Malware laden attachments in emails have long been a favored attack vector for hackers.
Over the years, hackers have used attachments in spam emails to hide malware, mostly in rigged ZIP, PDF, and perhaps most common of all, Microsoft Office documents. They can also use ISO or IMG files, which when clicked, download and execute payloads.
While most email platforms have mechanisms in place to block nefarious activity, every so often suspicious emails with questionable attachments make their way to users' inboxes.
Going forward, when users of Office 365 open potentially unsafe attachments, they'll be opened in a sandbox, an action which should deter malicious attachments from executing and exploiting vulnerabilities. Microsoft formally rolled out the feature, Application Guard for Office, in public preview earlier this week.
Eric Wayne, a senior Microsoft 365 Apps Architect, shared the news on Monday describing it as a "a secure container that is isolated from the device through hardware-based virtualization."
When Office opens files in Application Guard, users can securely read, edit, print, and save files without having to reopen them outside the container, Wayne added.
It sounds like when enabled, Application Guard will open Word documents that appear compromised, like files with macros, which can be used to download malware or run PowerShell code, cautiously, in a container that's separate from the rest of Windows.
While macro malware sometimes feels as old as the internet itself, it continues to be a thorn in the side of IT admins.
While Application Guard was launched in limited preview for Office 365 last fall and a private preview this February, it wasn't ready for primetime until this week. It previously released a public preview of another feature, Safe Documents, which scans documents and files users open in Protected View in 365 E5 or Microsoft 365 E5 Security, earlier this year.
While the feature will be off by default, it can be turned on by admins who oversee environments with Word, Excel, PowerPoint for Microsoft 365, and Windows 10 Enterprise, Microsoft claims.
The company has published instructions on installing the feature, alongside guidance on its limitations and performance optimizations on its Microsoft 365 help center page.
