Actual lightweight isolated processes? The docs are pretty vague about what the windows containers are and they still indicate that both Hyper-V and a chosen kernel is used - so that smells like a VM. Also, available only in windows 10 pro and higher, so no w10 in general.
Yes, there are two modes, Hyper-V isolation and process isolation, which is similar to how Linux does it.
The kernel version has to do with process isolation not being fully there when Windows containers were initially supported, so they had the limitation the container kernel dependency had to match the host version.
Since Windows 11 this has been relaxed.
The namespacing approach is based on Jobs API.
Modern Windows security relies on several sandboxed components, Hyper-V is always running anyway, also one of the reasons of the updated harware requirements, while this configuration is optional on Windows 10, it is always enabled on Windows 11.
