You may apply default network restrictions for all isolated applications. For that you need to add a confidential resource definition as shown on the figure.
Once the resource definition is entered, isolated applications could not access network unless there are specific application rules that grant the access. For example, you could create such rule for a web browser:
The rule grants access to all network hosts or web sites.
For an isolated e-mail client there could be a rule granting access only to e-mail server as illustrated on the figure:
