Microsoft has announced new security measures to make Windows 11 more secure by default. The company now plans to control which apps and drivers can run on the operating system.
Specifically, Microsoft is testing a setting that will allow only digitally signed apps and drivers to operate. Users will still have the option to change this setting manually if needed.
This step forms part of Microsoft’s broader strategy to strengthen Windows security amid rising cyberattacks.
What Is Windows Baseline Security Mode?
The highlight of the announcement is a new feature called Windows Baseline Security Mode. According to Microsoft, this configuration activates strong and recommended security settings by default.
The company is primarily designing this feature for new devices and fresh Windows installations.
When users enable Baseline Security Mode, the system allows only trusted and digitally signed apps and drivers to run. In other words, any software must carry a valid digital signature from a verified publisher before it can execute.
As a result, the risk of malware spreading through unsigned programs or compromised drivers can be significantly reduced.
How Will This Feature Improve Windows Security?
Microsoft built this new mode on existing security technologies. These include driver signing enforcement and application control policies.
Now, the company is packaging these security tools into a simplified, default-ready solution.
This approach ensures that users receive stronger protection without adjusting complex settings.
In addition, Microsoft plans to improve how Windows displays security alerts and related information. For example, when an app or driver attempts to make system-level changes, users will see clearer and more understandable warnings. They will also be able to easily check whether the software is digitally verified.
Focus on Clear and Meaningful User Consent
Microsoft has emphasized that user consent should be clear and meaningful. Instead of confusing pop-up messages, the company aims to provide simple and transparent security notifications.
Furthermore, Microsoft is working to modernize legacy components within Windows. The goal is to eliminate vulnerabilities that cyber attackers often exploit.
At the same time, the company plans to tighten rules governing how unsigned drivers operate within the system.
Rollout and Future Plans
Although Microsoft has not announced an exact release date, the company confirmed that it will roll out the feature gradually through Windows 11 updates.
Ultimately, Microsoft aims to make Windows “secure by default” while preserving compatibility and user choice.
More details about Windows Baseline Security Mode are expected to appear in upcoming Windows Insider builds and future updates.