Microsoft is killing off Defender Application Guard for Office

More than a year-and-a-half after announcing its retirement, Microsoft has revealed its plans to fully remove Defender Application Guard from Office.

The journey has been a long a slow one for the this security feature which isolates untrusted Office documents in a virtualized contained. Deprecation was first announced way back in November 2023, and the process of complete removal will not be finished until the end of 2027.

Microsoft made the announcement in a post to the Microsoft 365 message center update. It starts off saying: “Microsoft Defender Application Guard for Office, retired in April 2024, will be removed from Office by December 2027. Files will open in Protected View instead. Admins should enable Microsoft Defender for Endpoint ASR rules and Windows Defender Application Control to maintain security. No admin action is required for removal“.

The rest of the post from Microsoft reads:

Microsoft Defender Application Guard for Office was retired in April 2024 and is now being removed from Office. This change aligns with the end of support for Windows 11 version 23H2 and helps streamline the security experience for users. Documents that previously opened in Application Guard will now open in Protected View, maintaining strong protection against threats.

When this will happen:

Phase 1: Removal begins with Office version 2602

• Current Channel: early February 2026
• Monthly Enterprise Channel: April 2026
• Semi-Annual Enterprise Channel: July 2026

Phase 2: Full removal with Office version 2612

• Current Channel: early December 2026
• Monthly Enterprise Channel: February 2027
• Semi-Annual Enterprise Channel: July 2027

How this affects your organization:

Who is affected: All Win32 users who previously used Microsoft Defender Application Guard for Office.

What will happen:

• Files that previously opened in Application Guard will now open in Protected View.
• Application Guard for Office will be disabled in Phase 1; support exceptions may be available until Phase 2.
• Application Guard for Office will be fully removed in Phase 2 with no workaround.
• Admins are encouraged to enable Microsoft Defender for Endpoint Attack Surface Reduction (ASR) rules and Windows Defender Application Control (WDAC).

What you can do to prepare:

No admin action is required for the removal itself. However, to maintain strong protection, we recommend:

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

• Enable Microsoft Defender for Endpoint ASR rules to block risky behaviors in Office files.
• Enable Windows Defender Application Control (WDAC) to ensure only trusted, signed code runs on devices.
• Review internal documentation and helpdesk guidance if your organization previously relied on Application Guard for Office.

For instructions on verifying if users are using Application Guard for Office, refer to Confirm that Application Guard for Office is enabled and working – Application Guard for Office for admins | Microsoft Learn.

Image credit: Skorzewiak / depositphotos