Skip to main content

MICROSOFT RECALL

Recall: Microsoft’s AI-Enabled User History Archive and Search

Overview

Microsoft has recently introduced Recall, a new feature in Windows 11. For compatible Windows hardware, Recall captures user activity and creates a searchable history archive. However, there are important considerations related to privacy, security, and data exposure.

Key Points

Data Capture:

  • Recall takes screenshots every 5 seconds, recording user activity and storing them locally on your PC.
  • This data encompasses applications used, websites visited, any content within documents, and potentially more. Essentially, it includes anything displayed on the screen.

Privacy Concerns:

  • While Recall doesn’t store data as files, the captured information is accessible.
  • Local administrators and malicious actors with user-level access can access the recall database.
  • Institutions should be aware of potential exposure of sensitive data, such as PII, HIPAA, FERPA, etc.

eDiscovery and PIR:

  • Recall activity is subject to eDiscovery and public information requests.
  • Larger datasets may need to be collected and preserved due to Recall’s continuous capture.

Policy

It is the recommendation of TAMU System Cybersecurity that Recall be disabled in order to protect user privacy, prevent potential misuse of sensitive data, and ensure compliance with legal requirements. To enable this feature on Texas A&M University devices, an exception must be requested and approved by the Office of the CISO.

Several methods to disable the Recall feature are listed below. We recommend using a method that is not easily bypassed by local users, and that you monitor devices for compliance using your device management platform. If you have any questions or need further assistance, please do not hesitate to contact the endpoint security team, endpoint-security@tamu.edu.

Method 1: Registry Modification

If you have a device running Windows 11 Home, you won’t have access to the Group Policy Editor, but you can also disable Windows Recall through the Registry by modifying the “WindowsAI” key.

To disable Windows Recall through the Registry, use these steps:

  1. Open Start.

  2. Search for regedit and click the top result to open the Registry Editor.

  3. Browse to the following path:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\WindowsAI

  1. Right-click the WindowsAI key, select the New menu, and choose the “DWORD (32-bit) Value” option.

Registry create DisableAIDataAnalysis

  1. Name the key DisableAIDataAnalysis and press Enter.

  2. Double-click the newly created key and change its value from 0 to 1.

Registry disable Recall AI

  1. Click the OK button.

  2. Browse to the following path:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsAI

  1. Right-click the WindowsAI key, select the New menu, and choose the “DWORD (32-bit) Value” option.

Registry Local Machine create DisableAIDataAnalysis

  1. Name the DWORD DisableAIDataAnalysis and press Enter.

  2. Double-click the newly created key and change its value from 0 to 1.

Registry disable Recall AI from Local Machine

  1. Click the OK button.

  2. Restart the computer.

After you complete the steps, the timeline feature will no longer be operational on your Copilot+ PC.

Method 2: Group Policy Object (GPO)

If you have a device running Windows 11 Pro, Enterprise, or Education, you can disable the Recall feature from the Group Policy Editor. This option isn’t available on Windows 11 Home.

To disable Recall through Group Policy, use these steps:

  1. Open Start.

  2. Search for gpedit and click the top result to open the Group Policy Editor.

  3. Browse the following path:

User Configuration > Administrative Templates > Windows Components > Windows AI

  1. Right-click the “Turn off saving snapshots of Windows” policy and choose the Edit option.

Turn off saving snapshots of Windows

  1. Check the Enabled option.

Group Policy disable Recall

  1. Click the Apply button.

  2. Click the OK button.

Once you complete the steps, the Recall feature should no longer run on your computer.

If you also want to ensure that the data is removed from the computer, open Settings > Privacy & security > Recall & snapshots, click on the “Delete all snapshots” setting, click the “Delete all” button, and click the “Delete” button again to confirm.

Recall delete snapshots after disabling feature

Method 3: Manual Settings

  1. Go to: Settings > Privacy & Security

  2. Navigate to: Recall & Snapshots

  3. Turn off the Savings Snapshots option. 

Additional Information

Information technology professionals on campus may contact endpoint-security@tamu.edu to ask any questions or request additional information.