Microsoft has introduced a new security system for its Recall feature, which improves search on AI-powered PCs. This update will be available for members of the Windows Insider Program in October.
In a video about the changes, Yusuf Mehdi, Microsoft’s executive vice president, explained that users will now need to opt in to activate and use Recall. If users don’t turn it on, no snapshots will be taken or saved, and there will be an option in Windows settings to remove Recall completely.
“We’ve made important steps to secure your snapshots and give you full control,” Mehdi stated.
Recall will only function on Copilot PCs that have BitLocker (for Windows 11 Pro) and Device Encryption (for Windows 11 Home) enabled through a Trusted Platform Module (TPM). Microsoft has said that devices running the latest Windows 11 need TPM 2.0 security chips.
Additionally, the devices must have virtualization-based security (VBS), Hypervisor-Protected Code Integrity (HVCI), Measured Boot, System Guard Secure Launch, and Kernel Direct Memory Access (DMA) Protection.
Before launching Recall, Microsoft conducted thorough security assessments, including design reviews and penetration tests by its security team and an independent third-party vendor.
Users will also need to use Windows Hello for biometric authentication every time they access Recall to enhance security. Recall will be able to detect sensitive information, like passwords and credit card numbers, to avoid capturing them.
The feature uses the same library as Microsoft Purview for information protection. Users will have options to manage their privacy and security settings for saving and deleting snapshots. They can delete individual snapshots, bulk delete, or remove snapshots from specific time periods or applications, even after they’ve been taken.
Microsoft will notify users with an icon in the system tray when snapshots are being saved and will allow them to pause the snapshot process. Recall does not save snapshots when users are in private browsing mode on supported browsers.
Users can choose how long Recall keeps content and how much disk space it uses. Microsoft assures that snapshots are stored locally on devices and are not accessible by Microsoft, third parties, or other users on the same device.
Recall allows users to find previously searched items by entering keywords, even if they’re only partially related. The snapshots and related data are encrypted with keys that are secured by TPM.
These encryption keys are connected to the user’s Windows Hello security identity and are used only in a secure environment known as the VBS Enclave. This environment protects memory areas where information is processed, and no other user can access these keys.
The enclaves use strict security principles, and access to them is granted through Windows Hello permissions. They act as a barrier from other users, and authorization times out, requiring permission for future access to avoid potential security issues.
The Recall feature processes screenshots and data within this secure VBS Enclave. Users must request information actively for it to exit the enclave.
The enclaves also include protections against overload from too many requests, and Recall uses rate-limiting to guard against malware. Users can use personal identification numbers (PINs) as a backup if there are issues with secure sensors.
Recall was first introduced in May alongside the launch of the Copilot+ PC line. Concerns from cybersecurity experts about the devices constantly taking and storing screenshots led Microsoft to delay Recall from a preview in June to a Windows Insider Program experience in October.
Initially, Microsoft stated that Recall would not filter out sensitive information unless users took specific actions or used private browsing on supported browsers. It was also mentioned that Recall would be turned on by default for Copilot+ PCs.
These updates to Recall come shortly after Microsoft unveiled new product features aimed at enhancing the security of AI systems, including real-time fixes for content safety issues in Azure AI and a preview of confidential inferencing capabilities in the Azure OpenAI Service Whisper model.