**Microsoft Overhauls Controversial Recall Feature for Windows PCs**

Microsoft is taking another stab at its contentious Recall feature for Copilot+ Windows PCs after facing significant backlash from security experts earlier this year. Originally launched with major security flaws, the Recall feature stored user data, including screenshots and OCR text, in plaintext on the disk, exposing it to potential access by other users or remote attackers.

Without prior public Windows Insider testing—an unusual move for Microsoft—the feature was announced in late May and was supposed to roll out by mid-June. However, due to the uproar from security researchers and testers, the company postponed its release on June 13 to rework the feature's architecture for better security.

David Weston, Microsoft’s Vice President of Enterprise and OS Security, recently detailed the steps the company has taken to improve Recall’s security. One of the significant changes includes making Recall an opt-in feature that is turned off by default. Users will now need to re-authenticate with Windows Hello each time they access any Recall data, and all data will be encrypted with additional security measures.

To appease wary users, Microsoft has provided a method to remove Recall entirely from the system via the "optional features" settings in Windows. This was a departure from earlier claims that a similar removal mechanism seen in Windows previews was a bug.

Microsoft is also enhancing local data protection by ensuring that all Recall data, including snapshots and associated information in the vector database, is encrypted at rest with keys stored in the system's TPM. The feature will only function if BitLocker or Device Encryption is fully enabled and will necessitate Virtualization-Based Security (VBS) and Hypervisor-Protected Code Integrity (HVCI).

Moreover, Recall will now operate within a VBS enclave, which isolates and secures data in memory from the rest of the system. Weston explained that these enclaves act as locked boxes, accessible only with user permission through Windows Hello, and prevent unauthorized code execution within this protected environment.

Additional malware protections include new rate-limiting and anti-hammering measures to further secure the feature, lowering the risk of Recall data exposure to malicious software or rogue applications.