Windows 11 is about to borrow a page from mobile operating systems, introducing granular app permissions and a baseline security mode that will only allow verified software to run by default. The changes, outlined in a recent blog post, aim to reduce vulnerabilities while giving users more transparency over what applications access—though widespread testing remains months away.
The move marks a significant shift for Microsoft, which has long relied on traditional desktop security models. Two key systems are central to the update: Baseline Security Mode and User Transparency and Consent. The former will enforce a stricter default setting, permitting only properly signed applications, services, and drivers. This approach mirrors the security frameworks of Android and iOS, where unsigned or unverified software is blocked from installation or execution.
However, the system isn’t locked down. Users and IT administrators will retain the ability to override these restrictions for specific apps, ensuring flexibility for those who require unsigned software for development or legacy support. The second system, User Transparency and Consent, will prompt users for explicit permission whenever an app attempts to access sensitive resources—such as the camera, microphone, local files, or the ability to install additional software. These prompts are designed to resemble those on smartphones, offering clear, actionable choices and the option to review or revoke permissions later.
Microsoft’s push for these changes reflects broader industry trends, where security has become a top priority amid rising cyber threats. The company has already secured endorsements from major players in security and productivity, including leaders from 1Password, Adobe, CrowdStrike, OpenAI, and Raycast, who have praised the initiative’s potential to enhance Windows’ defenses without sacrificing usability.
How It Works in Practice
The new permissions system will operate similarly to how smartphones handle app access. For example, a video editing app requesting microphone access will trigger a prompt asking the user to confirm or deny the request. This model reduces the risk of malicious software operating silently in the background while maintaining user awareness. The Baseline Security Mode, meanwhile, will act as a failsafe, ensuring that only software meeting Microsoft’s signing requirements can run by default.
While the changes are intended to improve security, they may also introduce challenges. Users accustomed to the traditional Windows model—where software can run without restrictions—may find the new prompts intrusive. Developers, particularly those working on niche or unsigned applications, could face additional hurdles in testing and deployment. Microsoft has acknowledged these concerns, emphasizing that the system is designed to be adaptable, with clear pathways for exceptions and overrides.
The rollout of these features is still in early stages. Initial testing will likely begin through Windows Insider builds, with broader availability expected in the coming months. Until then, Microsoft is gathering feedback to refine the user experience and address potential pain points. For now, the focus remains on balancing security with flexibility, ensuring that Windows 11 remains both robust and accessible.
The changes underscore Microsoft’s ongoing effort to modernize Windows, blending the familiarity of desktop computing with the security and user controls of mobile platforms. Whether these updates will resonate with users—or prove cumbersome—remains to be seen, but the shift signals a deliberate move toward a more secure, permission-driven ecosystem.
