Microsoft is lauching 'Windows Sandbox', a lightweight virtual machine that allows users to run potentially suspicious software in isolation.

The feature is expected to come to Windows 10 19H1 early next year and will be part of Windows 10 Pro and Enterprise editions. According to Micosoft, it creates "an isolated, temporary desktop environment" where users can run potentially suspicious software. The new feature will help users test, for example, a downloaded an executable file, or for thie who may need a clean installation of Windows, but didn’t want to set up a virtual machine. Every time Windows Sandbox runs, it’s as clean as a brand-new installation of Windows. It uses uses hardware-based virtualization for kernel isolation, which relies on the Microsoft’s hypervisor to run a separate kernel which isolates Windows Sandbox from the host. It also uses integrated kernel scheduler, smart memory management, and virtual GPU.

Windows Sandbox is a lightweight virtual machine that builds on the technologies used in Windows Containers. It makes use of a new technology Microsoft calls "integrated scheduler," which allows the host to decide when the sandbox runs. Any software installed in Windows Sandbox stays only in the sandbox and cannot affect hosts. Once Windows Sandbox is closed, all the software with all its files and state are permanently deleted.

Microsoft says the feature could work with Windows 10 Pro or Enterprise Build 18292. The feature also requires AMD64 and virtualization capabilities enabled in BIOS.