Microsoft aren’t kicking people out of kernel space but expanding the capabilities in user space to minimize the reasons to need to run security components in kernel mode so they can develop and deploy solutions with minimal risk (no security vendor wants that risk when they’re running on business/enterprise machines like CrowdStrike).
Kicking everyone out of the kernel is a long journey and even Apple, who are much further along this path, still haven’t completely closed the door on kernel extensions. It’ll be several Windows versions yet before kernel drivers are no longer a thing.