GitHub Copilot Sandboxes Enter Public Preview — Why .NET and Azure Teams Should Care

TL;DR: GitHub Copilot now runs code inside secure sandboxes (cloud and local) during agent-driven workflows. This reduces blast radius, enables safer automation, and changes how you should think about CI, costs, and inner-loop development—especially if you ship .NET on Azure.

What shipped this week (and why it matters)

On June 2, 2026, GitHub announced cloud and local sandboxes for GitHub Copilot, now in public preview. Sandboxes give Copilot agents an isolated execution environment to run commands, tests, and build steps safely—without touching your real machine or production resources. (github.blog)

If you’ve been side‑eyeing agentic features with a healthy dose of “please don’t rm -rf / my laptop,” this is the missing guardrail.

The problem sandboxes solve

Agent workflows increasingly execute code, not just suggest it. Without isolation, that’s risky:

Accidental filesystem changes
Credential leakage
Surprise network calls
“It worked on my machine (because the agent changed it)”

Sandboxes introduce a controlled blast radius—a prerequisite for serious enterprise adoption.

Cloud vs. local sandboxes: choosing the right one

GitHub offers two modes, each with different tradeoffs. (github.blog)

Cloud sandboxes

Best for: CI-like tasks, repo-wide refactors, multi-step agents

Ephemeral, GitHub-hosted environment
Preconfigured tooling (language runtimes, build tools)
Network access governed by GitHub’s policies
Ideal for long-running or risky operations

Implication for Azure teams: This starts to look like a mini CI runner that just happens to be driven by Copilot.

Local sandboxes

Best for: Inner-loop dev, quick experiments

Runs locally but isolated from your main OS
Enabled per session with:
```
/sandbox enable
```
Faster feedback, lower latency

Implication for .NET devs: Great for running dotnet test, dotnet format, or scaffolding without polluting your working tree.

GitHub Copilot Sandboxes Enter Public Preview — Why .NET and Azure Teams Shou...

Cost and billing: read this before enabling everywhere

Sandboxed execution doesn’t live in a vacuum. As of June 1, 2026, GitHub Copilot moved to usage-based billing across all plans. Agent actions (including code review) now consume GitHub AI Credits, and some workflows also burn GitHub Actions minutes. (github.blog)

Practical takeaways:

Sandboxed agents doing real work = real usage
Enable user-level budget controls early
Treat agent runs like CI jobs from a cost perspective

If you’re piloting Copilot agents across a team, finance will notice—possibly before you do.

Where this intersects with .NET and Azure

1. Safer agent-driven refactors in large .NET repos

Imagine asking Copilot to:

Upgrade a solution to .NET 10
Update NuGet packages
Run tests
Fix failures

With sandboxes, that workflow becomes plausible rather than terrifying. The agent can iterate inside isolation until it converges.

2. A bridge toward “agent-as-infrastructure”

Microsoft’s broader push toward agentic systems (Foundry, MCP, Agent Framework) assumes agents can act, not just chat. Sandboxes are the execution substrate that makes that credible in regulated environments.

3. Model choice matters

Also on June 2, Microsoft rolled out MAI‑Code‑1‑Flash to GitHub Copilot—a smaller, faster coding model optimized for lightweight workflows. (github.blog)

Why you care:

Lower latency inside sandboxes
Better cost-to-signal for repetitive tasks
A hint that GitHub will increasingly route models by task, not just user preference

How to try this today

Open a Copilot session (VS Code or supported IDE)
Enable sandboxing:
```
/sandbox enable
```
Ask Copilot to run a task that executes code
Example:

“Run all tests and fix any failing ones.”

Start small. Watch the logs. Check your usage dashboard.

The bigger picture

Sandboxes don’t make Copilot “smarter”—they make it safer to trust. For teams shipping production .NET workloads on Azure, that’s the difference between a novelty and a tool you can actually standardize on.

Agents are growing teeth. Sandboxes are the muzzle.