Microsoft has introduced a mandatory consent framework in Windows 11 that prevents artificial intelligence agents from accessing personal files without explicit user approval. In updated documentation for experimental agentic artificial intelligence features, the company specifies that six folders are designated as protected locations by default: Desktop, Documents, Downloads, Music, Pictures, and Videos. Each artificial intelligence assistant must request access to these locations individually, and the operating system does not grant any system-wide file permissions automatically.
The new controls operate on a per-agent basis, so approval granted to one artificial intelligence tool does not extend to other assistants that might be installed on the same system. When an agent attempts to reach files in protected folders, Windows displays a consent interface where users can choose whether to grant permanent access, require reauthorization every time the agent interacts with those files, or deny access completely. This opt-in design means a standard Windows 11 installation remains unchanged unless the user deliberately enables agentic features and authorizes specific assistants.
Each artificial intelligence assistant receives its own configuration area within Windows settings, giving users a way to revisit and adjust permissions after initial setup. Alongside these folder protections, Microsoft is also testing discrete connectors that govern how agents interact with system applications such as File Explorer and Settings, which are managed separately from core personal folder access rules. This modular approach is intended to let users allow an artificial intelligence agent to carry out actions like changing system configurations while still preventing that same agent from viewing or manipulating personal content such as photos or documents.
