Windows Defender Application Guard: Firewall rules

Peter Francks 1 Reputation point
2022-06-14T18:24:34.237+00:00

Dear all,
I would like to limit the traffic that the Edge browser in WDAG (Windows Defender Application Guard) can initiate (outbound). The idea is to prevent access to internal network addresses in cases where the WDAG container gets taken over. Therefore I would like to prevent access to local sites.

How can I achieve this? How can I define firewall rules for the WDAG traffic?

Furthermore, is it possible to change the routing of the WDAG traffic e.g. to go via a second network adapter (VPN or physical)?

Thanks!
Peter

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,380 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,980 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
10,499 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Reza-Ameri 17,011 Reputation points
    2022-06-16T15:04:46.727+00:00

    You may define Network Boundry, and the policy is located on Computer Configuration\Administrative Templates\Network\Network Isolation.
    Have a look at:
    https://learn.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.