Microsoft Unveils Enhanced Mobile-Style Security Controls for Windows
Microsoft has announced a significant enhancement to security controls for Windows 11, introducing mobile-style app permission prompts. This new approach aims to improve user consent management when applications request access to sensitive resources, including files, cameras, and microphones.
Key Features of Enhanced Security Controls
The initiative, which includes the “Windows Baseline Security Mode” and “User Transparency and Consent,” represents a pivotal change for the operating system, now used on over 1 billion devices worldwide. Logan Iyer, a Windows Platform engineer, highlighted concerns over apps overriding user settings and installing unwanted software without consent.
Improved User Transparency
With the upcoming changes, Windows 11 will issue permission requests similar to those on smartphones. This allows users to accept or deny access while maintaining the flexibility to modify their choices later. The primary features include:
- Runtime integrity safeguards to ensure only properly signed apps can run.
- Clear prompts for users to grant or deny app permissions.
- Ability to revoke access for unrecognized applications.
Implementation Timeline and Collaborations
Microsoft plans to introduce these updates gradually, working closely with developers, enterprises, and ecosystem partners. The rollout will be adjusted based on user feedback to ensure optimal functionality.
Secure Future Initiative
This security overhaul is part of Microsoft’s Secure Future Initiative (SFI), launched in November 2023. This initiative was prompted by findings from the Cyber Safety Review Board of the U.S. Department of Homeland Security, which identified the company’s security culture as lacking. The report followed a serious breach in May 2023 by the Storm-0558 hacking group, which compromised a Microsoft consumer signing key.
Additional Security Enhancements
In conjunction with the new permission prompts, Microsoft is taking further steps to bolster security:
- Securing Entra ID sign-ins against script-injection attacks.
- Disabling all ActiveX controls in Microsoft 365 and Office 2024 Windows apps.
- Updating security defaults in Microsoft 365 to block access through legacy authentication protocols.
Iyer noted that these modifications will enhance visibility for users and IT administrators regarding app behaviors, thereby increasing control over system security. The overarching goal is to elevate security and privacy standards on Windows, providing users with confidence in their digital environment.
