Skip to main content

My Honest Thoughts on Windows Recall

Unless you've been living under a rock, you probably have heard about Windows Recall which is available for Copilot+ capable PC's. I came across this feature a couple of months ago and I wanted to give my honest opinions on the whole situation. So strap in, because this one is going to be interesting.


Forewarning

This post is just my opinions, and my opinions about this feature alone. They do not reflect my opinions about the Microsoft 365 platform or the other products that are offered. Remember those old blurbs on TV that said "The thoughts and opinions presented in this program do not reflect those of this station"? Apply that same thought process and allow your mind to be open.

What is Windows 11 Recall?

To put it in layman's terms—it is a feature designed specifically for Copilot+ capable PCs, enabling users to retrace their steps with the help of Microsoft Copilot. By securely capturing snapshots of their activity, this tool allows users to revisit past actions, making it easier to find previously viewed content, recall important details, and enhance productivity without the hassle of manually searching through files or browser history. This can be useful for helping people retrace their steps and be more productive with the help of Copilot. 

To date, this feature has received both praise and vitrail from a broad spectrum of users, with some complimenting it's abilities and others raising the red flags of privacy. No matter where you sit on the fencepost, this new feature is both beneficial and controversial. In this post, I'll be diving into my own opinions on Windows 11 Recall and give some insights.


Court is in Session

I don't want this to be just a rambling of spewing reasons for or against Windows 11 Recall, instead, I want to actually complete an analysis of Windows 11 Recall and present a case for both sides of the house: For and Against. My hope with this is that it will allow you as an administrator or IT professional, even a normal Joe to make an informed decision on whether or not Windows 11 Recall is right for your organization or personal use. At the end, I will give you my verdict and I invite you to share yours. Now let's get down to business.


For Windows Recall - Your Activity at a Glance

Ever forget what you were doing? Did you want to remember, but had no way of doing so? Does your workday consist of so many different things coming for you at once that you lose track? Windows 11 Recall is for you. Gone are the days of having to remember certain things or tasks, as Windows Recall can capture what you are doing and allow you to access it later. This is further enhanced by allowing you to search through various snapshots and applications to find what you're looking for. If you're anything like me, this can be very beneficial as you can use Recall to pick up where you left off.

Another relevant example I can think of that would be a great use case for Windows Recall is for those whom have cognitive impairments such as Alzheimer's Disease or other cognitive disabilities that result in memory loss. Windows Recall can be a great resource to help these individuals retrace their steps, which can be a liberating feeling. Not to mention, it also has the power of Copilot built-in which is a plus. 


Against Windows Recall - Your Activity at a Glance (the other side of the coin)

Some will argue that with access also comes the risk for privacy breaches. I can certainly understand the concern of what is going on behind the curtain, and why some administrators are freaking out. Not only does this application have the ability to capture what a user is doing, but it also has the potential to capture sensitive information. This paired with a lack of understanding of data residency, and you have a recipe for concern. It is worth mentioning however, that any captures are stored locally and no captures are sent to any cloud resource. All Windows Recall data is local to the device and stored behind strong encryption and Windows Hello, even administrators can't access captures made in Recall. Microsoft took the concerns about privacy seriously and implemented quite a few controls.

While these controls are great, I will admit there was quite some ambiguity in terms of the following that can be found on Microsoft Learn
When using Recall, the Sensitive information filtering setting is enabled by default to help ensure your data's confidentiality. This feature operates directly on your device, utilizing the NPU and the Microsoft Classification Engine (MCE) - the same technology leveraged by Microsoft Purview for detecting and labeling sensitive information. When this setting is enabled, snapshots won't be saved when potentially sensitive information is detected. Most importantly, the sensitive information remains on the device at all times, regardless of whether the Sensitive information filtering setting is enabled or disabled. 

My question is: how does this classification get trained? Where is it pulling it's sources? How can it differentiate what is sensitive versus what is not when what is considered "sensitive" is changing on a regular basis? Somehow, it will need to get it's information from somewhere right? How does it handle that information? Is my information put into the mix somehow invertedly? Is it storing these definitions of what is considered "sensitive" locally, or is it being retrieved as the situation permits? 

Another aspect that concerned me is this line here:

Like any Windows feature, some diagnostic data may be provided based on the user's privacy settings. For more information about diagnostic data, see Configure Windows diagnostic data in your organization. Occasionally, Recall will get artifacts from the internet from the snapshot URL top-level domain. For example, it will get favicons (website icons) or other website metadata. Recall uses these items to give users a better experience when browsing the Recall timeline or search results.

Microsoft must define what diagnostic data they are collecting and what is subject to collection and interpretation. This to me seems like an ambiguous wrap-around way of saying "we're still collecting data", which contradicts the locality of the feature. Microsoft should elaborate on this to prevent ambiguity and promote transparency.

For Windows Recall - Controls are Available

While there may be concerns, there are also controls. Windows Recall is designed to help users retrace their steps by storing snapshots of their activity locally on their Copilot+ PC. While some people have concerns about privacy and security, Microsoft has implemented controls to give users greater oversight of their data. Users can manage their Recall settings, choose what data is retained, and delete stored snapshots if needed. Recall is also an optional feature that can be disabled by administrators if desired, allowing for the organization to control who can utilize it. 

Even if a device is managed by an IT administrator, Recall snapshots are stored locally and encrypted on the user's own PC. There is no centralized access for organizations or admins to view or retrieve this information. When setting up a Copilot+ PC, users must manually choose to turn it on. This ensures that the feature only collects data if the user explicitly wants it. This design ensures that Recall remains a user-controlled feature, preventing unwanted oversight from administrators or external entities.

Another aspect to consider is that this has been done before. If you look at Timeline which was available in Windows 10, you have essentially a stripped-down version of this which anyone can access. So if you think that this is a one-off, you're wrong. Computer forensic teams will actually look at Timelines of Windows 10 users to monitor and detect violations or gather evidence for a case, as oftentimes users do not even know this exists. So if you're on the fence about Recall, just bear in mind it has been done before with even less controls in place.

Against Windows Recall - People will think what they think

Unfortunately, Microsoft seems to be fighting an uphill battle with Windows Recall. People are concerned and are afraid of what this will mean for them and their privacy, and they are valid for feeling so. Despite all the controls Microsoft has implemented and the reassurance, people are still wondering how much of this is actually private? Given that just last week OpenAI was legally ordered to provide outputs from chats to the New York Times, trust in AI and those who maintain it is starting to be questioned. Users want privacy and want to know that their conversations and information is protected. Generative AI as a whole is a very new concept to a lot of people, let alone the fact that now you're incorporating "screen capturing" tools within it. 

Pushback will be inevitable no matter what product you release. It is the common "damned if you do, damned if you don't" scenario that us IT folk know all too well. Combine this with a lack of education or governance in current organizations, and you create more animosity towards Generative AI, and it's new counterpart, Recall.


The Verdict - Damned if you do, damned if you don't

No matter what side of the fence you are on, there will be qualms and benefits on either side. While some people argue privacy, the other side will argue innovation and controls. We are in a unique time in history where we are embracing tools that emulate our intelligence, emotions, and behaviours. Rewind back to 10 or 15 years ago, this is what you would hear of on the History channel or see in some dystopian movie. Well, we're living it now folks. You have two options: embrace it, or don't. For better or worse, Generative AI is staying and we will have to adapt, just like we did when the first commercial computer was released. 

The best advice I can give is to learn about it, and make your own informed decisions. Trust in your own research, not unfounded conclusions of others. AI has made it easy for us to get things done faster, but with AI also has come it's fair share of misinformation. Take everything with a grain of salt and equip yourself with knowledge. Windows Recall is a powerful tool if done right, and when used correctly can make a major difference. However, with this tool comes responsibility and we as the end users deserve to know what responsibilities Microsoft and administrators will take to govern these tools and reassure the public of their privacy. Especially in the wake of legal battles, misuse of GAI, and the rise of agentic AI. 

Labels:

test

PIM-IT Ver 0.0.2: More features and Activation Packages

Hello everyone! Hope you're having a great long weekend so far, while I type this I am in my bed with my dog and pushing the latest updates to my GitHub. It's been a minute since I last posted but I wanted to take the opportunity to give you all an update on the PIM-IT project, the PowerShell tool for streamlining Privileged Identity Management. Consider this if you will a changelog of sorts, in which I will talk about the latest features, some takeaways, and what is next in the project. Let's get started! PIM-IT Ver 0.0.2 Latest Features The first major update is the ability to deactivate and update roles. This is a major step towards giving users full control of managing PIM roles from initial activation to deactivation. Updating PIM Roles To update a PIM role, the user selects option "U" from the menu, which will then display currently active roles: From here, the user will select the PIM role they wish to update, which will allow them to adjust the duration to...
Read more

Introduction to the PIM-IT Project: Version 0.0.1

Hey everyone! It’s been a while since my last update, but I’m back this Easter weekend to share some exciting work happening behind the scenes. One of my latest projects is PIM-IT , an open-source tool designed to simplify Privileged Identity Management (PIM) in Microsoft Entra . What is PIM? Privileged Identity Management (PIM) helps manage access to roles within Microsoft Entra, ensuring just-in-time access to privileged roles like User Administrator . PIM enhances security by granting access only when needed, for a limited time, under admin-defined conditions. It also helps prevent unauthorized privilege escalation and provides a valuable audit trail. When used correctly, PIM is a powerful tool for managing roles and permissions efficiently. Why PIM-IT? While PIM strengthens security, the process of assigning roles can be tedious—logging into the Azure portal, finding eligible roles, assigning hours, providing justification, and waiting for activation. Now, imagine doing this dai...
Read more

Making a SharePoint Knowledge Base Part One: Getting Our Ducks in a Row

Howdy everyone, it's great to be back again for another post! As a matter of fact, this is our very first post on this blog. Amazing! For this post, I am going to help you create an intuitive Knowledge Base in SharePoint that your department or company can use as a whole. We'll also use Power Automate to notify us when our team adds to our Knowledge Base. So with this in mind, let's get started! Why a Knowledge Base? This idea comes from a recent SharePoint migration I did in my own workplace. I wanted to create a centralized resource for our team to find knowledge articles, troubleshooting steps, and guides. This helps us share knowledge across our team as well as with our end-users. For those of you who do not know what a Knowledge Base is, it is as simple as this: A centralized resource to share knowledge and provide self-help to users.  Now that you're privy to what it is, we can begin to build ourselves a Knowledge Base! We'll start with our foundational assets...
Read more