Microsoft announced this week new Windows enhancements to improve user safety and keep them better informed.
As part of the Secure Future Initiative announced in November 2023, the company is moving towards having runtime integrity safeguards enabled by default in Windows.
The enhancement, called Windows Baseline Security Mode, will ensure that only properly signed applications, drivers, and services can run, thus preventing tampering and unauthorized changes.
For those cases where exceptions are needed, users and administrators will have the option to override the safeguards.
“Developers can also check whether these protections are active and whether any exceptions have been granted — giving them insight and control over the conditions under which their apps run,” Microsoft notes.
The tech giant announced the improvement simultaneously with revealing that Secure Boot certificates will begin to expire in June, and that refreshed certificates will be rolled out to supported Windows releases.
Secure Boot protects devices from the moment they are powered on, preventing the execution of unsigned software before Windows starts.
To provide additional visibility into Windows’ security decisions, Microsoft introduced User Transparency and Consent, which will notify users whenever an application attempts to access sensitive resources or to install additional software.
According to Microsoft, the prompts will be clear and actionable, and users will also have the possibility to later review their choices and change them.
“Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors,” Microsoft says.
The idea behind the newly detailed security and privacy improvements, Microsoft notes, is to provide users with better visibility and consent control over how applications access their files, camera, microphone, and other sensitive resources.
“We will begin by giving users and IT admins visibility into how apps and agents behave in the system. For developers, Windows will provide tools and APIs to streamline adoption. Their existing well-behaved apps will continue to work, giving developers the time and runway to adhere to the new, stronger security and privacy posture of Windows,” the company says.
Microsoft will roll out these enhancements in phases, working together with developers and partners for guidance adjusted based on their feedback.
Related: Microsoft Moves Closer to Disabling NTLM
Related: Microsoft Names New Operating CISOs in Strategic Move to Strengthen Cyberdefense
Related: Microsoft Bug Bounty Program Expanded to Third-Party Code
Related: Microsoft Unveils Security Enhancements for Identity, Defense, Compliance
