Defaults
By default, sandboxes can reach the public internet but cannot reach private networks, loopback, link-local addresses, or cloud metadata endpoints. Only published ports accept inbound traffic. To turn networking off entirely:Custom policies
A policy has two defaults and an ordered list of rules. The first matching rule wins.public, private, and host, or specific IPs, CIDRs, domains, and port ranges. See the CLI reference or your language’s SDK networking reference for exact syntax.
Port mapping
Publish a guest port when a service inside the sandbox should be reachable from the host. Published ports bind to127.0.0.1 by default.
0.0.0.0, only when you intentionally want to listen beyond localhost. -p 8080:80 and SDK helpers like .port(8080, 80) bind to 127.0.0.1; -p 127.0.0.1:8080:80 is the same local-only shape. -p 0.0.0.0:8080:80 or a specific LAN interface address makes the host listener reachable outside the machine, subject to your OS firewall and network policy.
On Windows, the first published port may trigger a Windows Defender Firewall prompt for msb.exe because the runtime opens a host listening socket. For local development, keep the bind address on 127.0.0.1. Only allow private/public network access in the firewall prompt when you intentionally bind a published port beyond loopback.
Reaching the host
From inside the sandbox,host.microsandbox.internal resolves to the host machine. The default policy denies host access, so allow the host group when a sandbox needs to call a dev server, database, or other local service.
loopback means the sandbox’s own 127.0.0.1, not your laptop’s localhost. Use host for host.microsandbox.internal.
Next
- DNS: domain blocking, pinned nameservers, query timeouts
- TLS interception: HTTPS inspection with an auto-generated CA
- Security model: the trust boundary, and network defenses for SSRF, rebinding, and metadata protection