Inconsistent IPC behavior from Office AppContainer child processes across identical execution paths

Question

We're observing inconsistent IPC behavior in Microsoft 365 Word (and other Office apps) when opened in Protected View, across different PCs with otherwise identical configurations.

Context:

1. This issue occurs on both Windows 10 and Windows 11 environments.
2. Word is part of Microsoft 365 (Click-to-Run), no third-party Office customizations.
3. Our test scenario uses a DLL injected into WINWORD.EXE, which attempts to communicate with a separate Medium IL process via NamedPipe IPC.
4. The behavior has been reproduced across multiple versions including Beta Channel builds.

Execution Flow (identical across all environments):

1. A .docx file is opened by WINWORD.EXE (Medium IL).
2. Word spawns a child process in AppContainer (Low IL).
3. This child process opens a copy of the document under: '..\packages\oice_###...'
4. An injected DLL inside the child Word process attempts to perform IPC with a Medium IL agent process via NamedPipe.

Problem:

On some machines, the IPC connection from the injected DLL in Word to the agent fails with ERROR_ACCESS_DENIED.

• On other machines, using the exact same Word build, OS version, and test scenario, the IPC succeeds.

My questions are:

• What determines whether Microsoft 365's AppContainer child process enforces IPC restrictions on other processes?
• Is there an app security policy that is related to app isolation?