It's irrelevant. They've been trying to do those things for years but their ability to execute is completely gone. Their efforts to improve things just make stuff worse.

To name just a few examples: they want all code to be signed but Windows code signing certs are more expensive than the Apple developer programme membership, much harder to obtain, the rules actually make it "impossible" in some cases like if your country issues ID cards without an address on them, they're now forcing mandatory HSMs and if your CA decides to change your subject name you're just SOL because only Windows 11 anticipates that problem but Microsoft can't be bothered maintaining Windows 10 anymore so their solution was never backported. Yet, the Windows 11 security hardware requirements mean many people won't upgrade.

So whilst building a theoretical strategy around sandboxing apps, they aren't even able to get the basics right. If the people making these decisions were actually writing Windows apps themselves, they might realize this and Microsoft would be able to get its teams marching in the same direction but there's not much sign of that from the outside.

Compare to how Apple does it: they run their own code signing CA, assign stable arbitrary identifiers to companies and people, and still manage to sell these certs for less than a Windows certificate whilst also throwing a couple of support incidents into the mix too, something you can't even get from Microsoft at all as far as I can see (and I've tried!).

It is going to be relevant after 2025, regardless.

By the way, some of this stuff is already on Window 11 Previews and can be enabled.

Even if they botch this, like it happened to UWP, the alternative will be moving everything to Azure OS with thin clients, so one way or the other, it will happen.

I imagine lots of users will just run Win10 unsupported at that point. I'd be happy if we could assume it vanishes at that point but seems unlikely.

The issue is that a lot of their security strategy is inherited from UWP. So it's already botched.

They do most of this -- albeit without support -- through the store if that's a viable distribution channel for you. You can actually get support, but be prepared to pay big $$$.

Yes, going via the store fixes some of those problems but introduces others. In particular a lot of corporate users have it disabled and of course they have a lot of arbitrary policies. I didn't know they had dev support if you're in the store, interesting thanks.

YMMV, but I found the macOS app store way more picky than the MS Store. Denying my submission for using the term 'Exit' instead of 'Quit' rubs me the wrong way.

The store is kind of a non-starter for many apps. How many apps do they even have in the store? 0.01% of all Windows apps?

No clue, however, they've made it relatively seamless to publish and download from there. You can also use winget [1] to download signed apps from the store. End users don't need an MSA.

[1] - https://learn.microsoft.com/en-us/windows/package-manager/wi...

It's not that seamless. We've been trying it lately and the onboarding process is still pretty bureaucratic. Like, having to give an age rating to a zip utility doesn't make anything better.