Microsoft backtracks on Windows Recall feature amid industry outcry
Windows Recall has been met with hefty criticism since first being announced, forcing Microsoft to act


Microsoft has announced changes to its controversial ‘Recall’ feature following a flood of criticism over potential security and data privacy risks.
In a post to the firm’s blog, Pavan Davuluri, VP for Windows and devices, shared an update after initially causing upset with the tool’s ability to screenshot potentially sensitive information.
“Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” Davuluri said.
To do this, Microsoft has said that it will give users a clearer opt-in choice which, unless proactively chosen, will render the tool turned off by default. Microsoft originally stated that the feature would be off by default.
Windows Hello enrollment will now be required to enable the feature, while proof of presence will be required to access the timelines and search features within Recall.
On top of that, Microsoft will be adding additional layers of data protection to the tool, such as “just in time” decryption which is protected by Windows Hello Enhanced Sign-in Security (ESS).
This means that images captured by Recall will only be decrypted and accessible when the user authenticates, while the search index database which helps power Recall will also be encrypted.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
“In line with Microsoft’s SFI principles, before the preview release of Recall to customers, we are taking steps to increase data protection,” Davuluri said.
Davuluri also stressed that the devices built with Recall, its new Copilot+ PCs, will be “secure by default” and fitted with firmware safeguards, chip-to-cloud security, and ESS.
Microsoft’s hand forced over Windows Recall
Windows Recall was first unveiled by Microsoft at its annual 'Build' conference in May, with the tech giant announcing the move alongside the launch of its new Copilot+ PC range.
Initially dubbed a “security nightmare” by Kevin Beaumont, director of emerging threats at the Arcadia Group, Microsoft has come under serious flack over Recall, with many in the cyber security community angry at the obvious risks.
While Beaumont stated that the feature will “undoubtedly lead to increased fraud,” the UK’s Information Commissioner's Office (ICO) announced that it was probing the matter further via inquiries with Microsoft.
RELATED WHITEPAPER
“Attackers continue to prove that initial access to a system is often the lesser challenge within the attack chain when compared to persistence, the elevation of privileges, and lateral movement,” Douglas McKee, Executive Director at SonicWall, told ITPro.
“Yet with Microsoft Recall, initial access is all that is needed to potentially steal sensitive information such as passwords or company trade secrets,” he added.

George Fitzmaurice is a former Staff Writer at ITPro and ChannelPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
AWS CEO Matt Garman just said what everyone is thinking about AI replacing software developers
News Junior developers aren’t going anywhere, according to AWS CEO Matt Garman
-
Microsoft quietly launched an AI agent that can detect and reverse engineer malware
News Researchers say the tool is already achieving the “gold standard” in malware classification
-
Microsoft patched a critical vulnerability in its NLWeb AI search tool – but there's no CVE (yet)
News Researchers found an unauthenticated path traversal bug in the tool debuted at Microsoft Build in May
-
NCSC says ‘limited number’ of UK firms affected by SharePoint attack as global impact spreads
News The SharePoint flaw has already had a wide impact according to reports from government security agencies
-
Confused at all the threat group names? You’re not alone. CrowdStrike and Microsoft want to change that
News CrowdStrike and Microsoft hope to "bring clarity and coordination" to the cyber industry by unifying threat group naming conventions.
-
A flaw in OneDrive’s File Picker feature could give access to hundreds of apps
News The OneDrive File Picker flaw could affect hundreds of apps, researchers warn
-
Microsoft ramps up zero trust capabilities amid agentic AI push
News The move from Microsoft looks to bolster agent security and prevent misuse
-
So long, Defender VPN: Microsoft is scrapping the free-to-use privacy tool over low uptake
News Defender VPN, Microsoft's free virtual private network, is set for the scrapheap, so you might want to think about alternative services.
-
Hackers are on a huge Microsoft 365 password spraying spree – here’s what you need to know
News A botnet made up of 130,000 compromised devices has been conducting a huge password spraying campaign targeting Microsoft 365 accounts.