Win32 app isolation overview

The Win32 app isolation security feature for Windows provides a sandbox environment that can integrated into Win32 apps, providing an additional layer of security. This enhancement requires little to no change to your code.

If you have a feature request or wish to report a bug, file an issue in our GitHub repo.

Important

This feature is in preview: Some information relates to a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Target application types

• Win32
• Desktop Bridge (Centennial)

Minimum requirements

The following are the minimum requirements to create a Win32 app isolation app:

• Windows 11, version 24H2 (build 26100) or later.
• Development tools for packaging:
  • Visual Studio version 17.10.2 or greater.
  • Or use the Customized MSIX Packaging Tool on GitHub.
• (Optional) Application Capability Profiler (ACP) and Windows Performance Recorder (WPR) are available, if you need to identify the capabilities to use.

Creating a Win32 app isolation app

These are the steps to consider when creating a Win32 app isolation app:

• If you are using Visual Studio to build your project:
  • Follow the packaging instructions for Visual Studio.
• Or if you have the Win32 installer / MSIX package:
  • Create an MSIX package from a Win32 installer.
  • Turn an MSIX Package into an isolated Win32 app.
• If you need to identify the required capabilities:
  • Use the ACP tool.
  • Repackage the app with the capabilities that were identified.

Related topics

Application Capability Profiler

Microsoft.Windows.Win32Isolation.ApplicationCapabilityProfiler Module

Understanding how packaged desktop apps run on Windows