Fix: Networking does not work on local sandbox (#61838)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Claire W <78226508+crwaters16@users.noreply.github.com>
Co-authored-by: Sarita Iyer <66540150+saritai@users.noreply.github.com>
Co-authored-by: Greg Ose <gregose@github.com>

Author: 5 people

content/copilot/concepts/about-cloud-and-local-sandboxes.md

@@ -42,7 +42,7 @@ Once enabled, commands that {% data variables.product.prodname_copilot_short %}
 
 ### Cross-platform support
 
-Local sandboxing is available across macOS, Linux, and Windows, delivering a consistent isolation experience regardless of your operating system.
+Local sandboxing is available on macOS and Linux. Sandboxing support and isolation behavior vary by platform because each operating system uses a different sandboxing backend. Windows is supported on Windows Insiders builds. For details on current limitations, see [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/configuring-local-sandbox-settings).
 
 ### Enterprise policy enforcement
 
@@ -111,5 +111,5 @@ For more information about how cloud sandbox usage is measured and billed, see [
 ## Further reading
 
 * [AUTOTITLE](/copilot/concepts/agents/copilot-cli/about-copilot-cli)
-* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization)
+* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization)
 * [AUTOTITLE](/copilot/how-tos/set-up/install-copilot-cli)

content/copilot/how-tos/cloud-and-local-sandboxes/configuring-local-sandbox-settings.md

@@ -12,7 +12,11 @@ docsTeamMetrics:
   - copilot-cli
 ---
 
-{% data reusables.cli.public-preview-sandbox %}
+{% data reusables.cli.public-preview-sandbox %} 
+
+> [!IMPORTANT]
+> Local sandboxing on Windows requires a Windows Insiders build.
+
 
 ## About local sandbox configuration
 
@@ -40,7 +44,7 @@ The **General** tab controls the top-level sandbox behavior.
 
 ## Configuring filesystem settings
 
-The **Filesystem** tab controls which directories and files the sandboxed process can access. By default, the sandbox restricts filesystem access to prevent unintended reads or writes outside your project.
+The **Filesystem** tab controls which directories and files the sandboxed process can access. By default, the sandbox restricts writes outside your working directory.
 
 | Setting | Description |
 | --- | --- |
@@ -68,7 +72,15 @@ The **Network** tab controls whether sandboxed processes can make network connec
 
 ### Adding network host rules
 
-You can add specific host rules to allow or block access to individual hosts when outbound connections are otherwise restricted.
+> [!WARNING]
+> Per-host network filtering with `allowedHosts` and `blockedHosts` is currently not reliable across platforms. Do not rely on host rules to enforce network isolation.
+
+The `/sandbox` UI allows you to add host rules, but these rules have known platform limitations:
+
+* **macOS**: `allowedHosts` rules silently degrade to unrestricted outbound access, and `blockedHosts` rules are not supported.
+* **Linux**: Host rules are not a reliable way to allow selected hosts when outbound connections are disabled.
+
+If the UI presents host rule options, you can add them using the steps below, but they are not suitable for security enforcement.
 
 1. In the **Network** tab, press <kbd>A</kbd> to add a new host rule.
 1. Enter the hostname.
@@ -88,5 +100,5 @@ These commands change the **Sandboxing enabled** setting on the **General** tab.
 ## Further reading
 
 * [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes)
-* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization)
+* [AUTOTITLE](/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization)
 * [AUTOTITLE](/copilot/how-tos/copilot-cli/set-up-copilot-cli/configure-copilot-cli)

…local-sandboxes-for-your-organization.md …cloud-sandboxes-for-your-organization.mdcontent/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization.md renamed to content/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization.md content/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization.md renamed to content/copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-sandboxes-for-your-organization.md

@@ -1,9 +1,11 @@
 ---
-title: Enabling or disabling {% data variables.copilot.sandbox %} for your organization
-shortTitle: Enable or disable sandboxes
+title: Enabling or disabling cloud sandboxes for your organization
+shortTitle: Enable or disable cloud sandboxes
 allowTitleToDifferFromFilename: true
-intro: 'You can control whether members of your organization can use {% data variables.copilot.sandbox %} by managing the sandbox access policy in your organization settings.'
+intro: 'You can control whether members of your organization can use cloud sandboxes by managing the sandbox access policy in your organization settings.'
 permissions: Organization owners
+redirect_from:
+  - /copilot/how-tos/cloud-and-local-sandboxes/enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization
 versions:
   feature: copilot
 contentType: how-tos
@@ -13,15 +15,15 @@ category:
 
 {% data reusables.cli.public-preview-sandbox %}
 
-## About enabling and disabling {% data variables.copilot.sandbox %}
+## About enabling and disabling cloud sandboxes
 
-Organization owners can control whether members of their organization have access to {% data variables.copilot.sandbox %} by configuring the sandbox access policy. By default, sandbox access is disabled for organization members.
+Organization owners can control whether members of their organization have access to cloud sandboxes by configuring the sandbox access policy. By default, sandbox access is disabled for organization members.
 
-When sandbox access is **Disabled**, sandboxes are not available for any organization members. When sandbox access is **Enabled for all members**, all organization members can use {% data variables.copilot.sandbox_short %}.
+When cloud sandbox access is **Disabled**, cloud sandboxes are not available for any organization members. When cloud sandbox access is **Enabled for all members**, all organization members can use cloud sandboxes.
 
-For more information about {% data variables.copilot.sandbox %}, see [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes).
+For more information about cloud sandboxes, see [AUTOTITLE](/copilot/concepts/about-cloud-and-local-sandboxes).
 
-## Enabling or disabling {% data variables.copilot.sandbox %}
+## Enabling or disabling cloud sandboxes
 
 {% data reusables.profile.access_org %}
 {% data reusables.profile.org_settings %}

content/copilot/how-tos/cloud-and-local-sandboxes/index.md

@@ -5,7 +5,7 @@ intro: 'Manage {% data variables.copilot.sandbox %} for your organization.'
 versions:
   feature: copilot
 children:
-  - /enabling-or-disabling-cloud-and-local-sandboxes-for-your-organization
+  - /enabling-or-disabling-cloud-sandboxes-for-your-organization
   - /configuring-local-sandbox-settings
 contentType: how-tos
 ---