You can now keep sensitive data out of Windows Recall

Recall is a Copilot+ PC feature, still in preview. It periodically takes a snapshot of the screen whenever the content changes, stores and analyses those snapshots locally, and lets the user search back through everything they have seen using plain language. Describe how you remember something - a slide with a red barn, a supplier quote from last Tuesday - and Recall finds the moment it was on screen.

The productivity case is genuine. People lose hours retracing where they saw something. Recall turns the last few weeks of your screen into a searchable timeline, processed entirely on the device with no cloud involved.

Recall is, at its core, a local searchable record of everything that crossed the screen - and that includes your sensitive business data.

Microsoft has hardened it a lot since the original 2024 design. On managed devices it is off and removed by default: an admin has to allow it, and the user still has to opt in. Snapshots are encrypted, never leave the device, and require Windows Hello (face or fingerprint) to open. Sensitive information filtering is on by default and uses the same classification engine as Purview to skip snapshots that contain things like passwords and card numbers.

The gap is what that built-in filter does not know. It catches generic personal and financial data, not *your* classified content. A document labelled Confidential, a customer list, an unreleased contract - none of that is on the default filter's radar, so it gets captured like anything else. And on personal Copilot+ PCs that staff bring in, Recall is available by default once the user opts in, with no Conditional Access controls to stop it. Microsoft's own guidance is blunt: it is a general security risk to allow screenshots of content you want to keep from being exfiltrated.

Recall can hand off to a Data Loss Prevention provider, and Purview is currently the only supported one. When your Endpoint DLP policy flags content as sensitive, Recall keeps it out of the snapshot, driven by the sensitivity labels and sensitive information types you already use.

The enforcement is more surgical than it sounds. It works at the window level: Recall drops only the specific window the policy flags as sensitive and keeps the rest of the snapshot. The user still gets a useful timeline; the sensitive window simply is not in it.

What it covers is not just files on disk:

• Teams channel and meeting chats
• Outlook emails
• Files stored locally
• Files stored in the cloud

There are two enforcement options, and only two: Audit only logs that sensitive content would have been captured but still saves the snapshot, and Block keeps it out. There is no block-with-override here, unlike copy to clipboard or print.

It is in preview, and Windows only. Recall is a Copilot+ PC feature, so this only applies to those devices. There is no macOS equivalent because there is no macOS Recall.

It is only as good as your classification. This rides on your labels and sensitive info types. No label and no SIT match means DLP has nothing to act on, and the content lands in Recall like anything else. Sort classification first or this protects very little.

You need two policies, not one. The Purview Endpoint DLP policy is only half of it. On the device side you also have to point Recall at Purview with the Windows Set Data Loss Prevention Provider policy (under Windows AI in Group Policy or your MDM). Miss that and the snapshot activity never reaches Purview, no matter how good your DLP policy is. The device also has to be onboarded to Endpoint DLP through Defender for Endpoint.

1. On the device: set the Windows Set Data Loss Prevention Provider policy so Recall uses Purview as its DLP provider. This is what wires Recall's snapshot activity into your DLP engine.
2. In Purview: create or edit an Endpoint DLP policy scoped to the Devices location and a pilot group.
3. In the rule, set what counts as sensitive - a sensitivity label, a sensitive info type, or both.
4. Under the device activities, enable Capture in a Windows Recall snapshot and set it to Audit only.
5. Leave it in audit for a couple of weeks and watch Activity Explorer to confirm your classification is catching the right things.
6. Once the audit events look right, switch the action to Block.

Start in audit, not block. The failure mode is the same as any DLP rollout: enforce too early, catch the wrong things, and the business stops trusting the control. You can plan the policy - locations, conditions, and this activity - in the DLP Planner first.