Microsoft Unveils New Per-App Permission System for Windows 11
Microsoft has announced a new per-app permission system for Windows 11, drawing parallels to those found on mobile operating systems. This initiative aims to make the operating system "secure by default" by potentially restricting software execution to only properly signed applications and drivers. While currently experimental, these significant changes are under consideration for future implementation.
Rationale for Enhanced Security
Microsoft acknowledged that the balance between system openness and security has become uneven, leading to increased vulnerabilities. Windows Platform Engineer Logan Iyer noted a trend where applications increasingly override system settings, install unwanted software, or modify core Windows behavior without explicit user consent.
Microsoft's stated goal is for Windows to remain an open platform while also being secure by default, addressing user demand for stronger protections without sacrificing compatibility.
The company is addressing this imbalance, aiming to fortify the operating system against common threats while preserving its fundamental nature.
The "Consent-First" Model for User Control
A core element of this new approach is the introduction of a "consent-first" model for Windows 11. This model will require users to authorize AI agents to perform automated tasks or access sensitive information. This approach is designed to provide users with greater control over how applications and AI tools interact with their system and data. Microsoft also recognized the potential for AI agents to hallucinate or be susceptible to malware attacks, underscoring that this new security model is crafted to build user trust.
Windows Baseline Security Mode: A Core Shift
A key technical innovation is the introduction of Windows Baseline Security Mode. Under this model, Windows 11 will run with runtime integrity safeguards enabled by default, permitting only properly signed applications, services, and drivers to execute. Currently, Windows allows unsigned or loosely verified software to run, which significantly contributes to malware prevalence. Baseline Security Mode will actively verify software integrity and signatures at runtime, preventing untrusted software from running unless explicitly allowed.
This new mode consolidates existing optional protections, such as Smart App Control, Windows Defender Application Control (WDAC), Hypervisor-Protected Code Integrity (HVCI), and reputation-based blocking. These features will now be part of the core operating system experience rather than being disabled by default or limited to specific devices.
Balancing Security with Openness
Microsoft has emphatically stated that Windows will not become a closed platform.
Users and IT administrators will retain the ability to override safeguards for legacy software, custom tools, or unsigned drivers by defining specific exemptions.
Developers will also receive crucial tools, APIs, and comprehensive documentation to adapt their products to the new security model and understand how their applications interact with it. This commitment aims to ensure that while security is tightened, the flexibility and broad compatibility Windows is known for are maintained.
User Transparency and Consent: Mobile-Inspired Permissions
Alongside Baseline Security Mode, Microsoft is overhauling how Windows handles permissions through a system called User Transparency and Consent. This system is inspired by smartphone operating systems, where applications require explicit prompts to access sensitive resources like files, cameras, or microphones, or to install software. These permissions will be entirely reversible, allowing users to review, modify, or revoke access from centralized settings, thereby addressing the current fragmented permission management across the operating system.
Securing the Age of AI Agents
Both Baseline Security Mode and User Transparency and Consent are strategically designed to enhance security for the impending era of agentic AI. These systems aim to ensure that AI applications, including third-party ones, cannot access user files, monitor activities, or install components without explicit user approval. Microsoft hopes this will foster broader adoption of AI tools within Windows by significantly increasing user trust and confidence.
Phased Implementation and Future Vision
The implementation of these changes will occur in stages, involving thorough testing with partners and developers before a universal rollout. The initial phase will focus on providing users and IT administrators with enhanced visibility into app and AI agent behavior. While these represent significant structural changes to Windows security, Microsoft aims for a gradual transition to accommodate the ecosystem's reliance on legacy software and internal business tools. The company steadfastly maintains its commitment to Windows as an open platform, allowing users to install various applications and developers to distribute software outside the Microsoft Store, all while making such actions more visible and deliberate.