Microsoft is currently hosting their Ignite conference, which is somewhat the successor of TechEd. Monday kicked off with a couple of keynotes, including one from Satya Nadella himself, but this post will focus on a specific announcement: Windows Defender Application Guard.
With a typical web browser, a malicious website can infect the user's PC by knowing an unpatched vulnerability, and exploiting it before they update their browser. The next feature release of Windows 10 is expected to include virtualization technology, again called Windows Defender Application Guard, which runs websites in a lightweight virtual machine if they are opened in Edge and not part of a whitelist. This means that the attacker, who wants to infect the user's device, not only needs to know of a vulnerability in Edge; they also need to know of a vulnerability in the virtual machine, and they must be able to use the Edge vulnerability to exploit it. Especially for enterprise environments, where ransom malware that encrypts any data it finds can be devastating, this should add a huge wall protecting a large, complex application platform (the web browser) from untrusted third-parties (websites).
Of course, this concept isn't new. Not only are virtual PCs are common in the enterprise for security and control reasons, but applications like SandboxIE have more directly implemented similar ideas. Still, having it be a built-in feature of the operating system should mean that it gets even more support with regards to performance and stability, versus tacking on a third-party solution through public APIs.
Speaking of public APIs — Microsoft won't be providing one at first. It will only be used for Edge for the time being. Also, it's only available for Windows 10 Enterprise, so I hope you didn't get your hopes up.
Wow, that turned dark real quick.