When running a container:

docker run -it microsoft/windowsservercore powershell

and then entering

Get-WmiObject Win32_PNPEntity

Powershell in the container seems to be able to list all host devices. Is the philosophy of containerization not the isolation of the container from the host environment? What measures exist against the container accessing any of these devices, like the device driver of the host?