Microsoft has announced that you can opt out of its AI-powered Windows Recall feature when it launches in November. This update comes after concerns were raised earlier this year about how Recall took automatic screenshots of everything you did on your PC, sparking privacy worries. Initially planned for a June launch alongside Copilot+ PCs, Microsoft delayed the release to work on improving security and privacy measures.
Recall is now an opt-in feature
In response to the backlash, Microsoft has made significant changes, ensuring the user is always in control of the Recall feature. The most important update is that Recall is now opt-in, meaning it won't be active unless you specifically turn it on. When setting up your Copilot+ PC, you'll have a clear option to opt-in to the Recall feature. No snapshots will be taken or saved if you choose not to enable it.
If you decide later that you don't want Recall on your device, you can easily disable it in the optional features settings in Windows. Microsoft has made it clear that you have complete control, giving you the flexibility to remove Recall if you don't need or want it.
Enhanced security for your data
Microsoft has also introduced several new security measures to address concerns about the potential misuse of screenshots and other data captured by Recall. All snapshots and related data are encrypted, and the encryption keys are protected by the Trusted Platform Module (TPM), which is tied to your Windows Hello Enhanced Sign-in Security identity. These keys can only be used in a secure environment known as the Virtualisation-based Security Enclave (VBS Enclave), meaning no other users can access or decrypt your information.
The actual services that handle screenshots and perform decryption are housed within this VBS Enclave. The only information that leaves this secure space is the data you've actively requested when using Recall. Encryption ensures that your data remains safe, and only you can control what is stored and retrieved.
Recall also uses Windows Hello Enhanced Sign-in Security for all operations, such as changing settings or authorising access to the user interface. Additional protective measures like rate-limiting and anti-hammering ensure your system stays safe from malware. In case a sensor is damaged, you can use a PIN as a fallback method after Recall has been set up.
Customising your Recall experience
Microsoft allows you to customise how Recall works to give you even more control. Certain features are designed to ensure only the information you want is saved. For instance, Recall never saves InPrivate browsing in supported browsers. You can filter out specific apps or websites from being tracked or decide how long Recall should store data and how much disk space it uses for saved snapshots.
By default, Recall is set to filter out sensitive information like passwords, credit card numbers, and national ID numbers. It uses the same technology that powers Microsoft's enterprise-grade Purview information protection product. If you ever save something you didn't intend to, you can quickly delete content from a specific time range or an app, or even remove everything saved by Recall.
Additionally, an icon will appear in your system tray to alert you when snapshots are being saved, allowing you to pause the feature quickly whenever necessary. Microsoft emphasises that with these controls, you can save as much or as little as you like, ensuring you fully control your data.
The recall will only work on Copilot+ PCs that meet the Secured-core standard, meaning they must install features like BitLocker, virtualisation-based security, Measured Boot, System Guard Secure Launch, and Kernel DMA protection. While Microsoft promises a high level of control, some diagnostic data may still be sent depending on your privacy settings.