Today, Windows 11 powers over a billion devices and supports millions of apps across business, creativity, education, gaming and productivity. For decades, our commitment to openness and compatibility, in partnership with our global community of developers, has enabled a rich and enduring ecosystem. However, users are increasingly seeing apps override their settings, install additional software or alter core Windows experiences without their awareness or consent. And your feedback is clear: Windows must both remain an open platform and be secure by default — protecting the integrity of your experience regardless of the apps installed. Our developers and ecosystem partners echo this need. They have called for stronger, more consistent security foundations in the operating system. Windows is evolving to take more accountability to place you firmly in a consent‑first model by making app and AI agent behavior transparent, decisions reversible and access limited to clearly approved capabilities. At the same time, we remain committed to app compatibility and will provide developers with the tools and guidance needed to adapt to this strengthened security model.

Introducing Windows Baseline Security Mode and User Transparency and Consent 

Microsoft has made security a top priority, investing deeply through company‑wide efforts like the Secure Future Initiative to make Windows more secure by default and focused on helping organizations prevent, manage and recover from incidents through the Windows Resiliency Initiative along with our ecosystem partners. We’ve strengthened Windows with security controls designed to meet customer needs, delivered through capabilities like Smart App Control and Administrator protection. Building on this, we are starting new SFI efforts for Windows Baseline Security Mode and User Transparency and Consent in Windows. This establishes a more robust security model that advances app transparency and user consent, with features that make app behavior more visible and app permissions easier to understand and manage. With Windows Baseline Security Mode, Windows will move toward operating with runtime integrity safeguards enabled by default. These safeguards ensure that only properly signed apps, services and drivers are allowed to run, helping to protect the system from tampering or unauthorized changes. Users and IT administrators will still have the flexibility to override these safeguards for specific apps when needed. Developers can also check whether these protections are active and whether any exceptions have been granted — giving them insight and control over the conditions under which their apps run. With User Transparency and Consent, we are bringing a more consistent and intuitive approach to how Windows communicates security decisions. Just like on your smartphone, Windows will now prompt you when apps try to access sensitive resources — like your files, camera or microphone — or when they attempt to install other unintended software. These prompts are designed to be clear and actionable, and you’ll always have the ability to review and change your choices later. Apps and AI agents will also be expected to meet higher transparency standards, giving both users and IT administrators better visibility into their behaviors. These updates raise the bar for security and privacy on Windows, while giving you more control and confidence in how your system and data are accessed.

Guiding principles 

Windows has a long-standing tradition as an open platform. We will continue to preserve what has made it successful: freedom to install any app and openness to every developer. Building on that foundation, Windows Baseline Security Mode and User Transparency and Consent are grounded in a set of principles that put users clearly at the center.

1. System-enforced transparency. Just like they do today on their mobile phones, users will be able to clearly see which apps have access to sensitive resources, including file system, devices like camera and microphone, and others. If they see an app that they don't recognize, they will be able to revoke access.
2. User-centric consent. Users will have transparency and consent control over how apps access their personal data and device features. They will receive clear prompts to grant or deny apps permission to access protected data and hardware. Users will also be able to revoke permissions they have previously granted.
3. Thoughtful rollout. We will begin by giving users and IT admins visibility into how apps and agents behave in the system. For developers, Windows will provide tools and APIs to streamline adoption. Their existing well-behaved apps will continue to work, giving developers the time and runway to adhere to the new, stronger security and privacy posture of Windows.

What’s next 

We recognize that change takes time. That’s why this will roll out through a phased approach guided by clear principles – developed in close partnership with developers, enterprises and ecosystem partners to ensure a smooth and thoughtful transition. We’ve already begun this work alongside some of them to shape the early direction. We’re learning and adjusting from their feedback and perspectives as we refine our approach to stronger security, user transparency and consent, and how this evolution of Windows supports their needs.

Jacob DePriest, CISO and CIO at 1Password, says, “We’re excited to see Microsoft’s commitment to hardening desktop app security by making app behavior more transparent and strengthening security by default. As more people continue to rely on SaaS apps, agents and AI-driven tools, clarity and consent at the operating system level are critical to protecting sensitive data without adding friction. The focus on user transparency and choice for security is something we deeply value at 1Password.”

Michael Draper, VP of Global Consumer Trust at Adobe, says “Adobe has always taken a proactive approach to security and we are collaborating across the ecosystem to strengthen customer protection. These efforts align with our broader focus on trust and we appreciate the opportunity to work alongside companies that share this commitment to keeping people safe.”

Alex Ionescu, Chief Technology Innovation Officer at CrowdStrike, says, “CrowdStrike is looking forward to being an early partner in the development of a new, more secure and resilient runtime model for Windows applications, which helps raise the bar for user security and privacy. When applications and agentic workloads are well-behaved and respect user consent settings with proper security boundaries, security software can better protect users from attackers with reduced performance overhead.”

Ari Weinstein, Member of Product Staff at OpenAI, says, “As we build increasingly capable agents, it's even more important for people to have visibility and control over what's happening on their computers. It's great to see Microsoft level up the security of their platform, and we're excited to work together to deliver powerful, secure AI experiences on Windows and beyond.”

Raycast is a popular productivity tool used by developers and professionals. Thomas Paul Mann, Co-founder and CEO of Raycast, says, “At Raycast, privacy and security have always been core to how we build. As a tool that works deeply with Windows, we believe users deserve full transparency about what apps can do. This matters even more as AI agents start to act on their behalf. We're excited to support User Transparency and Consent and shape it together.”

Now, we’re expanding the conversation to our broader community. Through upcoming blogs and dedicated feedback channels, we’ll invite you to engage with us, share your insights and help refine this journey. Together, we can strengthen the Windows ecosystem and build the next 40 years of innovation — grounded in trust, transparency and user consent.

Here are the notable launches and updates from last week that can help you build, scale, and innovate on AWS.

Last week’s launches
Here are the launches that got my attention this week.

Let’s start with news related to compute and networking infrastructure:

• Introducing Amazon EC2 C8id, M8id, and R8id instances: These new Amazon EC2 C8id, M8id, and R8id instances are powered by custom Intel Xeon 6 processors. These instances offer up to 43% higher performance and 3.3x more memory bandwidth compared to previous generation instances.
• AWS Network Firewall announces new price reductions: The service has added the hourly and data processing discounts on NAT Gateways that are service-chained with Network Firewall secondary endpoints. Additionally, AWS Network Firewall has removed additional data processing charges for Advanced Inspection, which enables Transport Layer Security (TLS) inspection of encrypted network traffic.
• Amazon ECS adds Network Load Balancer support for Linear and Canary deployments: Applications that commonly use NLB, such as those requiring TCP/UDP-based connections, low latency, long-lived connections, or static IP addresses, can take advantage of managed, incremental traffic shifting natively from ECS when rolling out updates.
• AWS Config now supports 30 new resource types: These range across key services including Amazon EKS, Amazon Q, and AWS IoT. This expansion provides greater coverage over your AWS environment, enabling you to more effectively discover, assess, audit, and remediate an even broader range of resources.
• Amazon DynamoDB global tables now support replication across multiple AWS accounts: DynamoDB global tables are a fully managed, serverless, multi-Region, and multi-active database. With this new capability, you can replicate tables across AWS accounts and Regions to improve resiliency, isolate workloads at the account level, and apply distinct security and governance controls.
• Amazon RDS now provides an enhanced console experience to connect to a database: The new console experience provides ready-made code snippets for Java, Python, Node.js, and other programming languages as well as tools like the psql command line utility. These code snippets are automatically adjusted based on your database’s authentication settings. For example, if your cluster uses IAM authentication, the generated code snippets will use token-based authentication to connect to the database. The console experience also includes integrated CloudShell access, offering the ability to connect to your databases directly from within the RDS console.

Then, I noticed three news items related to security and how you authenticate on AWS:

• AWS Builder ID now supports Sign in with Apple: AWS Builder ID, your profile for accessing AWS applications including AWS Builder Center, AWS Training and Certification, AWS re:Post, AWS Startups, and Kiro, now supports sign-in with Apple as a social login provider. This expansion of sign-in options builds on the existing sign-in with Google capability, providing Apple users with a streamlined way to access AWS resources without managing separate credentials on AWS.
• AWS STS now supports validation of select identity provider specific claims from Google, GitHub, CircleCI and OCI: You can reference these custom claims as condition keys in IAM role trust policies and resource control policies, expanding your ability to implement fine-grained access control for federated identities and help you establish your data perimeters. This enhancement builds upon IAM’s existing OIDC federation capabilities, which allow you to grant temporary AWS credentials to users authenticated through external OIDC-compatible identity providers.
• AWS Management Console now displays Account Name on the Navigation bar for easier account identification: You now have an easy way to identify your accounts at a glance. You can now quickly distinguish between accounts visually using the account name that appears in the navigation bar for all authorized users in that account.
• Amazon CloudFront announces mutual TLS support for origins: Now with origin mTLS support, you can implement a standardized, certificate-based authentication approach that eliminates operational burden. This enables organizations to enforce strict authentication for their proprietary content, ensuring that only verified CloudFront distributions can establish connections to backend infrastructure ranging from AWS origins and on-premises servers to third-party cloud providers and external CDNs.

Finally, there is not a single week without news around AI :

• Claude Opus 4.6 now available in Amazon Bedrock: Opus 4.6 is Anthropic’s most intelligent model to date and a premier model for coding, enterprise agents, and professional work. Claude Opus 4.6 brings advanced capabilities to Amazon Bedrock customers, including industry-leading performance for agentic tasks, complex coding projects, and enterprise-grade workflows that require deep reasoning and reliability.
• Structured outputs now available in Amazon Bedrock: Amazon Bedrock now supports structured outputs, a capability that provides consistent, machine-readable responses from foundation models that adhere to your defined JSON schemas. Instead of prompting for valid JSON and adding extra checks in your application, you can specify the format you want and receive responses that match it—making production workflows more predictable and resilient.

Upcoming AWS events
Check your calendars so that you can sign up for this upcoming event:

AWS Community Day Romania (April 23–24, 2026): This community-led AWS event brings together developers, architects, entrepreneurs, and students for more than 10 professional sessions delivered by AWS Heroes, Solutions Architects, and industry experts. Attendees can expect expert-led technical talks, insights from speakers with global conference experience, and opportunities to connect during dedicated networking breaks, all hosted at a premium venue designed to support collaboration and community engagement.

If you’re looking for more ways to stay connected beyond this event, join the AWS Builder Center to learn, build, and connect with builders in the AWS community.

Check back next Monday for another Weekly Roundup.

— seb

---

Claude Opus 4.6 (fast mode) is now available in Windsurf with limited-time promotional pricing for self serve users: 10x credits without thinking and 12x credits with thinking until February 16.

We're making a part of our multi-agent research harness available to try today in preview.

The Batch AI News and Insights: Job seekers in the U.S. and many other nations face a tough environment.