Microsoft Defender Application Guard for Office removal shifts Office files to Protected View
Security Tool/Service
Summary
Hide ▲
Show ▼
Microsoft is removing Defender Application Guard for Office (MDAG) from Office, shifting untrusted documents to Protected View and reducing one isolation layer for enterprise users. The phased rollout starts with Office version 2602 in February 2026 and is scheduled to finish by version 2612 in December 2027. Administrators are being directed to rely on Microsoft Defender for Endpoint ASR rules and Windows Defender Application Control (WDAC) to preserve protection.
Related Happenings
Microsoft Defender for Endpoint automatic endpoint isolation preview
Security Tool/Service
First: 26.05.2026 15:19
Last: 26.05.2026 15:19
Sources 1
About this happening:
Microsoft is previewing **automatic isolation** for compromised endpoints in **Defender for Endpoint**, reducing **lateral movement** risk on managed workstations. The capability...
Microsoft Defender for Endpoint automatic endpoint isolation preview
Security Tool/ServiceAbout this happening: Microsoft is previewing **automatic isolation** for compromised endpoints in **Defender for Endpoint**, reducing **lateral movement** risk on managed workstations. The capability...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
Vulnerability
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft Defender zero-days exploited in attacks (multiple vulnerabilities)
VulnerabilityAbout this happening: Microsoft began rolling out fixes for **CVE-2026-41091** and **CVE-2026-45498**, two **actively exploited zero-days** in **Microsoft Defender** components that affect unpatched Wi...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
KongTuke Microsoft Teams initial access campaign
Campaign
First: 14.05.2026 15:12
Last: 14.05.2026 15:12
Sources 1
About this happening:
The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
KongTuke Microsoft Teams initial access campaign
CampaignAbout this happening: The **KongTuke** campaign now uses **Microsoft Teams** social engineering to gain persistent access to **corporate networks**, shortening initial compromise to **under five minute...
CISA KEV order for BlueHammer patching
Public Sector Action
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
Timeline
-
04.11.2025 21:02 2 articles · 6mo ago
Microsoft sets staged Defender Application Guard removal from Office
Initial DisclosureMicrosoft says Defender Application Guard for Office will continue its removal from Office on a staged schedule that starts with Office version 2602 in early February 2026 and ends with version 2612 in December 2027. Office files that previously opened in Application Guard will open in Protected View instead, and administrators are told to rely on Microsoft Defender for Endpoint ASR rules and Windows Defender Application Control to preserve protection for malicious Office documents. Microsoft had already deprecated MDAG in November 2023 and retired it in April 2024.
Show sources
- Microsoft removing Defender Application Guard from Office — www.bleepingcomputer.com — 04.11.2025 21:02
- Microsoft removing Defender Application Guard from Office — www.bleepingcomputer.com — 04.11.2025 21:02