The Office of Information Security (OIS) and others at Penn have investigated Microsoft Recall and confirmed that it introduces substantial and unacceptable security, legality, and privacy challenges. Microsoft Recall is an AI-based tool designed to assist with finding items from past use and is available only for Copilot+ PCs running Windows 11 24H2 or above.
Information Systems & Computing (ISC) prevents the use of Microsoft Recall via an enforced Group Policy Object (GPO) on compatible managed systems affiliated with KITE. Administrators of other Windows environments at Penn are strongly urged to also disable Recall. Microsoft’s instructions for disabling Recall in a managed environment are here.
University constituents with unmanaged or individually-owned systems should not use Microsoft Recall. Windows Central has published instructions on disabling or removing Recall on these systems.
Background
"Copilot+ PC" is Microsoft's designation for a notebook computer with a neural processing unit (NPU) that supports 40 Tera Operations Per Second (TOPS) or above. Copilot+ PCs began shipping in small quantities in mid-2024 and will become increasingly prevalent at Penn and elsewhere over the next year. ISC and many others at the University are currently deploying and supporting Copilot+ PCs—Penn's only significant objection to these products is the presence of Microsoft Recall.