In a post on Microsoft’s Tech Community blog, Hari Pulapaka details the new Windows Sandbox. Previously referred to as InPrivate Desktop, this feature creates an “isolated, temporary, desktop environment” that you can run software on without fear of harming your machine.

Much like a standard VM, any software you install in the Sandbox stays isolated and cannot affect the host machine. When you close the Sandbox, any programs you installed, files you added, and settings changes you made are deleted. The next time you run Sandbox, it’s back to a clean slate. Microsoft is using hardware-based virtualization, through hypervisor, to run a separate kernel so it can isolate Sandbox from the host.

This means you can safely download an executable file from a risky source and install in Sandbox without risk to your host system. Or you could quickly test out a development scenario in a fresh copy of Windows.

Impressively, the requirements are fairly low:

Windows 10 Pro or Enterprise build 18301 or later (currently not available, but should soon be released as an Insider Preview build)
x64 architecture
Virtualization capabilities enabled in BIOS
At least 4GB of RAM (8GB recommended)
At least 1 GB of free disk space (SSD recommended)
At least 2 CPU cores (4 cores with hyperthreading recommended)