Win32 app isolation overview

The Win32 app isolation security feature for Windows provides a sandbox environment that can be integrated into Win32 apps, providing an additional layer of security. This enhancement requires little to no change to your code.

For the latest updates and enhancements, please refer to the Release notes.

If you have a feature request or wish to report a bug, file an issue in our GitHub repo.

Important

This feature is in preview: Some information relates to a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Target application types

• Win32
• Desktop Bridge (Centennial)
• Desktop apps packaged with external location

Minimum requirements

The following are the minimum requirements to create a Win32 app isolation app:

• Windows 11, version 24H2 (build 26100) or later.
• Development tools for packaging:
  • Visual Studio version 17.10.2 or greater.
• (Optional) Application Capability Profiler (ACP) and Windows Performance Recorder (WPR) are available, if you need to identify the capabilities to use.

Creating a Win32 app isolation app

These are the steps to consider when creating a Win32 app isolation app:

• Follow the packaging instructions for Visual Studio.
• If you need to identify the required capabilities:
  • Use the ACP tool or the Supported Capabilities section.
  • Repackage the app with the capabilities that were identified.

Related topics

Application Capability Profiler

Microsoft.Windows.Win32Isolation.ApplicationCapabilityProfiler Module

Understanding how packaged desktop apps run on Windows