Microsoft confirms that Windows 11 will ask for your consent before it allows an AI Agent to access your files stored in the six known folders, which include Desktop, Documents, Downloads, Music, Pictures, and Videos. You can also customize file access permissions for each agent.

This clarification comes after growing concerns around Microsoft’s push to bring AI agents deeper into Windows. Over the past few weeks, the company has been laying the groundwork for agent-based experiences that can interact with your files, apps, and system settings, even while openly admitting that AI models can misbehave, hallucinate, or create new security risks.

Until now, Microsoft hadn’t clearly explained how file access would work in practice, or whether users would have control over what these agents could see.

As first spotted by Windows Latest, on December 5, Microsoft quietly updated its Experimental Agentic Features support document to explain how consent, permissions, and agent connectors work in preview builds 26100.7344 and newer, finally confirming that AI agents cannot access your personal files by default and must explicitly ask for permission.

AI Agents in Windows 11 will need your permission to access files from known folders

A couple of weeks ago, Windows Latest pointed out how Microsoft wants to give AI access to your files and apps, even while admitting that such AI agents can misbehave and pose security risks.

“AI models still face functional limitations in terms of how they behave and occasionally may hallucinate and produce unexpected outputs”, says the company in their support document.

Of course, a company confessing that its most promoted product introduces novel security risks cannot be taken lightly under any circumstances.

We noticed that although Microsoft insists that AI agents run under an agentic workspace, which is separate from the user workspace, and have limited permissions, Windows will still grant them access to your Desktop, Documents, Downloads, Music, Pictures, and Videos folders, which are collectively called the known folders.

This happened when you enabled the “Experimental Agentic features” toggle in Settings > System > AI components. Earlier, enabling the above toggle was supposed to grant access to these folders to all AI agents.

The company hadn’t made it clear how the agents could access these folders and whether or not we would be able to manage access.

However, Microsoft was quick to respond with an update to the support document after Windows Latest reached out for statements. Microsoft says it’s adding a clear consent step for AI agents. Even if you turn on Experimental agentic features, an agent doesn’t automatically get to read your files.

You can also give separate permissions for individual agents, like Copilot, Researcher, or Analyst, to these folders collectively.

Yes, it means that while you can give per-agent access to the known folders, you cannot choose which of the six folders an AI agent can have access to. It’s either all of them or none of them.

I would prefer it if the Researcher and Analyst agents had all-time access to my Documents folder, while Copilot has to ask me every time if it needs access to any of my personal folders. But that’s not the case here.

That being said, you can still choose if the AI agent can get unlimited access at all times, or just allow access once, or no access at all. If an AI agent, like Copilot, needs to get hold of your files to complete a task, you’ll get a pop-up from which you can choose “Always allow”, “Allow once”, or “Not now”.

These options are only available for systems with preview builds 26100.7344 and above for 24H2, 26200.7344 and above for 25H2.

AI Agents get a dedicated Settings page in Windows 11

Each agent you have in Windows now gets its own Settings page from where you can manage its permission to access your files. In the screenshot below, you can change permissions to Connectors in Copilot, like OneDrive and Google Drive integration.

The other “Connectors” just below Files and Connectors are, in fact, Agent Connectors, which are powered by Model Context Protocol (MCP) and are standardized bridges that allow AI agents to interact with apps in Windows. Microsoft is currently testing this with its push to bring AI Agents to the taskbar.

In the screenshot provided by Microsoft, you can also see two Agent Connectors, which let the Agent use the File Explorer app and System Settings app. You can set individual permissions for each of these, which means you can either allow AI agents to use these apps at all times, only once when you allow, or never at all.

To access these settings, go to the Settings app, select System > AI Components > Agents.

You’ll see the list of Agents available on your PC’s Windows OS. Select the agent and customize what these agents can access on your PC.

In the case of Files, Microsoft gives you three options. The Allow Always option gives the agent access to the six known folders whenever it has to. Selecting the Ask every time option will make Windows show you a prompt to give permission to share files in these folders when the agent needs them.

Of course, the Not now option will make Windows deny the request of the agent to access the folders.

This is a solution to a problem that Microsoft created when it said that AI would have access to your files. Anyway, the ability to manage permissions is good enough for now.

That being said, Microsoft also says that “​​​​​​​Agent accounts have access to any folders that all authenticated users have access to, e.g., public user profiles.”

If the folder permissions include groups like Users / Authenticated Users with read access, then an agent account could access it.

If the folder is locked to your user account (plus SYSTEM/Admins), then the agent account won’t have access unless Windows explicitly grants it via the known-folder consent flow.

Note that Microsoft has no word on when AI will be able to stop hallucinating or avoid novel security issues like cross-prompt injection (XPIA).

Interestingly, Microsoft made it a point to post in X that AI in Windows 11 will empower people “securely”, even as malware risks are unavoidable.

The post Microsoft confirms Windows 11 will ask for consent before AI agents can access your personal files, after outrage appeared first on Windows Latest

Today, we're introducing Find Friends — a contact import feature that makes it easy to find people you know on Bluesky.

Social media started as a way to connect with people you actually know. Over time, that got lost in the noise of algorithms and engagement incentives. We're carrying those original values forward, but in a new way that protects your privacy and keeps you in control.

Contact import has always been the most effective way to find people you know on a social app, but it's also been poorly implemented or abused by platforms. Even with encryption, phone numbers have been leaked or brute-forced, sold to spammers, or used by platforms for dubious purposes. We weren't willing to accept that risk, so we developed a fundamentally more secure approach that protects your data.

How it works

If you choose to use Find Friends, you'll verify your phone number and upload your contacts. When someone in your contact book goes through the same process and Bluesky finds a match, we'll let both of you know. This can happen immediately, or later via notification if the match happens down the road.

Find Friends will initially be limited to mobile app users in the following countries: Australia, Brazil, Canada, France, Germany, Italy, Japan, the Netherlands, South Korea, Spain, Sweden, the United Kingdom, and the United States.

A note for early adopters

Matches might take time to appear if you're one of the first to use this feature. As more people opt in, you'll start seeing more connections.

Privacy-first by design

Here's what makes our approach different:

• It only works if both people participate. You'll only be matched with someone if you both have each other in your contacts and you've both opted into Find Friends. If you never use this feature, you'll never be findable through it. Your coworker can't use it to look you up unless you've uploaded their number from your contacts.

• You verify your number first. Before any matching happens, you prove that you own your phone number. This prevents bad actors from uploading random numbers to fish for information about who's on Bluesky.

• Your contact data is protected even if something goes wrong. We store phone numbers as hashed pairs — your number combined with each contact's number — which makes the data exponentially harder to reverse-engineer. That encryption is also tied to a hardware security key stored separately from our database.

• You can remove your data anytime. Changed your mind? You can delete your uploaded contacts and opt out entirely.

What about inviting friends who aren't on Bluesky yet?

When you invite a friend through Find Friends:

• That invite won't come from Bluesky. It comes directly from you when you choose to send it in a text message.

• What if you're already on Bluesky but got an invite anyway? That's because we don't store or track individual phone numbers, so we have no way to tell your friend you're already here. Think of it as a friend reaching out directly — they don't know you've already joined the party.

• There's no "opt out" for receiving invites because they're sent directly via text message outside the Bluesky app. These are personal text messages between friends, not automated messages from Bluesky, so we don't have a way to block them and we have no way to send follow up messages.

We published a detailed technical breakdown of this system as an RFC before building it — you can read the full design here. We wanted to get it right, so we put it out for the security community to be able to verify our approach. For details about the data we collect and process, see the Privacy Policy we created for this feature. Users who opt in to this feature agree to the terms of this policy.

Social media is better with friends. We hope this makes it easier to find yours on Bluesky.

How is zero-trust security evolving? Michele Leroux Bustamante discusses the challenges CISOs face today in controlling access to infrastructure, authenticating and authorizing users, and managing the ongoing evolution of an organization's dependencies. The conversation digs into the variety of stacks available to address various elements of an organization's security requirements. Michele also talks about the NIST Cybersecurity Framework as a starting point for understanding the security elements your organization needs to focus on and improve—security is a continuum, not a destination!

Links

• Azure Entra
• Auth0
• Duende
• KeyCloak
• NIST Cybersecurity Framework
• Open Policy Agent
• Policy Server
• Defender for Cloud
• Azure API Management
• Azure Front Door

Recorded October 29, 2025