Windows Sandbox Networking

Budi Nugroho 0 Reputation points
2026-07-02T03:28:47.04+00:00

I want our IT security analysts to use Windows Sandbox to test suspicious URLs they find in phishing logs. By default, does Windows Sandbox inherit the host machine's network connection, and how can we isolate the sandbox network configuration so it cannot scan our internal corporate subnets

Windows for business | Windows 365 Enterprise
0 comments No comments

1 answer

Sort by: Most helpful
  1. Harry Phan 23,995 Reputation points Independent Advisor
    2026-07-02T04:51:55.3033333+00:00

    Hi Budi,

    By default, Windows Sandbox does inherit network connectivity from the host through a Hyper-V virtual switch. Microsoft documents that networking is enabled by default, and explicitly warns that this can expose untrusted applications running in the sandbox to the internal network. The sandbox receives its own virtual NIC, but it can still reach network resources accessible from the host.

    If your analysts are opening potentially malicious URLs, I would not rely on the default configuration. The safest approach is to launch Sandbox with networking disabled using a .wsb configuration file:

    <Configuration>

        <Networking>Disable</Networking>

    </Configuration>

    Save it as NoNetwork.wsb and launch Sandbox from that file. This completely removes network access from the sandbox session.

    For enterprise-wide enforcement, configure the Group Policy Computer Configuration > Administrative Templates > Windows Components > Windows Sandbox > Allow networking in Windows Sandbox and set it to Disabled. This prevents users from launching a network-enabled sandbox regardless of local configuration.

    If analysts must browse live phishing URLs, Windows Sandbox alone is not an ideal containment boundary because the default NAT networking can still reach internal resources available from the host network. In that scenario, use a dedicated isolated VM network, a separate analysis VLAN, or a cloud-based detonation environment rather than a standard Windows Sandbox instance connected to the corporate LAN.

    Try this article: https://learn.microsoft.com/en-us/windows/security/application-security/application-isolation/windows-sandbox/windows-sandbox-configure-using-wsb-file

    Harry.

    Was this answer helpful?

    0 comments No comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.