Hello, and welcome back. What we're going to do here in this quick demonstration is walk through the process of installing Application Guard on devices through Intune or Microsoft Endpoint Manager. Essentially, what we're gonna do here is create a profile that pushes this out to our devices. Now, on the screen here, I'm logged into my Microsoft Endpoint Manager admin center, and that's located at endpoint.microsoft.com. 

I'm logged in as my global admin. And to make this happen, what I'm going to do is browse over to Devices in the left pane here, in the navigation pane, and then from the Devices Overview page here, we're gonna go down into Configuration profiles because that's what we're doing here. We're essentially creating a configuration profile.

So we'll go ahead and select Configuration profiles. And from here, we can see all of the existing configuration profiles that exist. What we're gonna do here is create a new one. And this is going to be for Windows 10, so we'll go down into Windows 10 and later, and then for Profile type here, we can select either of the Settings catalog, which is in preview, or choose a Template. What we'll do here is choose a Template. And the template we're gonna use is Endpoint protection, so we'll go ahead and select that and create it. And then we have to complete some basic information.

We need to set our configuration settings, do any kind of scope tagging, which we're probably not gonna do here. We can assign it. And then we can specify any specific applicability rules, which we're not gonna do here. We'll review, and then create the policy, or profile, I should say. So what we're gonna do here for this Endpoint protection configuration profile here, we're just gonna call it Application Guard. And since description here is not required, we'll leave it alone for now. We'll go ahead and Next it. And then in Configuration settings, we see all the different options we have here.

Since we do want to deploy Defender Application Guard, we'll select the Application Guard dropdown. And when we do that, we have some pieces of information here that we can configure. Not everything is mandatory, but what is mandatory is the Application Guard option, since this is what we're going to deploy. So we'll select the dropdown here, and we'll enable it for Edge. And once we do that, all of these other features light up, so to speak, and allow us to configure them. What we'll do here for this demonstration is just configure the Clipboard behavior.

Now, once we select this dropdown, we have a couple of different options. We can allow copy and paste from PC to browser only, copy and paste from browser to PC only, and then allow copy and paste between PC and browser, and copy and paste between PC, or block copy and paste between PC and browser. What we'll do here is we'll just select the first option here to allow copy and paste from PC to browser only. And when we do that, we do have a piece of information we do have to configure here.

If we select the dropdown for Clipboard content, we have to specify what Clipboard content we're gonna allow. And for this demonstration here, we'll allow text and images, and we'll leave the rest of our options at their defaults here. And then what we'll do is we'll Next it. We'll leave the default Scope tag in place. We'll Next it again. And then what we'll do here for Assignments is we'll just assign this to all users. We'll Next through. And now what we can do here with Applicability Rules is use these to specify how the profile gets assigned within a group.

So we're assigning this profile to all users. What we could do with the Applicability Rules is specify rules that would kind of allow us to filter it down or further branch out who should get these. We're gonna leave this alone. We'll go ahead and Next it. We can review our settings, and then go ahead and create our Application Guard device configuration profile. Now, this is telling me to assign the profile to at least one group. We've already done that by going to All Users. And there you have it. That's how you create a device configuration profile in Microsoft Endpoint Manager admin center that can go out and install Application Guard.