MICROSOFT is rolling out Windows Baseline Security Mode, with runtime integrity safeguards enabled by default to ensure that only properly signed applications, drivers, and services can run. For cases where exceptions are needed, users and administrators will have the option to override the safeguards. Developers can also check whether these protections are active and whether any exceptions have been granted, giving them insight and control over the conditions under which their apps run, according to Microsoft.
The company also noted that Secure Boot certificates will begin to expire in June, and refreshed certificates will be rolled out to supported Windows releases. To provide additional visibility, User Transparency and Consent will notify users whenever an application attempts to access sensitive resources or to install additional software, with prompts described as clear and actionable and the option to review and change choices later.
Apps and AI agents will be expected to meet higher transparency standards, and Microsoft says the aim is to give users and IT administrators better visibility into how apps behave, with Windows providing tools and APIs to help developers adopt the new security posture in phases. 12 February 2026