Azure Container Apps Is Rethinking Serverless. Time for Sandboxes!
Introductory and overview
In this session, we'll explore Azure Container Apps Sandboxes and see how they provide secure, ephemeral compute for untrusted and agent-generated code.
We'll start with what's familiar: Container Apps as Azure's serverless container platform, and how ACA Sandboxes fit alongside Apps, Jobs, and Dynamic Sessions. From there, we'll dig into what makes Sandboxes extra special with its hardware-isolated microVMs instead of a managed runtime sandbox, sub-second startup from prewarmed pools, and snapshot-based suspend/resume that preserves full memory and disk state.
For .NET developers, we'll cover the practical angle: deploying container images, wiring up Entra managed identities instead of embedded secrets, and configuring default-deny egress policies to lock down what a sandbox can network to.
We'll start with what's familiar: Container Apps as Azure's serverless container platform, and how ACA Sandboxes fit alongside Apps, Jobs, and Dynamic Sessions. From there, we'll dig into what makes Sandboxes extra special with its hardware-isolated microVMs instead of a managed runtime sandbox, sub-second startup from prewarmed pools, and snapshot-based suspend/resume that preserves full memory and disk state.
For .NET developers, we'll cover the practical angle: deploying container images, wiring up Entra managed identities instead of embedded secrets, and configuring default-deny egress policies to lock down what a sandbox can network to.
Session prerequisites and resources may be available.
Sign in to access
Speaker
Sean Whitesell
President of SkyForge Consulting, Chief Cloud Architect, & President of Tulsa .NET User Group
SkyForge Consulting
Microsoft MVP
Sean is the president of SkyForge Consulting and is a Microsoft MVP. He has been the President of Tulsa .NET User Group since 2009. Sean has been programming and playing with electronics for over 20 years. He also has multiple black belts in martial arts.
View Full Profile