Microsoft's latest AI-powered feature, Windows Recall, promises to revolutionise how users interact with their computers. However, as a managed service provider, we've made the decision not to enable this feature by default for our clients. Here's what Windows Recall is, what it requires, and why we believe it poses risks for business environments.
What is Windows Recall?
Windows Recall is Microsoft's new AI-powered feature that essentially gives your computer a "photographic memory." The system works by taking screenshots of your desktop every few seconds, analysing the content using on-device artificial intelligence, and creating a searchable database of everything you've done on your computer.
Think of it as an advanced version of your browser history, but instead of just tracking websites, it records and analyses every application, document, email, and interface you interact with. Users can then search through this visual history using natural language queries like "find that red handbag I was looking at last week" or "show me the Word document Fred sent me on Teams."
Windows Recall System Requirements and Availability
Windows Recall isn't coming to existing computers—it requires specific hardware to function. To use Recall, you need:
- A Copilot+ PC that meets Microsoft's Secured-core standard
- 40 TOPS Neural Processing Unit (NPU) for AI processing
- 16 GB of RAM minimum
- 8 logical processors
- 256 GB storage capacity with at least 50 GB free for enabling Recall
- Device Encryption or BitLocker enabled
- Windows Hello Enhanced Sign-in Security with biometric authentication
- Windows 11 version 24H2
The feature only works on Microsoft's new Copilot+ branded PCs and requires several gigabytes of AI components to be downloaded during setup.
How Windows Recall Works
When enabled, Recall captures screenshots approximately every five seconds or when screen content changes significantly. These snapshots are processed locally using the computer's NPU to identify text, images, and other content elements. The system creates an encrypted, searchable database stored on the local hard drive.
Users can access Recall through a dedicated app (Windows key + J) or from the Start menu. The interface includes a timeline view showing captured activity and a search function that supports both specific terms and natural language queries. Results are categorised as "close matches" or "related matches" based on search relevance.
Windows Recall Security Concerns
Despite Microsoft's assurances about local processing and encryption, security researchers have raised concerns about Recall:
Data Storage Vulnerabilities
According to cybersecurity researcher Kevin Beaumont, a former Microsoft threat intelligence analyst, Recall stores information in an SQLite database that can be accessed by anyone with administrator-level privileges — which describes most Windows users. Even more concerning, initial reports suggested this data was stored in plain text without proper encryption.
Risk of Data Exposure
The feature captures everything displayed on screen, including:
- Passwords and login credentials
- Financial information and banking details
- Sensitive business documents
- Personal communications
- Confidential client information
While Microsoft has added some filtering capabilities for sensitive information, the system doesn't perform comprehensive content moderation. This means potentially sensitive data could be captured and stored locally, creating a treasure trove for cybercriminals who gain access to the device.
Attack Surface Expansion
Having a comprehensive database of all computer activity stored locally significantly expands the attack surface. If a device is compromised, attackers wouldn't just have access to current data—they'd have a complete record of months of user activity, potentially including credentials, business processes, and sensitive information.
Privacy and Compliance Implications
For businesses operating in regulated industries or handling sensitive data, Windows Recall presents serious compliance challenges:
- Data retention policies: Recall automatically stores data that organisations might be required to delete or not retain
- Privacy regulations: The comprehensive nature of data collection could violate GDPR, HIPAA, or other privacy frameworks
- Audit requirements: Organisations may struggle to demonstrate control over data when an AI system is automatically capturing and analysing all screen content
- Third-party data: Recall could inadvertently capture and store data belonging to clients, partners, or other third parties
Our Approach
As your managed service provider, our primary responsibility is protecting your business data and maintaining security best practices. While Windows Recall may offer productivity benefits for some users, the potential security and compliance risks far outweigh these advantages in a business environment.
For these reasons, we will:
- Disable Recall by default on all managed devices
- Monitor developments and reassess as Microsoft addresses security concerns
Microsoft has acknowledged the criticism and delayed the rollout, stating they will make Recall opt-in rather than enabled by default. However, the fundamental security concerns remain until more robust protections are implemented.
Moving Forward
We'll continue monitoring Windows Recall's development and will reassess our position as Microsoft addresses the security and privacy concerns raised by the cybersecurity community. If you have specific business requirements that you believe Recall might address, we're happy to discuss alternative solutions that provide similar functionality without compromising your security posture.
Our commitment remains unchanged: protecting your business data and maintaining the highest security standards while enabling productivity and growth. Windows Recall, in its current form, doesn't meet these standards for business use.
For questions about this policy or to discuss your specific needs, please don't hesitate to contact us.