Windows Sandbox is a new lightweight desktop environment tailored for safely running applications in isolation.
How many times have you downloaded an executable file, but were afraid to run it?...
Updated Dec 12, 2022
Version 11.0
Blog Post
Looks like a great base for cool things to come.
What comes to my mind are the following use cases:
PAW (Privileged Access Workstation) is something Microsoft want's it admins to start using and this is, if implmented properly, a great way to go about it.
The host runs sensitive administrative applications without being exposed to mail attachments, internet downloads etc.
The sandbox "VM's" run Email, browser, word, excel etc. All unsafe workloads that needs to be separated from the host system.
A challenge for this scenario is the network, preferably the host is on an administrative network while the guest is on a client network.
Also all communication needs to be one way, no copying files out of the sandbox at all. And it needs to be persistent.
General application sandboxing (like the edge sandboxing announced earlier). All internet facing applications run in sandboxes while only basic trusted applications run on the host, something like a https://www.qubes-os.org/ light. Something i would personally use a lot to lessen the attack surface of my client.
This also requires the sandboxes to be persistent and, by extension, will introduce for somehow managing their settings centrally (GPO/DSC/whatever).
I see the point in making it non-persistent but i believe making it persistent and allowing multiple boxes to run simultaneously would open up a lot of possibilities.
This for me personally is one of the most exciting new features in Windows in a long time, IF it's potential is realized properly.