A UWP sandboxing solution was demoed at Build this year and will ship as part of the Anniversary Update (SDK?). Apparently even Age of Empires II worked under it.
Centennial isn't really a sandbox in the sense I think the poster above you meant - while processes have their reads/writes to certain filesystem/registry locations virtualized by default, this isn't a security boundary as they ultimately run at medium trust and can do anything the user can do.
AppContainer is the security sandbox used by modern apps (aka Metro/UWP). It can be used independently of other aspects of the modern app model - e.g., Chrome uses it to sandbox content processes - although this isn't documented very well (which I guess was what GP was complaining about?) and it seems like trying to sandbox apps that weren't designed to be sandboxed, as GP was wanting, would have inherent compatibility problems?
AppContainer is the security sandbox used by modern apps (aka Metro/UWP). It can be used independently of other aspects of the modern app model - e.g., Chrome uses it to sandbox content processes - although this isn't documented very well (which I guess was what GP was complaining about?) and it seems like trying to sandbox apps that weren't designed to be sandboxed, as GP was wanting, would have inherent compatibility problems?