Win32 app isolation is a new security feature on Windows that helps contain the damage and safeguard user privacy choices in the event of an application compromise. Win32 app isolation is built on the foundation of AppContainers, which offer a security boundary, and components that virtualize resources and provide brokered access to other resources. This repo contains the documentation and tools to help you isolate your applications.
-
The first step to isolating your application is to package it to run isolated by following the instructions
-
Once you have your application packaged, use Application Capability Profiler to update the application to grant it access to additional resources.
-
We also have additional documentation about the fundamentals including file access consent.
-
You're now ready to deploy and run your application on Windows.
Binaries for the tools used to package applications to run isolated are shared under the releases section of the repo.
Release notes for supported Windows builds and tools can be found here.
We'd love to hear your feedback and answer your questions! The best way to communicate with the team is through GitHub discussions and issues. Please search for similar discussions and issues before creating new ones.
You can find additional information about Win32 app isolation using the following resources:
If you would like to contribute to the documentation, please familiarize yourself with the Code of Conduct resources below and submit a pull request.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft's Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party's policies.