Microsoft is preparing a significant shift in how software interacts with Windows 11, introducing new security measures that will require clearer user consent and tighter controls over system access.
The changes, outlined in a February 9 post by Microsoft executive Logan Iyer, are part of a broader push to improve transparency and reduce risks as Windows evolves into a more complex ecosystem that now includes traditional applications, background services and emerging AI agents.
Two pillars: integrity and user consent
The company’s approach centers on two initiatives: Windows Baseline Security Mode and User Transparency and Consent.
Baseline Security Mode is designed to keep system-level protections enabled by default. Under this model, Windows will allow only properly signed applications, drivers and services to run with elevated privileges, limiting the risk of malicious or poorly designed software embedding itself deep within the system.
Users and IT administrators will still be able to create exceptions when necessary, and developers will have tools to detect whether the protections are active.
Permissions model similar to smartphones
The more visible change for everyday users comes from the User Transparency and Consent framework. Windows will begin prompting users—through clearer, consistent notifications—when applications attempt to access sensitive resources such as files, the camera or the microphone, or when they try to install additional bundled software.
Microsoft says the goal is to mirror the permission model common on mobile devices, while allowing users to review and modify their choices later through system settings.
The requirements will also apply to AI-powered software agents, which the company says must meet the same transparency standards so users and organisations understand what data is being accessed and how it is used.
Early signs already visible
Elements of the new approach are already appearing in recent Windows 11 updates. Some system settings, such as storage management, now require elevated approval through User Account Control (UAC) to prevent unauthorized changes by non-privileged processes.
While such prompts can add friction, Microsoft argues they are necessary to prevent silent system modifications.
Gradual rollout for users and developers
The company plans to introduce the changes in phases, beginning with greater visibility into app behavior and providing new tools and APIs so developers can adapt their software.
The initiative aligns with Microsoft’s broader security efforts, including the Secure Future Initiative and Windows Resiliency Initiative, as well as existing protections such as Smart App Control and enhanced administrator safeguards.
Balancing openness with security
For decades, Windows has been known for its openness and flexibility. Microsoft’s latest strategy reflects an effort to maintain that flexibility while reducing the risks that come with an increasingly connected and AI-driven computing environment.
By combining stronger default protections with clearer user control, the company is attempting to resolve a long-standing challenge: keeping Windows open to innovation without leaving the system—and its users—exposed.
