“VBS Enclaves use the same hypervisor as Azure to segment the computer’s memory into a special protected area where information can be processed,” said David Weston, vice president for Enterprise and OS Security at Microsoft. “Using Zero Trust principles, code in these enclaves can use cryptographic attestation protocols to safeguard that the environment is secure before performing sensitive operations, such as snapshot processing.”
Microsoft will provide users with a range of privacy controls, said Weston. Users can delete recorded snapshots individually or in bulk over a specified period and select how long Recall content is retained, for example. Content filtering is on by default to help prevent Recall from taking screenshots of information such as credit card details and websites — health or finance-related sites, for instance.
“With the Recall controls, a user can store as much or as little as they would like and remain in control,” he said.