Microsoft announces Windows Baseline Security Mode with smartphone-style app permission prompts, runtime integrity safeguards, and enhanced transparency controls as part of its Secure Future Initiative.
Microsoft is bringing smartphone-style security controls to Windows 11, introducing app permission prompts and runtime integrity safeguards that will fundamentally change how applications interact with the operating system.
The tech giant announced the "Windows Baseline Security Mode" and "User Transparency and Consent" changes as part of its broader Secure Future Initiative, launched in response to security shortcomings identified by the U.S. Department of Homeland Security's Cyber Safety Review Board.
Mobile-Style Permission Prompts Coming to Windows
Starting with Windows 11, users will see permission prompts similar to those on smartphones when applications attempt to access sensitive resources like files, cameras, and microphones. This represents a significant departure from Windows' traditional approach, where applications often had broad access once installed.
"Just like they do today on their mobile phones, users will be able to clearly see which apps have access to sensitive resources, including file system, devices like camera and microphone, and others," said Logan Iyer, Windows Platform engineer at Microsoft. "If they see an app that they don't recognize, they will be able to revoke access."
The new system will require explicit user consent before apps can install unwanted software or access protected resources. Users will retain the ability to modify their choices at any time, granting or revoking permissions as needed.
Runtime Integrity Safeguards by Default
Beyond permission prompts, Microsoft is implementing "Baseline Security Mode" that will enforce runtime integrity safeguards by default. This means only properly signed applications, services, and drivers will be permitted to run on Windows 11 systems.
"This new security model was prompted by applications increasingly overriding settings, installing unwanted software, or even modifying core Windows experiences without obtaining user consent," Iyer explained. The change aims to address the growing problem of malicious and poorly-behaved applications that have historically been able to operate with minimal oversight on Windows platforms.
While these safeguards will be enabled by default, Microsoft is maintaining flexibility for power users and IT administrators. Both groups will retain the ability to override these protections for specific applications when necessary, ensuring that the new security model doesn't interfere with legitimate use cases or enterprise management requirements.
Phased Rollout with Developer Input
Microsoft plans to implement these changes through a phased approach developed "in close partnership" with developers, enterprises, and ecosystem partners. The company has committed to adjusting the rollout and controls based on feedback from these stakeholders, recognizing that such fundamental changes to Windows' security model will require careful calibration.
The announcement comes as part of Microsoft's broader Secure Future Initiative, which was launched in November 2023 following a damning assessment from the Cyber Safety Review Board. The board's report, issued after the Exchange Online breach by Chinese hackers known as Storm-0558, described Microsoft's security culture as "inadequate."
Broader Security Push Across Microsoft Products
These Windows security enhancements are just one component of Microsoft's comprehensive security overhaul. The company has also announced plans to secure Entra ID sign-ins against script-injection attacks, disabled all ActiveX controls in Microsoft 365 and Office 2024 Windows apps, and updated Microsoft 365 security defaults to block access to SharePoint, OneDrive, and Office files via legacy authentication protocols.
Looking ahead, Microsoft is also planning to disable NTLM (NT LAN Manager) by default in future Windows releases, a move that will further strengthen authentication security across the platform.
AI Agents and Transparency Standards
The new security model extends beyond traditional applications to include AI agents, which will be expected to meet higher transparency standards. "Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors," Iyer noted.
These updates represent Microsoft's most significant security overhaul for Windows in years, raising the bar for security and privacy while giving users more control and confidence in how their system and data are accessed. With Windows now powering more than 1 billion devices globally, these changes will have far-reaching implications for the entire Windows ecosystem.
For users, the changes mean more frequent permission prompts but also greater control over what applications can access on their systems. For developers, the new model will require adjustments to how applications request and manage permissions, potentially affecting installation processes and runtime behavior.
The rollout of these features will begin in phases, with Microsoft actively seeking feedback from the community to refine the implementation before full deployment.
Comments
Please log in or register to join the discussion