Build 2025: Microsoft Announces New Windows 11 Security Features to Boost Privacy and Control

Microsoft is raising the bar for Windows 11 security with a fresh batch of features designed to put users in the driver’s seat of their privacy and protection. These new security features are designed to give users more control over their privacy and protection on Windows PCs.

Administrator protection is a new Windows security feature designed to prevent unauthorized or accidental changes that require elevated privileges. It works by requiring users to authenticate using Windows Hello, such as facial recognition, fingerprint, or a PIN, before any action that needs administrator rights can proceed. This additional layer of security helps to reduce the risk of malware or other users making changes without permission.

Enhanced privacy controls for Windows 11

Microsoft has released an update to Windows privacy settings aimed at giving users more control over their personal data. Specifically, access to sensitive resources like the camera, microphone, and location (C/M/L) will now require explicit user permission before any app can use them. Previously, these permissions were often enabled by default on Windows 11 PCs.

Microsoft is encouraging developers to assign a package identity to their apps, which helps Windows recognize and manage the app more securely and consistently. Developers can update existing apps by adding an identity package to their installer. This change will allow the apps to integrate better with modern Windows features like permission management, updates, and security controls.

Microsoft says that these features are currently available in public preview, which could affect apps that depend on the platform’s previous behavior. Developers should test their apps to ensure they function correctly when Administrator protection is active and the default desktop setting for Confidential/Moderate/Low (C/M/L) privacy levels is disabled.

VBS Enclave SDK and tooling

Microsoft has introduced the new Virtualization-based security (VBS) Enclave SDK in public preview for secure computing needs. This new SDK helps developers handle enclave creation, manage thread pools, and report telemetry.

“It starts with tooling to create an API projection layer. Developers can now define the interface between the host app and the enclave, while the tooling does all the hard work to validate parameters and handle memory management and safety checks. This allows developers to focus on their business logic while the enclave protects the parameters, data and memory,” explained Pavan Davuluri, CVP for Windows + Devices.

Last but not least, Microsoft has rolled out several improvements to the Windows App SDK. The latest update brings advanced Windows AI capabilities for Copilot+ PCs. Developers will be able to add intelligent features into their apps, such as recognizing text within images, responding to incoming prompts, describing image contents, and removing objects from pictures.

In June, the Windows App SDK NuGet package will be changed to a NuGet metapackage. A metapackage is like a bundle that doesn’t contain code itself but references other packages. This release will allow developers to include only the APIs and functionalities that are necessary for their apps.

In related news, Microsoft has announced Windows AI Foundry at its Build developer conference today. This new offering is an evolution of Windows Copilot Runtime, which offers a unified and reliable platform supporting the AI developer lifecycle.