Microsoft added sandboxed code interpreters to Azure Logic Apps agent workflows, with Python, JavaScript, C#, and PowerShell running inside Hyper-V isolated sessions on Azure Container Apps (ACA) session pools. The under-the-hood detail that matters for builders: this is VM-level isolation, not container-level — stronger guarantees against breakout and prompt-injection-driven malicious code than the typical Docker or gVisor sandbox. Per-workflow model selection is supported, so no lock-in to a specific LLM provider beyond the Azure platform itself.
Sandboxed code execution has been the chronic bottleneck for agent workflows that need to compute, transform, or visualize. Until recently, builders cobbled together E2B, Modal, OpenAI's code interpreter, or rolled their own with Firecracker or microVMs. The Logic Apps integration positions the interpreter as a tool inside the agent loop — LLM generates code, executes in isolation, returns result, continues. With network isolation enabled on the ACA session pool, "data never leaves the defined network boundaries," which is the compliance phrasing for keeping enterprise data out of agent-leak surface. The architect framing in the announcement targets multi-enterprise-system orchestration — ERP, CRM, databases, APIs with retry logic and audit trails — not greenfield agent tooling.
The ecosystem read is that VM-isolated code interpreter is becoming a cloud-native primitive, not a build-it-yourself line item. Hyper-V is heavier than containers — slower cold start, higher per-execution cost, but the security architecture is what enterprise agent deployment needs once prompt-injection attacks on tool-use surfaces become real. AWS and GCP have analogous primitives at varying maturity (App Runner with isolation, Cloud Run sandboxing, Sandbox API), and the convergence of cloud providers on VM-level code-interpreter primitives means the "should we use E2B or roll our own" question gets a third answer: use the native cloud primitive if you are already there. The lock-in cost is real — Logic Apps + ACA = Azure-only — but for orgs already on Azure with audit and compliance needs, it removes a category of "rolling your own sandbox" risk.
If you build agents on Azure Monday morning: this is the change that makes "agent executes code" a checkbox rather than a service-integration project. If you build on AWS or GCP: track the equivalents and expect the same architectural pattern. The shift is sandboxed-code-execution moving from agent-builder responsibility to cloud-provider primitive, and that shift is structural.