When it comes to IT, whether it’s Support, DevOPS, SecOPS and so forth, having an isolated environment in which to test with is a necessity. An isolated environment allows one to conduct system level tests or changes without running the risk of damaging the host system.
Microsoft introduced Windows Sandbox with the May 2019 update for Windows 10. The prospect of this sounded great. Having a VM (virtual machine) baked into the OS without any need for additional virtualization software would be fantastic. If it worked. Try as I did, I could not get it to work. Once it was enabled, every time I tried to run the app nothing happened and so I abandoned Windows Sandbox and stuck with VirtualBox as the de facto application for my testing needs.
As it stands, I frequently make use of VirtualBox – I use it for work and I run Ubuntu on it. In terms of the former, I use a Windows VM for phishing testing and another one as my work machine as it is required to be organization-enrolled, and I’m not about to do so with my personal device.
Fast forward 3 years, I’ve switched to Windows 11 and almost completely forgot about Windows Sandbox, until today. Much to my surprise it is now working, without issue. I’ve enabled it on Windows 11, on the same hardware and it’s been working like a breeze.
All you need to do is navigate to Windows Features (Search > Turn Windows Features On or Off) and scroll down to Windows Sandbox. Tick it, and you’ll be required to reboot.
As soon as you run the app, you’ll have a fully functional Windows 11 VM ready to use in a few seconds, completely isolated from the host machine. A sandbox is temporary so anything you do there, any changes you make or files copied into it will be deleted along with the sandbox itself. The next time you start Sandbox, you will be greeted with a fresh Windows instance once again. It is also worth noting that you can only run 1 Sandbox at a time.
So while Windows Sandbox is certainly not a replacement for VirtualBox, it does offer an extremely light-weight VM that requires no configuration and starts up in seconds. An ideal tool for isolated testing, especially if it’s just to test something quickly like opening a suspicious attachment or URL.
For more information, check out the Windows Sandbox documentation here.
1 thought on “Windows Sandbox – A lightweight desktop environment to safely run applications in isolation”
Excellent, thank you. I wasn’t even aware that Sandbox existed. Useful article!