Microsoft Defender: Application Guard for Office is being removed

Plan for Change
Major Change

Message ID

MC1182696
View in Message Center

Services

Microsoft 365 suite

Summary

Microsoft Defender Application Guard for Office, retired in April 2024, will be removed from Office by December 2027. Files will open in Protected View instead. Admins should enable Microsoft Defender for Endpoint ASR rules and Windows Defender Application Control to maintain security. No admin action is required for removal.

Details

Microsoft Defender Application Guard for Office was retired in April 2024 and is now being removed from Office. This change aligns with the end of support for Windows 11 version 23H2 and helps streamline the security experience for users. Documents that previously opened in Application Guard will now open in Protected View, maintaining strong protection against threats.

When this will happen:

Phase 1: Removal begins with Office version 2602

  • Current Channel: early February 2026
  • Monthly Enterprise Channel: April 2026
  • Semi-Annual Enterprise Channel: July 2026

Phase 2: Full removal with Office version 2612

  • Current Channel: early December 2026
  • Monthly Enterprise Channel: February 2027
  • Semi-Annual Enterprise Channel: July 2027
How this affects your organization:

Who is affected: All Win32 users who previously used Microsoft Defender Application Guard for Office.

What will happen:

  • Files that previously opened in Application Guard will now open in Protected View.
  • Application Guard for Office will be disabled in Phase 1; support exceptions may be available until Phase 2.
  • Application Guard for Office will be fully removed in Phase 2 with no workaround.
  • Admins are encouraged to enable Microsoft Defender for Endpoint Attack Surface Reduction (ASR) rules and Windows Defender Application Control (WDAC).
What you can do to prepare:

No admin action is required for the removal itself. However, to maintain strong protection, we recommend:

  • Enable Microsoft Defender for Endpoint ASR rules to block risky behaviors in Office files.
  • Enable Windows Defender Application Control (WDAC) to ensure only trusted, signed code runs on devices.
  • Review internal documentation and helpdesk guidance if your organization previously relied on Application Guard for Office.

For instructions on verifying if users are using Application Guard for Office, refer to Confirm that Application Guard for Office is enabled and working - Application Guard for Office for admins | Microsoft Learn.

Compliance considerations:

No compliance considerations identified, review as appropriate for your organization.

Timeline

Published
Nov 4, 2025
Updated
Nov 4, 2025
End Date
Aug 31, 2027

Tags

User impactAdmin impactRetirement

Category

Plan for Change