CIS Microsoft Windows 10 Enterprise Release 1909 Benchmark

18.9.78.6 (NG) Ensure 'Configure Windows Defender Application Guard clipboard settings: Clipboard behavior setting' is set to 'Enabled: Enable clipboard operation from an isolated session to the host' (Scored)

ProfileApplicability:

 Level 1 (L1) + Next Generation Windows Security (NG)

 Level 1 (L1) + BitLocker (BL) + Next Generation Windows Security (NG)

 Level 2 (L2) + Next Generation Windows Security (NG)

 Level 2 (L2) + BitLocker (BL) + Next Generation Windows Security (NG)

 Next Generation Windows Security (NG) - optional add-on for use in the newest hardware and configuration environments

Description:

This policy setting allows you to decide how the clipboard behaves while in Windows Defender Application Guard (WDAG). The recommended state for this setting is: Enabled: Enable clipboard operation from an isolated session to the host . Note: WDAG requires a 64-bit version of Windows and a CPU supporting hardware- assisted CPU virtualization (Intel VT-x or AMD-V). This feature is not officially supported on virtual hardware, although it can work on VMs (especially for testing) provided that the hardware-assisted CPU virtualization feature is exposed by the host to the guest VM.

More information on system requirements for this feature can be found at this link:

System requirements for Windows Defender Application Guard (Windows 10) | Microsoft Docs

1115 | P a g e