Introducing Windows Baseline Security Mode and User Transparency and Consent

Today, Windows 11 powers over a billion devices and supports millions of apps across business, creativity, education, gaming and productivity. For decades, our commitment to openness and compatibility, in partnership with our global community of developers, has enabled a rich and enduring ecosystem. However, users are increasingly seeing apps override their settings, install additional software or alter core Windows experiences without their awareness or consent. And your feedback is clear: Windows must both remain an open platform and be secure by default — protecting the integrity of your experience regardless of the apps installed. Our developers and ecosystem partners echo this need. They have called for stronger, more consistent security foundations in the operating system. Windows is evolving to take more accountability to place you firmly in a consent‑first model by making app and AI agent behavior transparent, decisions reversible and access limited to clearly approved capabilities. At the same time, we remain committed to app compatibility and will provide developers with the tools and guidance needed to adapt to this strengthened security model.

Introducing Windows Baseline Security Mode and User Transparency and Consent ​

Microsoft has made security a top priority, investing deeply through company‑wide efforts like the Secure Future Initiative to make Windows more secure by default and focused on helping organizations prevent, manage and recover from incidents through the Windows Resiliency Initiative along with our ecosystem partners. We’ve strengthened Windows with security controls designed to meet customer needs, delivered through capabilities like Smart App Control and Administrator protection. Building on this, we are starting new SFI efforts for Windows Baseline Security Mode and User Transparency and Consent in Windows. This establishes a more robust security model that advances app transparency and user consent, with features that make app behavior more visible and app permissions easier to understand and manage.

With Windows Baseline Security Mode, Windows will move toward operating with runtime integrity safeguards enabled by default. These safeguards ensure that only properly signed apps, services and drivers are allowed to run, helping to protect the system from tampering or unauthorized changes. Users and IT administrators will still have the flexibility to override these safeguards for specific apps when needed. Developers can also check whether these protections are active and whether any exceptions have been granted — giving them insight and control over the conditions under which their apps run.

With User Transparency and Consent, we are bringing a more consistent and intuitive approach to how Windows communicates security decisions. Just like on your smartphone, Windows will now prompt you when apps try to access sensitive resources — like your files, camera or microphone — or when they attempt to install other unintended software. These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later. Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors. These updates raise the bar for security and privacy on Windows, while giving you more control and confidence in how your system and data are accessed.

Guiding principles ​

Windows has a long-standing tradition as an open platform. We will continue to preserve what has made it successful: freedom to install any app and openness to every developer. Building on that foundation, Windows Baseline Security Mode and User Transparency and Consent are grounded in a set of principles that put users clearly at the center.

1. System-enforced transparency. Just like they do today on their mobile phones, users will be able to clearly see which apps have access to sensitive resources, including file system, devices like camera and microphone, and others. If they see an app that they don’t recognize, they will be able to revoke access.
2. User-centric consent. Users will have transparency and consent control over how apps access their personal data and device features. They will receive clear prompts to grant or deny apps permission to access protected data and hardware. Users will also be able to revoke permissions they have previously granted.
3. Thoughtful rollout. We will begin by giving users and IT admins visibility into how apps and agents behave in the system. For developers, Windows will provide tools and APIs to streamline adoption. Their existing well-behaved apps will continue to work, giving developers the time and runway to adhere to the new, stronger security and privacy posture of Windows.

What’s next ​

We recognize that change takes time. That’s why this will roll out through a phased approach guided by clear principles – developed in close partnership with developers, enterprises and ecosystem partners to ensure a smooth and thoughtful transition. We’ve already begun this work alongside some of them to shape the early direction. We’re learning and adjusting from their feedback and perspectives as we refine our approach to stronger security, user transparency and consent, and how this evolution of Windows supports their needs.

Jacob DePriest, CISO and CIO at 1Password, says, “We’re excited to see Microsoft’s commitment to hardening desktop app security by making app behavior more transparent and strengthening security by default. As more people continue to rely on SaaS apps, agents and AI-driven tools, clarity and consent at the operating system level are critical to protecting sensitive data without adding friction. The focus on user transparency and choice for security is something we deeply value at 1Password.”

Michael Draper, VP of Global Consumer Trust at Adobe, says “Adobe has always taken a proactive approach to security and we are collaborating across the ecosystem to strengthen customer protection. These efforts align with our broader focus on trust and we appreciate the opportunity to work alongside companies that share this commitment to keeping people safe.”

Alex Ionescu, Chief Technology Innovation Officer at CrowdStrike, says, “CrowdStrike is looking forward to being an early partner in the development of a new, more secure and resilient runtime model for Windows applications, which helps raise the bar for user security and privacy. When applications and agentic workloads are well-behaved and respect user consent settings with proper security boundaries, security software can better protect users from attackers with reduced performance overhead.”

Ari Weinstein, Member of Product Staff at OpenAI, says, “As we build increasingly capable agents, it’s even more important for people to have visibility and control over what’s happening on their computers. It’s great to see Microsoft level up the security of their platform, and we’re excited to work together to deliver powerful, secure AI experiences on Windows and beyond.”

Raycast is a popular productivity tool used by developers and professionals. Thomas Paul Mann, Co-founder and CEO of Raycast, says, “At Raycast, privacy and security have always been core to how we build. As a tool that works deeply with Windows, we believe users deserve full transparency about what apps can do. This matters even more as AI agents start to act on their behalf. We’re excited to support User Transparency and Consent and shape it together.”

Now, we’re expanding the conversation to our broader community. Through upcoming blogs and dedicated feedback channels, we’ll invite you to engage with us, share your insights and help refine this journey. Together, we can strengthen the Windows ecosystem and build the next 40 years of innovation — grounded in trust, transparency and user consent.