This policy setting enables application isolation through Microsoft Defender Application Guard. Application Guard uses Windows Hypervisor to create a virtualized environment for apps that are configured to use virtualization-based security isolation. While in isolation, improper user interactions and app vulnerabilities can't compromise the kernel or any other apps running outside of the virtualized environment. If you enable this setting, Application Guard is turned on for your organization. Options: 0. Disable Microsoft Defender Application Guard 1. Enable Microsoft Defender Application Guard for Microsoft Edge ONLY 2. Enable Microsoft Defender Application Guard for isolated Windows environments ONLY 3. Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments Fix: (1) GPO: Computer ConfigurationAdministrative TemplatesWindows ComponentsMicrosoft Defender Application GuardTurn on Microsoft Defender Application Guard in Managed Mode (2) REG: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftAppHVSI!AllowAppHVSI_ProviderSet

[Disable Microsoft Defender Application Guard/Enable Microsoft Defender Application Guard for Microsoft Edge ONLY/Enable Microsoft Defender Application Guard for isolated Windows environments ONLY/Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments]

(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Turn on Microsoft Defender Application Guard in Managed Mode (2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!AllowAppHVSI_ProviderSet