MicrosoftI'm not sure I understand the distinction between UAC and this.
With Administrator protection, the user stays de-privileged and is granted just-in-time elevation rights only for the duration of an admin operation. The admin token is discarded after use and is recreated when another task requiring admin privileges is performed.
Doesn't UAC do the same with LUA? Your user session runs with a limited privilege token and only programs which where granted elevation get an admin token.
With Administrator protection, the user needs to interactively authorize every admin operation. This ensures that the administrator user stays in full control and that admin privileges are not abused. Integration with https://learn.microsoft.com/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security further enhances security while providing a convenient experience.
Doesn't UAC already do this as well? By default, you are prompted for admin consent on the Secure Desktop for every process that needs elevation.
Is Administration Protection more granular? e.g. a limited user process can request an admin token without needing to relaunch itself entirely as admin?
MicrosoftIn Administrator protection, the token with administrator permissions is discarded as soon as the admin task is completed, thereby reducing the attack opportunity.
