been machine translated. Cloud Software Group will not be held responsible for any damage or issues that may arise from using machine-translated content.

Was this helpful

Application Guard device policy

March 6, 2024

Contributed by:

K C

March 6, 2024

Contributed by:

K C

Application Guard device policy

Requirements

Windows Desktop and Tablet settings

In this article