Particle.news

Microsoft Details Windows Baseline Security Mode for Default Signed-Only Runtime

Secure Boot certificates begin expiring in June, signaling a phased rollout that includes developer APIs.

Overview

  • Only properly signed applications, drivers, and services will be allowed to run by default under the new mode.
  • Users and IT administrators can grant exceptions where needed, and developers can detect whether protections and any exemptions are active.
  • A new User Transparency and Consent model will show clear prompts when software accesses sensitive resources or attempts to install additional components, with choices available for later review.
  • Microsoft says apps and AI agents will be held to higher transparency standards to give users and administrators better visibility into their behavior.
  • The enhancements will roll out in phases, and refreshed Secure Boot certificates will be delivered to supported Windows releases as current certificates start to expire in June.