There’s quite a bit of security related features they baked into Windows. Virtualization based security with code integrity, app guard, device guard credential guard, etc. are all really robust, but it all requires configuration, and some is locked behind enterprise licensing. The entire NT security model is built on security descriptors applied to pretty much every system object and is way more granular than *nix’s User and Group ID access control.

So yeah, for a while at least, Microsoft did prioritize security and did a lot of work to harden windows (or rather, provide the features for corporate IT departments to harden it). The problem is much of it is off by default, or even not available at all, to home users.

Given Microsoft’s attitude and locking this stuff behind enterprise licenses, it’s clear they don’t even view windows as a consumer OS but one that’s designed to be managed at scale by someone else.