Windows 11 Security Gets Mobile-Style Overhaul
Windows 11 Security Gets Mobile-Style Overhaul
Submitted by John Lister on Mon, 03/02/2026 - 10:32
Microsoft has announced a significant security update for Windows 11, introducing new controls that mirror the permission systems on modern smartphones. The changes are designed to make the operating system "secure by default" by giving users more direct control over how applications access data and system resources.
This change aims to address long-standing issues where applications can override system settings or install unwanted software without clear user approval. The new framework is built on two core components: "Windows Baseline Security Mode" and "User Transparency and Consent."
A 'Secure by Default' Approach
The new Baseline Security Mode will, by default, only permit applications, services, and drivers that have been properly signed to run. This process involves verifying a digital certificate that confirms the publisher's identity and makes sure the software has not been altered. (Source: windowslatest.com)
While this creates a stronger defense against malware, Microsoft has confirmed that both users and IT administrators will retain the ability to create exceptions for trusted applications that may be unsigned. This flexibility is crucial for developers and professionals who need to run specialized or legacy tools..
Granular Permission Controls
The second major change introduces a granular permission system inspired by security in mobile operating systems such as Android. Under the "User Transparency and Consent" feature, Windows will now explicitly request permission when an application attempts to access sensitive hardware like a camera or microphone, or personal data such as local files, location, and contacts.
These permission prompts are designed to be clear, providing a brief explanation of why the application is requesting access and allowing users to grant or deny it. Users will be able to review and revoke these permissions at any time via a centralized dashboard in the system settings, providing greater ongoing visibility and control over their privacy. (Source: bleepingcomputer.com)
The changes follow Microsoft's embarrassment in 2023 when the Department of Homeland Security declared the company's entire security culture was "inadequate". There's no firm timescale for the new features, with Microsoft simply labeling them as part of ongoing improvements.What's Your Opinion?
Do you think enforcing signed apps by default will significantly improve Windows security? Will the new permission prompts become an annoyance or a welcome privacy feature? Are there any potential downsides to making Windows security more like a mobile operating system?
Rate this article:
Category:
Need Help? Ask!
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in technical support and cyber crimes with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in technical support and cyber crimes with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
What build will this occur? or revision?
I have a devoloper version 25H2.7840 do I have it?
Sounds kind of like "Smart app control"
This is in Windows Security/app & browser control/Smart App Control settings.
There are three levels:
Off (every system I have checked is off)
Evaluation (it does this for a little while after a new install "seeing" if it will conflict)
On
Once off OFFICALLY you can not turn it on without a new install. There is a registry command to force it on, but I have found it works on some and not others.