To answer the original question: I've been at MSFT like, 8 years now? And this is probably the third serious attempt my team has made at Sudo for Windows. (I think I heard of a couple other attempts in my tenure as well). After the last attempt, my mantra had always been "this is impossible to actually ship".
It's a tricky feature to ship, cause it is ultimately something that can be used as an escalation of privilege vector. Like, that's the entire idea. And there are a lot of people who (very rightly) get the ick when you say "we want to add this thing which can be used as an EoP to the OS image".
So, it's kinda hard to believe that after four years of thinking it was impossible, we actually managed to get it out the door.
If you can get the suggestion passed on, a simple way to run a process while _dropping_ elevation would be appreciated. Basically the _opposite_ of sudo. There should be a way to _easily_ drop permissions back to the standard desktop user (or lower?), like Linux's setuidgid. There's runas, but apparently that's not sufficient[0]; instead all I'm aware of is scheduled tasks and proxying through explorer, or leaving an unelevated process open and using IPC or other methods to tell if to run something else (none of this is easy in a simple batch file).
The biggest visibility into this issue is software installers, which regularly offer to launch the freshly installed program for the user's convenience...with the same elevated permissions the installer itself uses.
I'm not critical. I don't have enough knowledge on the situation to share criticism on the topic yet.
I could have added "Could you expand on this?" to clarify my intent.