Open untrusted websites in Microsoft Defender Application Guard

Designed for Windows 10 and Microsoft Edge, Application Guard helps to isolate enterprise-defined untrusted sites, protecting your company while your employees browse the Internet. 

If an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated Hyper-V-enabled container, which is separate from the host operating system. This container isolation means that if the untrusted site turns out to be malicious, the host PC is protected, and the attacker can't get to your enterprise data. For example, this approach makes the isolated container anonymous, so an attacker can't get to your employee's enterprise credentials.

Prerequisites: This feature is available on Windows 10 Enterprise edition builds 20175.1001 or later. You will also need Internet Explorer 11 and the new Microsoft Edge , and you will need to have Application Guard enabled.  

To install Microsoft Defender Application Guard

• Open the Control Panel, select Programmes, and then select Turn Windows features on or off. 
• Select the tick box next to Hyper-V and Microsoft Defender Application Guard and then click OK. 
• Restart your device.
• Open Edge. In the upper-right select ... and then select New Application Guard Window. Once a Microsoft Edge Application Guard window opens—the first time takes several minutes—Application Guard setup is complete. 

 To set up the Network Isolation settings in Group Policy

• In the search box, type Group Policy, and then select Edit Group Policy. 
• Go to the Administrative Templates > Network > Network Isolation > Enterprise resource domains hosted in the cloud setting. 
• Select Enabled.
• For the purposes of this scenario, type .microsoft.com into the Enterprise cloud resources box. 
• Go to the Administrative Templates > Network > Network Isolation > Domains categorised as both work and personal setting.
• For the purposes of this scenario, type bing.com into the Neutral resources box. 

 To turn on Application Guard in Managed Mode

• Go to the Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Application Guard > Turn on Microsoft Defender Application Guard in Managed Mode setting. 
• Click Enabled, choose Option 1, and select OK.
   
  For more details on System requirements for Microsoft Defender Application Guard and other details , please check this. (Source: FeedbackHub Quests)