> You aren't distributing your own drivers without Microsoft's approval.

Only kernel drivers.

> You aren't connecting to Active Directory without Microsoft's blessing.

I think you're talking about EntraID. That is true enough. You can just spin up Windows Server and create a domain controller, no problem. You don't need Microsoft for domain services, though - you can use other domain controller types. (You don't get GPO and other things - that's not a 'walled garden' thing, that's a feature set which other systems don't have)

> In that respect, Windows is only open from an end user perspective. In all other respects, it is closed, and it is closed tightly.

Not so tight as you seem to think. And anyways, I was specifically referring to building windows apps - which you did not disagree with. You absolutely can pull down various free tools, build an app, package it up as a .zip or .msi and distribute it from a variety of places. The Windows app store is a walled garden, but you don't have to use it.