Win32 app isolation overview

The Win32 app isolation security feature for Windows provides a sandbox environment that can integrated into Win32 apps, providing an additional layer of security. This enhancement requires little to no change to your code.

For the latest updates and enhancements, please refer to the Release notes.

If you have a feature request or wish to report a bug, file an issue in our GitHub repo.

Important

This feature is in preview: Some information relates to a prerelease product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

Target application types

Minimum requirements

The following are the minimum requirements to create a Win32 app isolation app:

Creating a Win32 app isolation app

These are the steps to consider when creating a Win32 app isolation app:

  • If you are using Visual Studio to build your project:
  • Or if you have the Win32 installer / MSIX package:
    • Create an MSIX package from a Win32 installer.
    • Turn an MSIX Package into an isolated Win32 app.
  • If you need to identify the required capabilities:
    • Use the ACP tool.
    • Repackage the app with the capabilities that were identified.

Application Capability Profiler

Microsoft.Windows.Win32Isolation.ApplicationCapabilityProfiler Module

Understanding how packaged desktop apps run on Windows