Microsoft details much improved Windows Recall security, finally allows removing it

Microsoft has announced a portion of improvements made to the Recall in Windows 11. It now includes advanced encryption and Windows Hello authentication. Its data is now secured in a VBS Enclave, making it inaccessible to third-party apps and users. Additionally, snapshots will automatically exclude sensitive information such as passwords and credit card details. Microsoft makes emphasis on that Recall does not upload any data to the cloud and can be easily uninstalled if you choose not to use it.

Microsoft is about to start Windows Recall public testing in October. Initially it will start with users of Copilot+ PCs with Snapdragon X ARM processors. Later, users of devices with the latest processors from Intel and AMD will be able to join the testing. The Recall requires a neural processing unit (NPU) with a performance of at least 40 TOPS for local processing of AI tasks. Prior to the testing, Microsoft has revealed several improvements made to the feature in terms of security.

VBS Enclave Isolated Environment

Now all data collected by the Recall function will be stored in an isolated encrypted environment called VBS Enclave. In fact, this is a secure virtual machine isolated from the main operating system. Access to data inside the VBS Enclave is possible only with the decryption key that the Recall application provides to the user after successful authentication via Windows Hello.

Image credits: Microsoft

Inside it, all sensitive data is encrypted, and keys are securely protected. The contents of the Recall environment cannot be viewed by anyone or modified by any app or user, including Microsoft itself. Recall also limits the number of attempts to access encrypted data, preventing brute-force attacks.

Windows Hello Authentication

Windows Recall now requires Windows Hello authentication, which must be enabled and configured. This change ensures that only you can unlock Recall, so its data will remain protected if your device is stolen.

Image credits: Microsoft

The encryption keys are stored in the TPM (Trusted Platform Module) and are only accessible after successful biometric authentication. The keys do not leave the secure Enclave, they are securely protected within the Enclave. The data is fetched from the secure storage by small portions that are needed at the moment, while the whole database remains encrypted and locked.

Automatic filtering of sensitive data

In addition, Microsoft has added automatic filters for sensitive information, that include passwords, credit card numbers, or national ID numbers. It is powered by Purview technology that locally analyzes your data. Such information will always be excluded from Recall.

Offline data processing

Microsoft again reminds that screenshots and data captured by Windows Recall are not sent to the cloud. The tool operates entirely on the local device, which is why a computer with a neural processing unit (NPU) is required.

All data collected by Recall is stored locally on the user's device and is not transmitted elsewhere. You can easily filter or delete this data whenever you wish.

 You can remove Recall at any moment

The Windows Recall feature is now optional and can be removed in operating system entirely if you don't want it to be present in any form. Despite earlier made claims, Microsoft finally allows uninstalling it from the optional Windows features dialog.

During the initial setup of a Copilot+ PC device, users will be prompted to enable Windows Recall. If they do not, the feature will remain disabled. At this time, the company does not intend to automatically enable Windows Recall on users' devices or prompt users to enable it again.

Image credits: Microsoft

Recall won't be included in Enterprise editions of Windows

It has also been confirmed that Windows Recall will not be installed by default in Windows 11 Enterprise. It is an optional OS component, so enterprise customers can decide for themselves whether they want to install it or not. It is not included in the OS image by default.


The Windows Recall release, originally scheduled for June 18, 2024, has been delayed due to security issues. Experts who got access to the initial version of Windows Recall quickly discovered that the feature saves data in an unencrypted form. So this has changed.

Here's the original story by Microsoft.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.