Windows 10 provides revolutionary capabilities for application isolation with containers in Windows. But how do they work? What is the difference between an AppContainer, an MSIX (Helium) container, and an AppGuard (Krypton) container? What are the advantages (and disadvantages) of each? Dive deep on how we can reduce the attack surface regardless of the container, constraining the behavior of apps and protecting against memory-based attacks. These containers are the cornerstone of features such as UWP, MSIX, Windows Defender Application Guard, Windows Sandbox, and the Windows Subsystem for Linux 2. We’ll demystify protections and ensure that you are confident in your knowledge of the security controls Windows 10 provides!