Windows 11 is getting a new security mode meant to block risky software before it can dig into the system, especially the kind that hides behind drivers and background services.
Microsoft calls it Windows Baseline Security Mode. It turns integrity safeguards on by default, so signed apps, services, and drivers are the ones that run. If something is unsigned, Windows can stop it. You can still approve exceptions when you need to keep a legitimate tool working.
Microsoft is also pushing User Transparency and Consent. Windows will start prompting you when an app reaches for device or data access, and when an installer tries to add extra software you didn’t ask for. Those decisions won’t be permanent, you’ll be able to change them later.
Baseline Security Mode changes what can run
The big shift is that Windows is trying to make low-level changes harder to slip in quietly. Drivers and services are powerful, they can live deep in the OS and survive reboots, which makes them attractive to attackers and messy to remove.
With the safeguards enabled, code signing becomes the gate. That should cut down on silent installs of kernel drivers, system services, or helper processes that hook into other apps.
It’s also not a hard lock. If a trusted app gets blocked, you or your IT admin can allow an exception for that specific case. Microsoft says developers can detect when protections are active and whether an exception exists, which should reduce the usual troubleshooting fog.
The consent prompts are the other half
Baseline mode isn’t only about blocking code, it’s also about making behavior easier to see. Microsoft wants Windows to speak up when software tries to use things people actually care about, like the mic, camera, and files.
That matters because a lot of bad experiences aren’t classic malware. It’s installers that bundle extra stuff, apps that grab permissions they don’t need, or tools that change settings without making it obvious. Clear prompts, plus the ability to revisit choices later, makes that harder to hide.
For businesses, the same controls could mean fewer surprises across managed PCs, while still leaving room to approve older software that’s important to operations.
What to watch next
Microsoft describes this as a phased rollout, starting with more visibility into app and agent behavior, plus tools and APIs so developers can adapt. Later comes broader enforcement through Baseline Security Mode and the consent experience.
Your best next step is to watch Settings for new review controls, and watch driver makers and security vendors for updated guidance. If you rely on niche peripherals, that’s where friction tends to show up first.
