mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 05:07:23 +00:00
Merge pull request #8322 from vinaypamnani-msft/vp-sec-app1
Move windows-sandbox and redirect
This commit is contained in:
Thomas Raya
GitHub
commit
afeb475e63
File diff suppressed because it is too large
Load Diff
@ -12,9 +12,9 @@ items:
|
||||
- name: Windows containers 🔗
|
||||
href: /virtualization/windowscontainers/about
|
||||
- name: Windows Sandbox
|
||||
href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md
|
||||
href: ./windows-sandbox/windows-sandbox-overview.md
|
||||
items:
|
||||
- name: Windows Sandbox architecture
|
||||
href: ../../threat-protection/windows-sandbox/windows-sandbox-architecture.md
|
||||
href: ./windows-sandbox/windows-sandbox-architecture.md
|
||||
- name: Windows Sandbox configuration
|
||||
href: ../../threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
|
||||
href: ./windows-sandbox/windows-sandbox-configure-using-wsb-file.md
|
||||
|
Before Width: | Height: | Size: 33 KiB After Width: | Height: | Size: 33 KiB |
|
Before Width: | Height: | Size: 16 KiB After Width: | Height: | Size: 16 KiB |
|
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 20 KiB |
|
Before Width: | Height: | Size: 53 KiB After Width: | Height: | Size: 53 KiB |
|
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 27 KiB |
@ -1,13 +1,8 @@
|
||||
---
|
||||
title: Windows Sandbox architecture
|
||||
description: Windows Sandbox architecture
|
||||
ms.prod: windows-client
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.topic: article
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
ms.date: 05/25/2023
|
||||
---
|
||||
|
||||
# Windows Sandbox architecture
|
||||
@ -19,7 +14,7 @@ Windows Sandbox benefits from new container technology in Windows to achieve a c
|
||||
Rather than requiring a separate copy of Windows to boot the sandbox, Dynamic Base Image technology uses the copy of Windows already installed on the host.
|
||||
|
||||
Most OS files are immutable and can be freely shared with Windows Sandbox. A small subset of operating system files are mutable and can't be shared, so the sandbox base image contains pristine copies of them. A complete Windows image can be constructed from a combination of the sharable immutable files on the host and the pristine copies of the mutable files. With the help of this scheme, Windows Sandbox has a full Windows installation to boot from without needing to download or store an extra copy of Windows.
|
||||
|
||||
|
||||
Before Windows Sandbox is installed, the dynamic base image package is stored as a compressed 30-MB package. Once it's installed, the dynamic base image occupies about 500 MB of disk space.
|
||||
|
||||
|
||||
@ -43,7 +38,7 @@ With ordinary virtual machines, the Microsoft hypervisor controls the scheduling
|
||||
|
||||
|
||||
Windows Sandbox employs a unique policy that allows the virtual processors of the Sandbox to be scheduled like host threads. Under this scheme, high-priority tasks on the host can preempt less important work in the Sandbox. This preemption means that the most important work will be prioritized, whether it's on the host or in the container.
|
||||
|
||||
|
||||
## WDDM GPU virtualization
|
||||
|
||||
Hardware accelerated rendering is key to a smooth and responsive user experience, especially for graphics-intensive use cases. Microsoft works with its graphics ecosystem partners to integrate modern graphics virtualization capabilities directly into DirectX and Windows Display Driver Model (WDDM), the driver model used by Windows.
|
||||
@ -53,7 +48,7 @@ This feature allows programs running inside the sandbox to compete for GPU resou
|
||||
|
||||
|
||||
To take advantage of these benefits, a system with a compatible GPU and graphics drivers (WDDM 2.5 or newer) is required. Incompatible systems will render apps in Windows Sandbox with Microsoft's CPU-based rendering technology, Windows Advanced Rasterization Platform (WARP).
|
||||
|
||||
|
||||
## Battery pass-through
|
||||
|
||||
Windows Sandbox is also aware of the host's battery state, which allows it to optimize its power consumption. This functionality is critical for technology that is used on laptops, where battery life is often critical.
|
||||
@ -1,16 +1,11 @@
|
||||
---
|
||||
title: Windows Sandbox configuration
|
||||
description: Windows Sandbox configuration
|
||||
ms.prod: windows-client
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier2
|
||||
ms.topic: article
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
ms.date: 05/25/2023
|
||||
---
|
||||
|
||||
# Windows Sandbox configuration
|
||||
@ -1,23 +1,18 @@
|
||||
---
|
||||
title: Windows Sandbox
|
||||
description: Windows Sandbox overview
|
||||
ms.prod: windows-client
|
||||
author: vinaypamnani-msft
|
||||
ms.author: vinpa
|
||||
manager: aaroncz
|
||||
ms.collection:
|
||||
- highpri
|
||||
- tier2
|
||||
ms.topic: article
|
||||
ms.date: 6/30/2022
|
||||
ms.technology: itpro-security
|
||||
ms.date: 05/25/2023
|
||||
---
|
||||
|
||||
# Windows Sandbox
|
||||
|
||||
Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine.
|
||||
|
||||
A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Note, however, that as of [Windows 11 Build 22509](https://blogs.windows.com/windows-insider/2021/12/01/announcing-windows-11-insider-preview-build-22509/), your data will persist through a restart initiated from inside the virtualized environment—useful for installing applications that require the OS to reboot.
|
||||
A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Note, however, that as of Windows 11, version 22H2, your data will persist through a restart initiated from inside the virtualized environment—useful for installing applications that require the OS to reboot.
|
||||
|
||||
Software and applications installed on the host aren't directly available in the sandbox. If you need specific applications available inside the Windows Sandbox environment, they must be explicitly installed within the environment.
|
||||
|
||||
@ -32,7 +27,7 @@ Windows Sandbox has the following properties:
|
||||
> [!IMPORTANT]
|
||||
> Windows Sandbox enables network connection by default. It can be disabled using the [Windows Sandbox configuration file](/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#networking).
|
||||
|
||||
[!INCLUDE [windows-sandbox](../../../../includes/licensing/windows-sandbox.md)]
|
||||
[!INCLUDE [windows-sandbox](../../../../../includes/licensing/windows-sandbox.md)]
|
||||
|
||||
## Prerequisites
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows application security
|
||||
description: Get an overview of application security in Windows
|
||||
ms.reviewer:
|
||||
ms.reviewer:
|
||||
manager: aaroncz
|
||||
ms.author: paoloma
|
||||
author: paolomatarazzo
|
||||
@ -21,7 +21,6 @@ The following table summarizes the Windows security features and capabilities fo
|
||||
|:---|:---|
|
||||
| Windows Defender Application Control | Application control is one of the most effective security controls to prevent unwanted or malicious code from running. It moves away from an application trust model where all code is assumed trustworthy to one where apps must earn trust to run. Learn more: [Application Control for Windows](threat-protection/windows-defender-application-control/windows-defender-application-control.md) |
|
||||
| Microsoft Defender Application Guard | Application Guard uses chip-based hardware isolation to isolate untrusted websites and untrusted Office files, seamlessly running untrusted websites and files in an isolated Hyper-V-based container, separate from the desktop operating system, and making sure that anything that happens within the container remains isolated from the desktop. Learn more [Microsoft Defender Application Guard overview](threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md). |
|
||||
| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](threat-protection\windows-sandbox\windows-sandbox-overview.md)
|
||||
| Windows Sandbox | Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains "sandboxed" and runs separately from the host machine. A sandbox is temporary. When it's closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application. Learn more: [Windows Sandbox](application-security/application-isolation/windows-sandbox/windows-sandbox-overview.md) |
|
||||
| Email Security | With Windows S/MIME email security, users can encrypt outgoing messages and attachments, so only intended recipients with digital identification (ID)—also called a certificate—can read them. Users can digitally sign a message, which verifies the identity of the sender and ensures the message has not been tampered with.[Configure S/MIME for Windows 10](identity-protection/configure-s-mime.md) |
|
||||
| Microsoft Defender SmartScreen | Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files. Learn more: [Microsoft Defender SmartScreen overview](threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md) |
|
||||
|
||||
|
||||
@ -54,10 +54,10 @@
|
||||
}
|
||||
},
|
||||
"contributors_to_exclude": [
|
||||
"rjagiewich",
|
||||
"traya1",
|
||||
"rmca14",
|
||||
"claydetels19",
|
||||
"rjagiewich",
|
||||
"traya1",
|
||||
"rmca14",
|
||||
"claydetels19",
|
||||
"jborsecnik",
|
||||
"tiburd",
|
||||
"AngelaMotherofDragons",
|
||||
@ -66,68 +66,76 @@
|
||||
"garycentric",
|
||||
"beccarobins"
|
||||
],
|
||||
"searchScope": ["Windows 10"]
|
||||
"searchScope": [
|
||||
"Windows 10"
|
||||
]
|
||||
},
|
||||
"fileMetadata": {
|
||||
"author":{
|
||||
"author": {
|
||||
"application-security/application-isolation/windows-sandbox/**/*.md": "vinaypamnani-msft",
|
||||
"identity-protection/**/*.md": "paolomatarazzo",
|
||||
"operating-system-security/network-security/**/*.md": "paolomatarazzo",
|
||||
"operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
|
||||
},
|
||||
"ms.author":{
|
||||
"ms.author": {
|
||||
"application-security/application-isolation/windows-sandbox/**/*.md": "vinpa",
|
||||
"identity-protection/**/*.md": "paoloma",
|
||||
"operating-system-security/network-security/**/*.md": "paoloma",
|
||||
"operating-system-security/network-security/windows-firewall/*.md": "nganguly"
|
||||
},
|
||||
"appliesto":{
|
||||
"appliesto": {
|
||||
"application-security/application-isolation/windows-sandbox/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
|
||||
],
|
||||
"identity-protection/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
|
||||
],
|
||||
"identity-protection/credential-guard/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
],
|
||||
"identity-protection/smart-cards/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
],
|
||||
"identity-protection/user-account-control/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
],
|
||||
"identity-protection/virtual-smart-cards/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
],
|
||||
"operating-system-security/network-security/windows-firewall/**/*.md": [
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
|
||||
"✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
|
||||
]
|
||||
},
|
||||
"ms.reviewer":{
|
||||
"ms.reviewer": {
|
||||
"identity-protection/hello-for-business/*.md": "erikdau",
|
||||
"identity-protection/credential-guard/*.md": "zwhittington",
|
||||
"identity-protection/access-control/*.md": "sulahiri",
|
||||
"operating-system-security/network-security/windows-firewall/*.md": "paoloma",
|
||||
"operating-system-security/network-security/vpn/*.md": "pesmith"
|
||||
},
|
||||
"ms.collection":{
|
||||
"ms.collection": {
|
||||
"identity-protection/hello-for-business/*.md": "tier1",
|
||||
"information-protection/bitlocker/*.md": "tier1",
|
||||
"information-protection/personal-data-encryption/*.md": "tier1",
|
||||
@ -142,4 +150,4 @@
|
||||
"dest": "security",
|
||||
"markdownEngineName": "markdig"
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -90,7 +90,7 @@ landingContent:
|
||||
- text: Application Guard
|
||||
url: threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
|
||||
- text: Windows Sandbox
|
||||
url: threat-protection/windows-sandbox/windows-sandbox-overview.md
|
||||
url: application-security\application-isolation\windows-sandbox\windows-sandbox-overview.md
|
||||
- text: Microsoft Defender SmartScreen
|
||||
url: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
|
||||
- text: S/MIME for Windows
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user