I’m Digging This New Sandbox

This month the team is focusing on things we’re passionate about. It took me all of five seconds to know that finding the best ways to utilize tech is my jam. Do I want to have a conversation about things you need to do to prepare for upcoming Microsoft products retiring? Yes I do. Drop me a line! But today I’m connecting with my developers because I’m really digging Microsoft’s new sandbox!

What is Sandboxing?
Microsoft is providing a way for developers, and interested users, to test their applications or software in a Windows Sandbox (previously referred to as “InPrivate Desktop”). This is wonderful news as sandboxing allows native Windows 10 Pro/Enterprise 18305 or later to create its own lightweight, isolated, temporary desktop environment. What makes the native sandboxing exciting is its ease of use. Sandboxing gives you the ability to use a copy of the Windows 10 operating system installed on the local machine; there’s no need to download a new VHD image as needed with virtual machines.


Though not exactly the same, it might be easier to think of sandboxing as akin to private browsing through your web browser. Sandboxing allows you to create a new, temporary Windows 10 instance. In this instance, you can run programs and test codes and applications to understand whether they run well, crash or are otherwise harmful. Have an email with a weird attachment, a zip file with executables or links that seem legit but you want to make sure? With sandboxing, IT (or general users) can open the attachment in a sandbox environment without impacting their own machine or the company network. This can save time and resources for developers and IT departments who can safely use their own machine for testing.

How Does it Work?
The new sandbox instance will link to the host (original) machine’s files that do not change. The sandbox machine will also create a copy of files that need to be changed (written to), but that copy is isolated to the sandbox and not written back to the host machine.

To allow resource-limited machines (laptops/desktops) to leverage sandboxing, Windows will allow the host and the sandbox to use the same memory mappings. For instance, “ntdll” can be accessed by two machines, but the file is only located in one physical memory space. Microsoft assures us that this is done in a highly secure way. The host is treating the sandbox like an application to improve responsiveness while still upholding security barriers similar to a virtual machine.

Microsoft thought about battery usage as well; the sandbox is aware of the host’s battery state and is optimized for power consumption.

How Do I Get Sandbox Installed?
Microsoft has released the new sandbox to their “Fast Ring” insiders who are risk seekers and enjoy living on the edge. Unfortunately it requires Windows 10 Pro or Enterprise with build 18305 or higher. It has not been released to the wild just yet, but once the version is made available, it will be pretty simple to check for updates.

Loving this geek-out? I plan to team up with Kenny Leckie for a deeper dive later this month. Until then, you can check out more information on the Microsoft Tech Community.