Users can also uninstall Microsoft’s more secure Windows Recall feature

In response to security concerns, Microsoft is detailing how it has modified its controversial AI-powered Restore feature that creates screenshots of most everything you see or do on your computer. Recall was originally scheduled to debut on Copilot Plus computers in June, but Microsoft has spent the last few months reworking the security measures behind it so that you can now completely remove it from Windows if you want.

“I’m really excited about how crazy we’ve gone about security architecture,” says David Weston, vice president of enterprise and operating system security at Microsoft, in an interview Edge. “I’m excited because I think the security community will appreciate how much we’ve put into (the Recall program).”

One of Microsoft’s first big changes is that the company isn’t forcing people to use Recall if they don’t want to. “There is no longer a default option at all – you have to opt for it,” says Weston. “It’s obviously very important for people who just don’t want it, and we totally understand that.”

The Recall uninstall option initially appeared on Copilot Plus computers earlier this month, and Microsoft stated at the time that it was a bug. It turns out that you will actually be able to fully uninstall Recall. “If you choose to uninstall it, we will remove the pieces from your machine,” Weston says. This includes the artificial intelligence models that Microsoft uses to support Recall.

Security researchers initially discovered that the Recall database – which stores snapshots taken every few seconds on the computer – was not encrypted and that malware could potentially gain access to the Recall functionality. Everything sensitive to Recall, including the screenshot database, is now fully encrypted. Microsoft also uses Windows Hello to protect against malware manipulation.

Recall’s encryption is now tied to the Trusted Platform Module (TPM) that Microsoft requires for Windows 11, so the keys are stored in the TPM and the only way to gain access is to authenticate with Windows Hello. Recall data is only passed to the UI at all when the user wants to use the feature and authenticates using face, fingerprint, or PIN.

“You have to be present as a user to enable it,” Weston says. This means you need to use your fingerprint or face to set up Recall before you can use PIN support. This is all intended to prevent malware from accessing Recall data in the background, as Microsoft requires proof of presence via Windows Hello.

“We moved all of the screenshot processing and all of the sensitive processes into a virtualization-based security enclave, so we basically put it all in a virtual machine,” Weston explains. This means that there is a UI application layer that does not have access to the raw screenshots or Recall database, but when a Windows user wants to use Recall and search, it will generate a Windows Hello prompt, query the VM, and return the data to application memory. When the user closes the Recall application, the contents of the memory will be destroyed.

“The application outside the virtualization-based enclave runs in a malware-protected process that would essentially require a malicious kernel driver to access,” Weston says. In today’s blog post, Microsoft details its Recall security model and exactly how its VBS enclave works. Everything looks much more secure than what Microsoft planned to deliver, and it even includes hints on how the company can secure Windows apps in the future.

So how did Microsoft almost release Recall in June without ensuring a high level of security? I’m still not very clear on this, and Microsoft isn’t revealing much. Weston confirms that Recall was validated under the Secure Future Initiative launched last year, but as a trial product it apparently had some other limitations. “The plan was always to follow Microsoft fundamentals, such as encryption. However, we also heard from people who said “we’re really concerned about this,” so the company decided to accelerate some of the additional security work it had planned for Recall so that security concerns wouldn’t impact whether someone wanted to use from this function.

“It’s not just about Recall. In my opinion, we now have one of the strongest platforms for processing sensitive data at the edge, and you can imagine that we can do many other things with it,” says Weston. “I think it made sense to continue some of the investments we were going to make and then make Recall the leading platform for that.”

Let’s remind you, it will also happen now Just run on a Copilot Plus computer, preventing people from sideloading it to Windows computers, as we saw before its planned debut in June. Recall will verify that your Copilot Plus PC has BitLocker, virtualization-based security enabled, measures boot and secure boot security, and kernel DMA protection.

Microsoft has also conducted a number of reviews of improved rollback security. The Microsoft Offensive Research Security Engineering (MORSE) team “conducted months of design reviews and penetration testing as part of Recall,” and a third-party security vendor “was engaged to conduct independent security design review” and testing.

Now that Microsoft has had more time to work on Recall, a few additional settings changes have been made to give you even more control over how the AI-powered tool works. You will now be able to filter out specific apps from Recall, as well as block your custom list of websites from appearing in the database. Sensitive content filtering, which allows Recall to filter out things like passwords and credit cards, will also block health and finance sites from being stored. Microsoft is also adding the ability to delete a time range, all app or website content, or anything stored in the Recall database.

Microsoft says it’s on track to make a version of Recall available to Windows testers on Copilot Plus computers in October, which means Recall won’t be available on new laptops and desktops until it’s been tested more thoroughly by the Windows community.