microsoft copilot+ laptops security flaw

Microsoft Updates Recall Security on Copilot+ Laptops

Today, we are sharing an update on the Recall (preview) feature for Copilot+ PCs, including more information on the set-up experience, privacy controls and additional details on our approach to security.

On May 20, we introduced Copilot+ PCs, our fastest, most intelligent Windows PCs ever. Copilot+ PCs have been reimagined from the inside out to deliver better performance and all new AI experiences to help you be more productive, creative and communicate more effectively. One of the new experiences exclusive to Copilot+ PCs is Recall, a new way to instantly find something you’ve previously seen on your PC.

To create an explorable visual timeline, Recall periodically takes a snapshot of what appears on your screen. These images are encrypted, stored and analysed locally, using on-device AI capabilities to understand their context. When logged into your Copilot+ PC, you can easily retrace your steps visually using Recall to find things from apps, websites, images and documents that you’ve seen, operating like your own virtual and completely private “photographic memory.” You are always in control of what’s saved. You can disable saving snapshots, pause temporarily, filter applications and delete your snapshots at any time.

As AI becomes more prevalent, we are rearchitecting Windows to give customers and developers more choice to leverage both the cloud and the power of local processing on the device made possible by the neural processing unit (NPU). This distributed computing model offers choice for both privacy and security. All of this work will continue to be guided by our Secure Future Initiative (SFI).

Our team is driven by a relentless desire to empower people through the transformative potential of AI and we see great utility in Recall and the problem it can solve. We also know for people to get the full value out of experiences like Recall, they have to trust it. That’s why we are launching Recall in preview on Copilot+ PCs – to give customers a choice to engage with the feature early, or not, and to give us an opportunity to learn from the types of real world scenarios customers and the Windows community finds most useful.

Listening to and acting on customer feedback

Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.

  • First, we are updating the set-up experience of Copilot+ PCs to give people a clearer choice to opt-in to saving snapshots using Recall. If you don’t proactively choose to turn it on, it will be off by default.
copilot+ recall
  • Second, Windows Hello enrollment is required to enable Recall. In addition, proof of presence is also required to view your timeline and search in Recall.
microsoft security copilot+ laptops
  • Third, we are adding additional layers of data protection including “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.

Secure by design and secure by default

In line with Microsoft’s SFI principles, before the preview release of Recall to customers, we are taking steps to increase data protection. Copilot+ PCs will launch with “just in time” decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall.

We also know the best way to secure information on a PC is to secure the whole PC itself. We want to reinforce what has previously been shared from David Weston, vice president of Enterprise and OS Security, about how Copilot+ PCs have been designed to be secure by default and share additional details about our security approach. Some notable examples of security enhancements include:

  • All Copilot+ PCs will be Secured-core PCs, bringing advanced security to both commercial and consumer devices. In addition to the layers of protection in Windows 11, Secured-core PCs provide advanced firmware safeguards and dynamic root-of-trust measurement to help protect from chip to cloud.

  • Microsoft Pluton security processor will be enabled by default on all Copilot+ PCs. Pluton is a chip-to-cloud security technology – designed by Microsoft and built by silicon partners – with Zero Trust principles at the core. This helps protect credentials, identities, personal data and encryption keys, making them significantly harder to remove from the device, even if a user is tricked into installing malware or an attacker has physical possession of the PC.

  • All Copilot+ PCs will ship with Windows Hello Enhanced Sign-in Security (ESS). This provides more secure biometric sign ins and eliminates the need for a password.

Protecting your privacy on Copilot+ PCs

In our early internal testing, we have seen different people use Recall in the way that works best for them. Some love the way it makes remembering what they’ve seen across the web so much easier to find than reviewing their browser history. Others like the way it allows them to better review an online course or find a PowerPoint.

And people are taking advantage of the controls to exclude apps they don’t want captured in snapshots, from communication apps or Teams calls, or to delete some or all their snapshots. This is why we built Recall with fine-grained controls to allow each person to customise the experience to their comfort level, ensuring your information is protected and that you are in control of when, what and how it is captured.

  • Snapshots are stored locally. Copilot+ PCs have powerful AI that works on your device itself. No internet or cloud connections are used to store and process snapshots. Recall’s AI processing happens exclusively on your device, and your snapshots are kept safely on your local device only. Your snapshots are yours and they are not used to train the AI on Copilot+ PCs.

  • Snapshots are not shared. Recall does not send your snapshots to Microsoft. Snapshots are not shared with any other companies or applications. Recall doesn’t share snapshots with other users who are signed into the same device, and per-user encryption ensures even administrators cannot view other users’ snapshots.

  • You will know when Recall is saving snapshots. You’ll see Recall pinned to the taskbar when you reach your desktop. You’ll have a Recall snapshot icon on the system tray letting you know when Windows is saving snapshots.

  • Digital rights managed or InPrivate browsing snapshots are not saved. Recall does not save snapshots of digital rights managed content or InPrivate browsing in supported web browsers.

  • You can pause, filter and delete what’s saved at any time. You’re always in control of what’s saved as a snapshot. You can disable saving snapshots, pause them temporarily, filter applications and websites from being in snapshots, and delete your snapshots at any time.

  • Enterprise and customer choice. For customers using managed work devices, your IT administrator is provided the control to disable the ability to save snapshots. However, your IT administrator cannot enable saving snapshots on your behalf. The choice to enable saving snapshots is solely yours.

Empowering people with experiences they can trust

We are on a journey to build products and experiences that live up to our company mission to empower people and organisations to achieve more, and are driven by the critical importance of maintaining our customers’ privacy, security and trust. As we always do, we will continue to listen to and learn from our customers, including consumers, developers and enterprises, to evolve our experiences in ways that are meaningful to them.

We are excited for the upcoming launch of Copilot+ PCs on June 18 and for the innovative new features and benefits this entirely new category of PCs will bring. We will continue to build these new capabilities and experiences for our customers by prioritising privacy, safety and security first. We remain grateful for the vibrant community of customers who continue to share their feedback with us.

Pavan Davuluri is Corporate Vice President, Windows + Devices at Microsoft.

Leave a Reply