Microsoft has been working behind-the-scenes on bolstering the security of Windows Defender, and today it's taking a major step towards that goal. Windows Insiders are some of the more recent builds are able to run Windows Defender in a sandbox, separating it from other processes and improving its security.
Windows Defender in a sandbox is rolling out gradually to Insiders (via Neowin), but it can be enabled forcefully through the below command, and then restart the computer:
setx /M MP_FORCE_USE_SANDBOX 1
Bringing a sandbox mode to Windows Defender has been a complex technical process to ensure it is done right, according to the company. It does, however, raise the bar for security for the anti-malware software.
Microsoft would like feedback from insiders and partners on the change.