Microsoft has updated its Recall feature for Copilot+ enabled Windows 11 PCs, addressing prior security and privacy concerns. Initially introduced as a service that captures and stores user activity snapshots, Recall leverages neural processing capabilities to assist with search queries by indexing these screenshots. For example, if a user recalls a specific image seen on Discord but cannot locate it, Recall can analyze its indexed snapshots to retrieve the desired image based on the user's description. Alternatively, users have the option to manually browse through the snapshot gallery to find the required content. The concept of continuous background screenshot capture elicited significant privacy apprehensions, prompting Microsoft to implement a series of security enhancements to mitigate these issues before making Recall available for testing.

In response to widespread privacy concerns, Microsoft released an update in June outlining initial security improvements for Recall. The latest update, detailed in the blog post "Update on Recall security and privacy architecture," introduces additional safeguards to ensure user data protection. Recall is designed to operate exclusively on Copilot+ PCs that meet stringent security requirements, including BitLocker, Device Encryption, TPM 2.0, virtualization-based protection of code integrity, Measured Boot, System Guard Service Launch, and Kernel DMA Protection. The feature is opt-in by default, presented to users during the initial Windows setup with clear options to enable or disable it. Users who choose not to enable Recall will have it disabled by default, and the option to uninstall Recall entirely is available at any time through the Optional Features menu. This approach aims to prevent the persistence issues experienced with previous services like Cortana, ensuring that Recall remains inactive unless explicitly enabled by the user.

• 
• 
• 

Further enhancing security, Recall integrates with Windows Hello for authentication, ensuring that all snapshots and related data are encrypted and stored within a vector database protected by TPM and accessible only through a Virtualization-based Security (VBS) Enclave. This architecture prevents unauthorized access, even in multi-user environments, by tying encryption keys to individual Windows Hello identities. Additionally, Recall includes robust measures such as authentication rate limiting and anti-hammering to protect against unauthorized access attempts. The feature also respects user privacy by excluding in-private browsing sessions from snapshot captures and providing customizable filters to exclude specific websites or applications. Sensitive information, including passwords and credit card details, is automatically protected using Microsoft's Purview privacy tools. Users can manage snapshot retention periods, disk space usage, and data deletion through configurable settings, accessible via a system tray icon that allows for real-time control over snapshot activities. After extensive security revisions spanning six months, Microsoft plans to release the Recall preview to Windows Insiders in October for further evaluation before a broader rollout.