Well this is an interesting feature I had not heard about until today.  I haven't been following the buzz about Fall Creators Update as closely as I should have, apparently.  With Controlled Folder Access, Windows 10 adds a type of second layer Access Control List to any folder you specify.  This is an interesting approach.  It differs from NTFS permissions in that you can whitelist applications, rather than users.  So even though I have Full Control / Owner of my OneDrive folder, if I add Controlled Folder Access, I will still get access denied when saving a file from Excel there unless I whitelist Excel.

It's not perfect.  You have to opt-in folders, presumably your most sensitive or precious (documents, pictures, etc.) and applications, which is a lot of effort.  Though there are GPOs to govern this feature, so it could be handy in the enterprise on strictly controlled machines.

What I would like to see added to this feature is automatic enrollment for an application's AppData folders.  For example, the installer or application could have a manifest that defines where they are putting their application data under AppData and what application is allowed to read and/or modify it.  Keep the ability of the user to control this from Defender, so you can manually opt-in other apps.

Source: https://www.bleepingcomputer.com/news/microsoft/windows-10s-controlled-folder-access-anti-ransomware-feature-is-now-live/