An isolated environment that provides abstraction of trust concerns between custom or third party code and the underlying system. Allows applications to run in a context that does not affect each other or the host operating system and allows the enterprise to have an area with managed security controls for applications with sensitive data.