Windows 11 is getting mobile-style app permissions

Security is one of the most crucial aspects of any PC. Microsoft does an admirable job at keeping Windows 11 secure (which is more than you can say for other parts of the OS), but it wants to do better. New systems will allow for per-app permissions, and only signed apps will be allowed to run by default. This approach mirrors the security on Android and iOS.

It’s all laid out in this Windows Experience blog post. The “Baseline Security Mode”—presumably enabled by default—will only allow “properly signed apps, services, and drivers” to run. Before you start reaching for a Linux distro, Microsoft engineer Logan Iyer adds that both users and IT administrators will be able to override the default settings for specific apps. Another system called “User Transparency and Consent” will prompt the user to grant specific permissions when apps try to access specific things, like local files, the camera, the microphone, or to install other software.

The system will operate “just like on your smartphone,” according to the blog post. (By the way, “Baseline Security Mode” and “User Transparency and Consent” are such classic Microsoft names, eh?) “These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later,” writes Iyer.

Microsoft quotes leaders at 1Password, Adobe, CrowdStrike, OpenAI, and Raycast in praise of this initiative. But exactly how will it look for end users? And what improvements or headaches might it create? That’s yet to be seen. From the closing of the blog post, it sounds like the initial user tests (presumably to be conducted via Windows Insider builds) are still weeks or months away.