Windows Sandbox provides a lightweight desktop environment to safely run applications in isolation. Software installed inside the Windows Sandbox environment remains “sandboxed” and runs separately from the host machine.
A sandbox is temporary. When it’s closed, all the software and files and the state are deleted. You get a brand-new instance of the sandbox every time you open the application.
Starting with Windows 10 build 20161, a new group policy setting was added that enables or disables networking in the sandbox. You can disable network access to decrease the attack surface exposed by the sandbox.
If you enable or do not configure this policy setting, networking is done by creating a virtual switch on the host (Windows 10 PC), and connects the Windows Sandbox to it via a virtual NIC.
If you disable this policy setting, networking is disabled in Windows Sandbox.
This tutorial will show you how to enable or disable networking in Windows Sandbox for all users in Windows 10.