Hardware-based isolation in Windows 10

Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

Hardware-based isolation helps protect system integrity in Windows 10 and is integrated with Microsoft Defender ATP.

Feature Description
Windows Defender Application Guard Application Guard protects your device from advanced attacks while keeping you productive. Using a unique hardware-based isolation approach, the goal is to isolate untrusted websites and PDF documents inside a lightweight container that is separated from the operating system via the native Windows Hypervisor. If an untrusted site or PDF document turns out to be malicious, it still remains contained within Application Guard’s secure container, keeping the desktop PC protected and the attacker away from your enterprise data.
Windows Defender System Guard System Guard protects and maintains the integrity of the system as it starts and after it's running, and validates system integrity by using attestation.