Allow auditing events in Microsoft Defender Application Guard

This policy setting allows you to decide whether auditing events can be collected from Microsoft Defender Application Guard.

If you enable this setting, Application Guard inherits auditing policies from your device and logs system events from the Application Guard container to your host.

If you disable or don't configure this setting, event logs aren't collected from your Application Guard container.

Supported on: Windows 10 Enterprise, Windows 10 Education, or later

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\AppHVSI
Value NameAuditApplicationGuard
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

apphvsi.admx

Administrative Templates (Computers)

Administrative Templates (Users)