chore: Update Windows Sandbox TOC and sample configuration files

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

@@ -7,13 +7,13 @@ ms.date: 09/09/2024
 
 # Use and configure Windows Sandbox
 
-To launch a Windows Sandbox with default settings, simply Locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties:
+To launch a Windows Sandbox with default settings, locate and select Windows Sandbox on the Start menu or search for 'Windows Sandbox'. This launches a basic Sandbox with 4GB memory with the following properties:
 
 - **vGPU (virtualized GPU)**: Enabled on non-ARM64 devices.
 - **Networking**: Enabled. The sandbox uses the Hyper-V default switch.
 - **Audio input**: Enabled. The sandbox shares the host's microphone input into the sandbox.
 - **Video input**: Disabled. The sandbox doesn't share the host's video input into the sandbox.
-- **Protected client**: Disabled. The sandbox doesn't have increased security settings on the Remote Desktop Protocol (RDP) session.
+- **Protected client**: Disabled. The sandbox doesn't use increased security settings on the Remote Desktop Protocol (RDP) session.
 - **Printer redirection**: Disabled. The sandbox doesn't share printers with the host.
 - **Clipboard redirection**: Enabled. The sandbox shares the host clipboard with the sandbox so that text and files can be pasted back and forth.
 
@@ -24,7 +24,7 @@ To launch a Windows Sandbox with default settings, simply Locate and select Wind
 
 You have the freedom to open files, install applications from the web, and perform various other tasks that benefit from an isolated clean environment.
 
-When you're finished experimenting, close the sandbox. A dialog box will prompt you to confirm the deletion of all sandbox content. Select "Ok" to proceed. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
+When you're finished experimenting, close the sandbox. A dialog box prompts you to confirm the deletion of all sandbox content. Select **Ok** to proceed. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.
 
 ## Configure a custom Windows Sandbox
 
@@ -35,7 +35,7 @@ A configuration file enables the user to control the following aspects of Window
 - **vGPU (virtualized GPU)**: Enable or disable the virtualized GPU. If vGPU is disabled, the sandbox uses Windows Advanced Rasterization Platform (WARP).
 - **Networking**: Enable or disable network access within the sandbox.
 - **Mapped folders**: Share folders from the host with *read* or *write* permissions. Exposing host directories might allow malicious software to affect the system or steal data.
-- **Logon command**: A command that's executed when Windows Sandbox starts.
+- **Logon command**: A command to execute when Windows Sandbox starts.
 - **Audio input**: Shares the host's microphone input into the sandbox.
 - **Video input**: Shares the host's webcam input into the sandbox.
 - **Protected client**: Places increased security settings on the Remote Desktop Protocol (RDP) session to the sandbox.
@@ -107,7 +107,7 @@ Supported values:
 
 An array of folders, each representing a location on the host machine that is shared with the sandbox at the specified path. Currently, relative paths aren't supported.
 
-When using `<Mappedfolders>` to map folders, the folders are mapped prior to the execution of the [Logon command](#logon-command).
+When using `<Mappedfolders>` to map folders, the folders are mapped before the execution of the [Logon command](#logon-command).
 
 ```xml
 <MappedFolders>
@@ -123,7 +123,7 @@ When using `<Mappedfolders>` to map folders, the folders are mapped prior to the
 ```
 
 - **HostFolder**: Specifies the folder on the host machine to share into the sandbox. The folder must already exist on the host, or the container fails to start.
-- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it is created. If no sandbox folder is specified, the folder is mapped to the container desktop.
+- **SandboxFolder**: Specifies the destination in the sandbox to map the folder to. If the folder doesn't exist, it gets created. If no sandbox folder is specified, the folder is mapped to the container desktop.
 - **ReadOnly**: If *true*, enforces read-only access to the shared folder from within the container. Supported values: *true*/*false*. Defaults to *false*.
 
 > [!NOTE]
@@ -154,8 +154,8 @@ Enables or disables audio input to the sandbox.
 
 Supported values:
 
-- **Enable**: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone may require this capability.
-- **Disable**: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone may not function properly with this setting.
+- **Enable**: Enables audio input in the sandbox. If this value is set, the sandbox can receive audio input from the user. Applications that use a microphone might require this capability.
+- **Disable**: Disables audio input in the sandbox. If this value is set, the sandbox can't receive audio input from the user. Applications that use a microphone might not function properly with this setting.
 - **Default**: This value is the default value for audio input support. Currently, this default value denotes that audio input is enabled.
 
 > [!NOTE]
@@ -172,8 +172,8 @@ Enables or disables video input to the sandbox.
 Supported values:
 
 - **Enable**: Enables video input in the sandbox.
-- **Disable**: Disables video input in the sandbox. Applications that use video input may not function properly in the sandbox.
-- **Default**: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input may not function properly in the sandbox.
+- **Disable**: Disables video input in the sandbox. Applications that use video input might not function properly in the sandbox.
+- **Default**: This value is the default value for video input support. Currently, this default value denotes that video input is disabled. Applications that use video input might not function properly in the sandbox.
 
 > [!NOTE]
 > There may be security implications of exposing host video input to the container.
@@ -231,4 +231,4 @@ Specifies the amount of memory that the sandbox can use in megabytes (MB).
 <MemoryInMB>value</MemoryInMB>
 ```
 
-If the memory value specified is insufficient to boot a sandbox, it is automatically increased to the required minimum amount.
+If the memory value specified is insufficient to boot a sandbox, it's automatically increased to the required minimum amount.

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-install.md

@@ -52,7 +52,7 @@ ms.date: 09/09/2024
 
 ## Try WSB preview features by joining the Windows Insider Program
 
-To try the most recent features or updates to WSB, join the [Windows Insiders Program](https://insider.windows.com/getting-started). Once you have joined Windows Insiders, you can choose the channel you would like to receive preview builds from inside the Windows settings menu. You can choose from:
+To try the most recent features or updates to WSB, join the [Windows Insiders Program](https://insider.windows.com/getting-started). After joining the Windows Insiders Program, you can choose the channel you would like to receive preview builds from inside the Windows settings menu. You can choose from:
 
 - **Dev channel**: Most recent updates, but low stability.
 - **Beta channel**: Ideal for early adopters, more reliable builds than the Dev channel.

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md

@@ -7,7 +7,7 @@ ms.date: 09/09/2024
 
 # Windows Sandbox
 
-Windows Sandbox (WSB) offers a lightweight, isolated desktop environment for safely running applications. It is ideal for testing, debugging, exploring unknown files, and experimenting with tools. Applications installed within the sandbox remain isolated from the host machine using hypervisor-based virtualization. As a disposable virtual machine (VM), Windows Sandbox ensures reboot persistence, quick launch times, and a lower memory footprint compared to full VMs. Its one-click setup simplifies the user experience.
+Windows Sandbox (WSB) offers a lightweight, isolated desktop environment for safely running applications. It's ideal for testing, debugging, exploring unknown files, and experimenting with tools. Applications installed within the sandbox remain isolated from the host machine using hypervisor-based virtualization. As a disposable virtual machine (VM), Windows Sandbox ensures reboot persistence, quick launch times, and a lower memory footprint compared to full VMs. Its one-click setup simplifies the user experience.
 
 The sandbox is temporary; closing it deletes all software, files, and state. Each launch provides a fresh instance. Host-installed software isn't available in the sandbox. Applications needed within the sandbox must be installed there explicitly.
 
@@ -16,21 +16,21 @@ The sandbox is temporary; closing it deletes all software, files, and state. Eac
 
 Windows Sandbox offers the following features:
 
-- **Part of Windows**: Everything required for this feature is included in the supported Windows SKUs like Pro, Enterprise and Education. There's no need to maintain a separate VM installation.
+- **Part of Windows**: Everything required for this feature is included in the supported Windows editions like Pro, Enterprise, and Education. There's no need to maintain a separate VM installation.
 - **Disposable**: Nothing persists on the device. Everything is discarded when the user closes the application.
 - **Pristine**: Every time Windows Sandbox runs, it's as clean as a brand-new installation of Windows.
 - **Secure**: Uses hardware-based virtualization for kernel isolation. It relies on the Microsoft hypervisor to run a separate kernel that isolates Windows Sandbox from the host.
-- **Efficient**: Takes a few seconds to launch, supports virtual GPU and has smart memory management that optimizes memory footprint.
+- **Efficient**: Takes a few seconds to launch, supports virtual GPU, and has smart memory management that optimizes memory footprint.
 
 > [!IMPORTANT]
 > Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](windows-sandbox-configure-using-wsb-file.md#networking). Enabling networking can expose untrusted applications to the internal network.
 
-WSB can be used by anyone without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can leverage WSB:
+WSB can be used without any technical skills in various scenarios where users need a secure, clean environment for testing or running potentially harmful software. Here are some ways in which you can use WSB:
 
 - **Clean environment for software testing**: Test or debug your applications in WSB's clean environment to identify and resolve bugs or compatibility issues.
 - **Secure web browsing**: Use WSB for secure web browsing, especially when accessing unfamiliar or potentially dangerous websites without putting your system at risk of malware infection.
 - **Running Untrusted Applications**: Mitigate security risks by opening untrusted applications or files, such as email attachments in WSB. Improve your safety and security by opening a sandbox with networking disabled and mapping the folder with the application or file you want to open to the sandbox in read-only mode. Check [Sample configuration files](windows-sandbox-sample-configuration.md) for more details.
-- **Testing or demoing new software for the first time**: Test drive or demo new software, unstable versions like beta, extensions or add-ons without the hassle of installing and then uninstalling on your host machine.
+- **Testing or demoing new software for the first time**: Test drive or demo new software, preview versions, extensions, or add-ons without the hassle of installing and then uninstalling on your host machine.
 - **Maintaining multiple dev environments**: Streamline your development process by utilizing WSB to maintain multiple sandboxes for different development environments. For example, maintain a sandbox for each python version and its dependencies!
 
 
@@ -38,10 +38,3 @@ WSB can be used by anyone without any technical skills in various scenarios wher
 
 > [!NOTE]
 > Windows Sandbox is currently not supported on Windows Home edition.
-
-## Usage
-
-1. Copy an executable file (and any other files needed to run the application) from the host and paste them into the **Windows Sandbox** window.
-2. Run the executable file or installer inside the sandbox.
-3. When you're finished experimenting, close the sandbox. A dialog box will state that all sandbox content will be discarded and permanently deleted. Select **Ok**.
-4. Confirm that your host machine doesn't exhibit any of the modifications that you made in Windows Sandbox.

windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-sample-configuration.md

@@ -73,7 +73,7 @@ C:\temp\vscode.exe /verysilent /suppressmsgboxes
 </Configuration>
 ```
 
-## Example 3 - Mapping Folders and running a PowerShell script as a LogOn Command
+## Example 3 - Mapping Folders and running a PowerShell script as a Logon Command
 
 The following config file runs a PowerShell script as a logon command to swap the primary mouse button for left-handed users.