Allow data persistence for Microsoft Defender Application GuardID: oval:org.secpod.oval:def:81726 | Date: (C)2022-06-23 (M)2023-12-13 |
Class: COMPLIANCE | Family: windows |
This policy setting allows you to decide whether data should persist across different sessions in Microsoft Defender Application Guard.
If you enable this setting, Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.
Note:
If you enable this setting, you can still delete a user's data from a specific device using the Reset-ApplicationGuard PowerShell command. Running this command deletes all employee data, regardless of configuration, and can result in data loss for the employee.
If you disable or don't configure this setting, Application Guard deletes all user data within the Application Guard container.
Fix:
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Application Guard\Allow data persistence for Microsoft Defender Application Guard
(2) REG: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AppHVSI!AllowPersistence
Platform: |
Microsoft Windows 10 |