Along with the native capability to permit only digitally signed applications to run, virtualized and instanced drivers for indirect hardware access, address space layout randomization, and EFS to facilitate certificate-based A&A model for storage, Microsoft has fully achieved what they set out to accomplish. The last remaining challenge is the application work, which of course was always going to be the hardest. Who decides which apps are secure and can be digitally signed? Who decides which digital signatories are to be trusted themselves? Do applications finally make the leap to permit themselves to run in partitioned instances where they can't touch other things and other things cant touch them?
The technology exists and has existed since Win10. We just now have to decide to pressure appdev teams to actually use it.