Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello

Hi, today we are discussing a new topic: Ensuring Data Protection through Windows Recall with Security Architecture (TPM, Windows Hello, etc). Copilot Pc is One of the latest AI-powered devices. Recently, Copilot+ PC introduced many features focusing on AI capabilities’ enhanced productivity and creativity.

As you know, Microsoft introduced these Copilot+ PCs, which have incredible features for Windows users and provide new tools to enhance PCs’ smartness and Security. These PCs are powered by the Turbocharged Neural Processing Unit (TNPU).

At this time, Microsoft Copilot introduced the Recall feature, which I think you are familiar with as Windows Recall. Recall is a new feature coming soon to Copilot+ PCs. It helps you find and remember information in natural languages.

The Windows Recall option provides the best security features, so the user doesn’t need to worry about security measures. Also, Windows Recall is an optional feature. Windows Hello can confirm your identity and securely access the Recall feature. In this post, look at the Windows Hello Recall security features.

Patch My PC

What is Windows Recall for Copilot+ PCs?

Ensuring Data Protection through Windows Recall for Copilot+ PCs

Windows Recall for Copilot+PCs is the latest feature coming soon for the Copilot+PCs. Recall lets you recall information in natural language. The recall feature takes a snapshot from your device and stores it as Encrypted.

Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello

Above, we mentioned an overall view on Ensuring Data Protection through Windows Recall for Copilot+ PCs. Windows Recall is an AI tool in Windows 11 Copilot+ PCs that helps you remember everything you do on your computer.

  • Microsoft has integrated advanced security features that continuously protect the data.
  • One of the best security features is Windows Recall
  • Microsoft implemented the best security architecture regarding data protection to ensure users’ privacy and data protection.
NoSecurity Features of Windows Recall
1Opt-In Experience
2Trusted Platform Module (TPM)
3Windows Hello Authentication
4Recall user interface 
Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello-Table.1
Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello -Fig. 1
Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello -Fig. 1

Opt-In Experience

As you know, the Windows Recall feature is an Opt-In Experience. You can quickly turn this off if the User doesn’t need this option in your Copilot+ PCs. When you turn off this feature, you don’t want it to take snapshots of your screen. This stops the feature from running and collecting any data.

Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello -Fig. 2 Creds to MS
Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello -Fig. 2 Creds to MS

Trusted Platform Module (TPM)

As you all know, the Trusted Platform Module (TPM), Windows recall, uses the most potent encryption method. Together with the TPM method, this makes security stronger and smoother. Snapshots and related data in the database are always kept secure through encryption.

  • The encryption keys are protected by the Trusted Platform Module (TPM).
  • Also, this is linked to your Windows Hello.
  •  The TPM securely generates and manages encryption keys.
  • So, the user doesn’t need to worry about the data because all data and snapshots are encrypted in the recall feature.

Snapshots are all processed in the enclave. All encryption keys are protected by a hypervisor or TPM. Each enclave is protected by a rate limiter and anti-hammer capabilities. Each enclave has its own platform attestation & session key protector.

Proof of human presence is required to set up Recall. Secure biometrics authorize Recall data access. Anti-hammering and tamper-proof settings prevent feature abuse.

Ensuring Data Protection through Windows Recall for Copilot+ PCs-Fig. 2 Creds to MS
Ensuring Data Protection through Windows Recall with New Security Architecture TPM Windows Hello-Fig. 2 Creds to MS

Windows Hello Authentication

The encryption keys were discussed above; users can only access them by authenticating through Windows Hello. Windows Hello mainly manages and controls the encryption keys and recall data. It is known for its extraordinary security features, which allow authorized users to access the data.

  • If you are using Recall, you have to sign in through Windows hello
  • This will not allow anyone to let you access the recall data without giving the proper security codes

Recall user interface 

The most essential Windows recall in Copilot+PC ensures that data is only shared with the user interface (UI). This is the best security enhancement of this recall. This enhancement will reduce the risk of Unauthorized access and protect the Recall data.

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.