"Windows containers work the same was as Linux containers. Each containerized application runs in its own user-mode, isolated container on a shared host operating system.
There are two challenges with this approach that may cause a problem in certain environments.
- Not enough isolation since the isolation is at user-mode meaning a shared kernel. In a single tenant environment where applications can be trusted this is not a problem but in a multi-tenant environment a bad tenant may try to use the shared kernel to attack other containers.
- There is a dependency on the host OS version and even patch level which may cause problems if a patch is deployed to the host which then breaks the application.