In a major shift for enterprise cybersecurity, Microsoft is officially retiring its “Microsoft Defender Application Guard for Office” (MDAG) feature, with removal beginning in early 2026 and full retirement by December 2027. The tool, which used hardware-based virtualization (Hyper-V) to isolate untrusted Word, Excel and PowerPoint files, will no longer be supported; instead, Microsoft recommends transitioning to alternatives such as Microsoft Defender for Endpoint “Attack Surface Reduction” (ASR) rules, “Protected View” mode and Windows Defender Application Control (WDAC). The change aligns with the end of support for Windows 11 23H2 and reflects Microsoft’s broader strategy to consolidate security features under its unified endpoint protection ecosystem.
Sources: Bleeping Computer, Microsoft
Key Takeaways
– Microsoft is deprecating MDAG and plans to remove it entirely from Office by December 2027, starting with version 2602 in early 2026.
– IT administrators must plan to implement alternative protections (Defender for Endpoint ASR rules, Protected View, WDAC) to maintain comparable security for Office-based threats.
– The move reflects Microsoft’s strategic pivot away from specialized sandboxing features toward broader, integrated endpoint security frameworks.
In-Depth
Microsoft’s announcement marks a significant pivot for enterprise Office file security. Launched in a limited preview in November 2019 and broadly available to Microsoft 365 E5 customers, MDAG provided a containerized sandbox around untrusted Word, Excel and PowerPoint documents, preventing those documents from accessing trust networks, user identity or sensitive resources. It leveraged Hyper-V isolation to keep hostile content contained. However, Microsoft has concluded that this dedicated sandboxing feature no longer aligns with its evolving endpoint protection architecture.
According to Microsoft’s updated documentation, MDAG for Office is being deprecated—meaning it will no longer receive updates—and the corresponding Windows.Security.Isolation APIs that supported it are also being retired. Microsoft’s guidance instructs organizations to adopt attack surface reduction (ASR) rules available in Defender for Endpoint, enable Office’s Protected View mode and apply Windows Defender Application Control as replacement tools. These alternatives attempt to achieve similar outcomes (i.e., controlling code execution, isolating risky content) though not via the same Hyper-V container approach.
The timeline is firm: starting with Office version 2602 (Current Channel) slated for early February 2026, MDAG support begins being phased out; full removal is projected with version 2612 in December 2026 (Current Channel) and extended into 2027 for other servicing channels. Organizations still relying on MDAG must act now to ensure continuity without exposure gaps. Administrators should inventory use of MDAG, assess legacy dependencies on its container model (e.g., macros, active content handling), and deploy the recommended alternatives well before the removal windows.
From a strategic perspective, Microsoft’s move signals a broad transition. Instead of offering an isolated feature for Office alone, Microsoft is folding protections into its unified Defender for Endpoint ecosystem—capitalizing on telemetry, threat intelligence and built-in ASR rules. While this simplifies the vendor stack, it places pressure on IT teams to validate that the new controls deliver equivalent risk mitigation. Some security professionals caution that the alternatives don’t fully replicate hardware-based sandboxing with the same isolation guarantees, so transitioning may involve mitigation trade-offs.
For enterprises, this means the era of dedicated Office sandboxing via MDAG is ending, and proactive planning is required. Reviewing licensing (MDAG required Microsoft 365 E5 or Defender Suite), confirming alternative features are enabled and training users for changes (e.g., reliance on Protected View rather than fully editable isolated documents) will be key. In the broader frame of endpoint security, this change underscores that specialized features eventually give way to integrated, platform-wide protections—and organizations must keep pace or face increased exposure.