Microsoft Recall: Tool or Trouble?

/in

Windows RecallWindows 11 now includes Recall, a productivity feature that lets you search and find information you have previously seen on your screen. Like most productivity tools, increased capabilities and benefits come with new risks to consider.

What is Windows Recall?

Windows Recall takes a snapshot of your screen every few seconds and when your screen content changes. Contextual information derived from the screenshots is saved as well. You can use an explorable timeline or semantic-powered search to find the content you remember having seen.

Pre-Requisites

In order to use Recall, you PC must meet stringent technical requirements, including:

  • A certified Copilot+ PC that meets the Secured-Core Standard and includes a 40 TOPs Neural Processing Unit (NPU).
  • At least 8 logical processors, 16GB RAM, and 256 GB of local storage

In addition, you must 

  • Enable Device Encryption or BitLocker to encrypt local storage
  • Enroll in Windows Hello Advanced Sign-in Security with at least one biometric sign-in option for physical device security

Is Recall Secure?

Recall relies on several security measures.

  • The data is stored locally on your computer and is NOT shared with Microsoft or any other parties.
  • You must be able to log in securely to your local machine
  • Your local storage must be encrypted
  • You can ask Recall to filter out automatically filter out information that may be sensitive
  • You can manually block specific websites from being captured in snapshots
What are the Risks?

Recall can capture account information, passwords, and other sensitive information. 

A cyber attacker with access to your device and identity can access and exfiltrate the information.

What Should You Do?

Our recommended best practice is to disable Recall by policy.

If, however, you want your team to be able to use Windows Recall, set the following policies:

  • Limit your exposure by limiting:
    • The amount of time that snapshots can be saved on the local disk
    • The amount of local storage available for snapshots
  • Create a list of websites and apps that will be filtered from snapshots
    • Include any and all internal systems with sensitive, protected, or confidential information

In addition, you should have security protections in place to minimize the risk of user account breaches and compromises. In line with our Security CPR model and managed security services, we recommend these protections include:

  • Enhanced email threat protection against email-based cyber attacks
  • Nex-Gen endpoint protection
  • Multi-Factor Authentication enforces for all systems and applications with sensitive data (preferably all systems and apps)
  • Data Loss Prevention (DLP) for managing access and permissions to applications and data, including information within Microsoft 365 and Google Workspace

How Can Cumulus Global Help?

At Cumulus Global, our priority is ensuring that you have productive, secure, and affordable managed cloud services. We work to ensure that you do not overspend on services and to focus your IT dollars on the capabilities and services you need.

Check out our IT Assessments and schedule a meeting with a Cloud Advisor. We will help you adapt while keeping your IT services secure and cost-effective.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America.