Listening to and acting on customer feedback
Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.- First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.
- Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
- Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.
Secure by design and secure by default
In line with Microsoft’s SFI principles, before the preview release of Recall to customers, we are taking steps to increase data protection. Copilot+ PCs will launch with “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall. We also know the best way to secure information on a PC is to secure the whole PC itself. We want to reinforce what has previously been shared from David Weston, vice president of Enterprise and OS Security, about how Copilot+ PCs have been designed to be secure by default and share additional details about our security approach. Some notable examples of security enhancements include:- All Copilot+ PCs will be Secured-core PCs, bringing advanced security to both commercial and consumer devices. In addition to the layers of protection in Windows 11, Secured-core PCs provide advanced firmware safeguards and dynamic root-of-trust measurement to help protect from chip to cloud.
- Microsoft Pluton security processor will be enabled by default on all Copilot+ PCs. Pluton is a chip-to-cloud security technology – designed by Microsoft and built by silicon partners – with Zero Trust principles at the core. This helps protect credentials, identities, personal data and encryption keys, making them significantly harder to remove from the device, even if a user is tricked into installing malware or an attacker has physical possession of the PC.
- All Copilot+ PCs will ship with Windows Hello Enhanced Sign-in Security (ESS). This provides more secure biometric sign ins and eliminates the need for a password.
Protecting your privacy on Copilot+ PCs
In our early internal testing, we have seen different people use Recall in the way that works best for them. Some love the way it makes remembering what they've seen across the web so much easier to find than reviewing their browser history. Others like the way it allows them to better review an online course or find a PowerPoint. And people are taking advantage of the controls to exclude apps they don't want captured in snapshots, from communication apps or Teams calls, or to delete some or all their snapshots. This is why we built Recall with fine-grained controls to allow each person to customize the experience to their comfort level, ensuring your information is protected and that you are in control of when, what and how it is captured.- Snapshots are stored locally. Copilot+ PCs have powerful AI that works on your device itself. No internet or cloud connections are used to store and process snapshots. Recall’s AI processing happens exclusively on your device, and your snapshots are kept safely on your local device only. Your snapshots are yours and they are not used to train the AI on Copilot+ PCs.
- Snapshots are not shared. Recall does not send your snapshots to Microsoft. Snapshots are not shared with any other companies or applications. Recall doesn’t share snapshots with other users who are signed into the same device, and per-user encryption ensures even administrators cannot view other users’ snapshots.
- You will know when Recall is saving snapshots. You'll see Recall pinned to the taskbar when you reach your desktop. You'll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots.
- Digital rights managed or InPrivate browsing snapshots are not saved. Recall does not save snapshots of digital rights managed content or InPrivate browsing in supported web browsers.
- You can pause, filter and delete what’s saved at any time. You're always in control of what's saved as a snapshot. You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time.
- Enterprise and customer choice. For customers using managed work devices, your IT administrator is provided the control to disable the ability to save snapshots. However, your IT administrator cannot enable saving snapshots on your behalf. The choice to enable saving snapshots is solely yours.
Empowering people with experiences they can trust
We are on a journey to build products and experiences that live up to our company mission to empower people and organizations to achieve more, and are driven by the critical importance of maintaining our customers’ privacy, security and trust. As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them. We are excited for the upcoming launch of Copilot+ PCs on June 18 and for the innovative new features and benefits this entirely new category of PCs will bring. We will continue to build these new capabilities and experiences for our customers by prioritizing privacy, safety and security first. We remain grateful for the vibrant community of customers who continue to share their feedback with us.via https://www.aiupnow.com
Pavan Davuluri, Khareem Sudlow