deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'main' into pm-202411-freshness

Browse Source
This commit is contained in:
Padma Jayaraman 2024-11-23 01:05:30 +05:30 committed by GitHub
commit c4f8043e64
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 714 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/client-management/images/8908044-recall-search.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.5 MiB

BIN
windows/client-management/images/8908044-recall.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.6 MiB

181
windows/client-management/manage-recall.md
View File

@ -1,9 +1,9 @@
---
title: Manage Recall for Windows clients
description: Learn how to manage Recall for commercial environments using MDM and group policy. Learn about Recall features.
description: Learn how to manage Recall for commercial environments and about Recall features.
ms.topic: how-to
ms.subservice: windows-copilot
ms.date: 06/13/2024
ms.date: 11/22/2024
ms.author: mstewart
author: mestew
ms.collection:
@ -18,72 +18,161 @@ appliesto:
<!--8908044-->
>**Looking for consumer information?** See [Retrace your steps with Recall](https://support.microsoft.com/windows/retrace-your-steps-with-recall-aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c).
Recall allows you to search across time to find the content you need. Just describe how you remember it, and Recall retrieves the moment you saw it. Recall takes snapshots of your screen and stores them in a timeline. Snapshots are taken every five seconds while content on the screen is different from the previous snapshot. Snapshots are locally stored and locally analyzed on your PC. Recall's analysis allows you to search for content, including both images and text, using natural language.
Recall (preview) allows users to search locally saved and locally analyzed snapshots of their screen using natural language. By default, Recall is disabled and removed on managed devices. IT admins can choose if they want to allow Recall to be used in their organizations and users, on their own, won't be able to enable it on their managed device if the Allow Recall policy is disabled. IT admins, on their own, can't start saving snapshots for end users. Recall is an opt-in experience that requires end user consent to save snapshots. Users can choose to enable or disable saving snapshots for themselves anytime. IT admins can only set policies that give users the option to enable saving snapshots and configure certain policies for Recall.
This article provides information about Recall and how to manage it in a commercial environment.
> [!NOTE]
> Recall is coming soon through a post-launch Windows update. See [aka.ms/copilotpluspcs](https://aka.ms/copilotpluspcs).
> - Recall is now available in preview to Copilot+ PCs through the Windows Insider Program. For more information, see [Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel](https://blogs.windows.com/windows-insider/2024/11/22/previewing-recall-with-click-to-do-on-copilot-pcs-with-windows-insiders-in-the-dev-channel/).
> - In-market commercial devices are defined as devices with an Enterprise (ENT) or Education (EDU) SKU or any premium SKU device that is managed by an IT administrator (whether via Microsoft Endpoint Manager or other endpoint management solution), has a volume license key, or is joined to a domain. Commercial devices during Out of Box Experience (OOBE) are defined as those with ENT or EDU SKU or any premium SKU device that has a volume license key or is Microsoft Entra joined.
> - Recall is optimized for select languages English, Chinese (simplified), French, German, Japanese, and Spanish. Content-based and storage limitations apply. For more information, see [https://aka.ms/copilotpluspcs](https://aka.ms/copilotpluspcs).
When Recall opens the snapshot a user selected, it enables screenray, which runs on top of the saved snapshot. Screenray analyzes what's in the snapshot and allows users to interact with individual elements in the snapshot. For instance, users can copy text from the snapshot or send pictures from the snapshot to an app that supports `jpeg` files.
## What is Recall?
:::image type="content" source="images/8908044-recall.png" alt-text="Screenshot of Recall with search results displayed for a query about a restaurant that the user's friend sent them." lightbox="images/8908044-recall.png":::
Recall (preview) allows you to search across time to find the content you need. Just describe how you remember it, and Recall retrieves the moment you saw it. Snapshots are taken periodically while content on the screen is different from the previous snapshot. The snapshots of your screen are organized into a timeline. Snapshots are locally stored and locally analyzed on your PC. Recall's analysis allows you to search for content, including both images and text, using natural language.
When Recall opens a snapshot you selected, it enables Click to Do, which runs on top of the saved snapshot. Click to Do analyzes what's in the snapshot and allows you to interact with individual elements in the snapshot. For instance, you can copy text from the snapshot or send pictures from the snapshot to an app that supports `jpeg` files.
:::image type="content" border="true" source="images/8908044-recall-search.png" alt-text="Screenshot of Recall with search results displayed for a query for a presentation with a red barn." lightbox="images/8908044-recall-search.png":::
### Recall security and privacy architecture
Privacy and security are built into Recall's design. With Copilot+ PCs, you get powerful AI that runs locally on the device. No internet or cloud connections are required or used to save and analyze snapshots. Snapshots aren't sent to Microsoft. Recall AI processing occurs locally, and snapshots are securely stored on the local device only.
Recall doesn't share snapshots with other users that are signed into Windows on the same device and IT admins can't access or view the snapshots on end-user devices. Microsoft can't access or view the snapshots. Recall requires users to confirm their identity with [Windows Hello](https://support.microsoft.com/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0) before it launches and before accessing snapshots. At least one biometric sign-in option must be enabled for Windows Hello, either facial recognition or a fingerprint, to launch and use Recall. Before snapshots start getting saved to the device, users need to open Recall and authenticate. Recall takes advantage of just in time decryption protected by [Hello Enhanced Sign-in Security (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security). Snapshots and any associated information in the vector database are always encrypted. Encryption keys are protected via Trusted Platform Module (TPM), which is tied to the user's Windows Hello ESS identity, and can be used by operations within a secure environment called a [Virtualization-based Security Enclave (VBS Enclave)](/windows/win32/trusted-execution/vbs-enclaves). This means that other users can't access these keys and thus can't decrypt this information. Device Encryption or BitLocker are enabled by default on Windows 11. For more information, see [Recall security and privacy architecture in the Windows Experience Blog](https://blogs.windows.com/windowsexperience/?p=179096).
When using Recall, the **Sensitive information filtering** setting is enabled by default to help ensure your data's confidentiality. This feature operates directly on your device, utilizing the NPU and the Microsoft Classification Engine (MCE) - the same technology leveraged by [Microsoft Purview](/purview/purview) for detecting and labeling sensitive information. When this setting is enabled, snapshots won't be saved when potentially sensitive information is detected. Most importantly, the sensitive information remains on the device at all times, regardless of whether the **Sensitive information filtering** setting is enabled or disabled. For more information about the types of potentially sensitive information, see [Reference for sensitive information filtering in Recall](recall-sensitive-information-filtering.md).
In keeping with Microsoft's commitment to data privacy and security, all saved images and processed data are kept on the device and processed locally. However, Click to Do allows users to choose if they want to perform additional actions on their content.
Click to Do allows users to choose to get more information about their selected content online. When users choose one of the following Click to Do actions, the selected content is sent to the online provider from the local device to complete the request:
- **Search the web**: Sends the selected content to the default search engine of the default browser
- **Open website**: Opens the selected website in the default browser
- **Visual search with Bing**: Sends the selected content to Bing visual search using the default browser.
When you choose to send info from Click to Do to an app, like Paint, Click to Do will temporarily save this info in order to complete the transfer. Click to Do creates a temporary file in the following location:
- `C:\Users\[username]\AppData\Local\Temp`
Temporary files may also be saved when you choose send feedback. These temporary files aren't saved long term. Click to Do doesn't keep any content from your screen after completing the requested action, but some basic telemetry is gathered to keep Click to Do secure, up to date, and working.
## System requirements
Recall has the following minimum system requirements:
- A [Copilot+ PC](https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs)
Recall has the following minimum requirements:
- A [Copilot+ PC](https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs) that meets the [Secured-core standard](/windows-hardware/design/device-experiences/oem-highly-secure-11)
- 40 TOPs NPU ([neural processing unit](https://support.microsoft.com/windows/all-about-neural-processing-units-npus-e77a5637-7705-4915-96c8-0c6a975f9db4))
- 16 GB RAM
- 8 logical processors
- 256 GB storage capacity
- To enable Recall, you need at least 50 GB of space free
- Snapshot capture automatically pauses once the device has less than 25 GB of disk space
- Saving snapshots automatically pauses once the device has less than 25 GB of storage space
- Users need to enable Device Encryption or BitLocker
- Users need to enroll into [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security) with at least one biometric sign-in option enabled in order to authenticate.
## Supported browsers
Users need a supported browser for Recall to [filter websites](#user-controlled-settings-for-recall) and to automatically filter private browsing activity. Supported browsers, and their capabilities include:
Users need a supported browser for Recall to [filter websites](#app-and-website-filtering-policies) and to automatically filter private browsing activity. Supported browsers, and their capabilities include:
- **Microsoft Edge**: blocks websites and filters private browsing activity
- **Firefox**: blocks websites and filters private browsing activity
- **Opera**: blocks websites and filters private browsing activity
- **Google Chrome**: blocks websites and filters private browsing activity
- **Chromium based browsers** (124 or later): For Chromium-based browsers not listed above, filters private browsing activity only, doesn't block specific websites
- **Microsoft Edge**: filters specified websites and filters private browsing activity
- **Firefox**: filters specified websites and filters private browsing activity
- **Opera**: filtered specified websites and filters private browsing activity
- **Google Chrome**: filters specified websites and filters private browsing activity
- **Chromium based browsers** (124 or later): For Chromium-based browsers not listed, filters private browsing activity only, doesn't filter specific websites
## Configure policies for Recall
Organizations that aren't ready to use AI for historical analysis can disable it until they're ready with the **Turn off saving snapshots for Windows** policy. If snapshots were previously saved on a device, they'll be deleted when this policy is enabled. The following policy allows you to disable analysis of user content:
By default, Recall is removed on commercially managed devices. If you want to allow Recall to be available for users in your organization and allow them to choose to save snapshots, you need to configure both the **Allow Recall to be enabled** and **Turn off saving snapshots for Windows** policies. Policies for Recall fall into the following general areas:
- [Allow Recall and snapshots policies](#allow-recall-and-snapshots-policies)
- [Storage policies](#storage-policies)
- [App and website filtering policies](#app-and-website-filtering-policies)
### Allow Recall and snapshots policies
The **Allow Recall to be enabled** policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled and removed for managed devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own. If you disable this policy, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they'll be deleted when this policy is disabled. Removing Recall requires a device restart. If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users will be able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device.
| &nbsp; | Setting |
|---|---|
| **CSP** | ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) |
| **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
## Limitations
In two specific scenarios, Recall captures snapshots that include InPrivate windows, blocked apps, and blocked websites. If Recall gets launched, or the **Now** option is selected in Recall, then a snapshot is taken even when InPrivate windows, blocked apps, and blocked websites are displayed. However, Recall doesn't save these snapshots. If you choose to send the information from this snapshot to another app, a temp file is created in `C:\Users\[username]\AppData\Local\Temp` to share the content. The temporary file is deleted once the content is transferred over the app you selected to use.
## User controlled settings for Recall
The following options are user controlled in Recall from the **Settings** > **Privacy & Security** > **Recall & Snapshots** page:
- Website filtering
- App filtering
- Storage allocation
- When the storage limit is reached, the oldest snapshots are deleted first.
- Deleting snapshots
- Delete all snapshots
- Delete snapshots within a specific time frame
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallEnablement](mdm/policy-csp-windowsai.md#allowrecallenablement) |
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow Recall to be enabled** |
### Storage allocation
The **Turn off saving snapshots for Windows** policy allows you to give the users the choice to save snapshots of their screen for use with Recall. Administrators can't enable saving snapshots on behalf of their users. The choice to enable saving snapshots requires individual user opt-in consent. By default, snapshots won't be saved for use with Recall. If snapshots were previously saved on a device, they'll be deleted when this policy is enabled. If you set this policy to disabled, end users will have a choice to save snapshots of their screen and use Recall to find things they've seen on their device.
The amount of disk space users can allocate to Recall varies depending on how much storage the device has. The following chart shows the storage space options for Recall:
| Device storage capacity | Storage allocation options for Recall |
| &nbsp; | Setting |
|---|---|
| 256 GB | 25 GB (default), 10 GB |
| 512 GB | 75 GB (default), 50 GB, 25 GB |
| 1 TB, or more | 150 GB (default), 100 GB, 75 GB, 50 GB, 25 GB |
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis)|
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
### Storage policies
You can define how much disk space Recall can use by using the **Set maximum storage for snapshots used by Recall** policy. You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB. When the storage limit is reached, the oldest snapshots are deleted first. When this setting isn't configured, the OS configures the storage allocation for snapshots based on the device storage capacity. 25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.
| &nbsp; | Setting |
|---|---|
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)|
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br> User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** |
You can define how long snapshots can be retained on the device by using the **Set maximum duration for storing snapshots used by Recall** policy. You can configure the maximum storage duration to be 30, 60, 90, or 180 days. If the policy isn't configured, snapshots aren't deleted until the maximum storage allocation is reached, and then the oldest snapshots are deleted first.
| &nbsp; | Setting |
|---|---|
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)|
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum duration for storing snapshots used by Recall** |
### App and website filtering policies
You can filter both apps and websites from being saved in snapshots. Users are able to add to these filter lists from the **Recall & Snapshots** settings page. Some remote desktop connection clients are filtered by default from snapshots. For more information, see the [Remote desktop connection clients filtered from snapshots](#remote-desktop-connection-clients-filtered-from-snapshots) section.
To filter websites from being saved in snapshots, use the **Set a list of URIs to be filtered from snapshots for Recall** policy. Define the list using a semicolon to separate URIs. Make sure you include the URL scheme such as `http://`, `file://`, `https://www.`. Sites local to a supported browser like `edge://`, or `chrome://`, are filtered by default. For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com`
> [!NOTE]
> - Private browsing activity is filtered by default when using [supported web browsers](#supported-browsers).
> - Be aware that websites are filtered when they are in the foreground or are in the currently opened tab of a supported browser. Parts of filtered websites can still appear in snapshots such as embedded content, the browser's history, or an opened tab that isn't in the foreground.
> - Filtering doesn't prevent browsers, internet service providers (ISPs), websites, organizations, or others from knowing that the website was accessed and building a history.
> - Changes to this policy take effect after device restart.
| &nbsp; | Setting |
|---|---|
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyUriListForRecall](mdm/policy-csp-windowsai.md#setdenyurilistforrecall) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyUriListForRecall](mdm/policy-csp-windowsai.md#setdenyurilistforrecall)|
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **>Set a list of URIs to be filtered from snapshots for Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **>Set a list of URIs to be filtered from snapshots for Recall** |
**Set a list of apps to be filtered from snapshots for Recall** policy allows you to filter apps from being saved in snapshots. Define the list using a semicolon to separate apps. The list can include Application User Model IDs (AUMID) or the name of the executable file. For example: `code.exe;Microsoft. WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe`
> [!Note]
> - Like other Windows apps, such as the Snipping Tool, Recall won't store digital rights management (DRM) content.
> - Changes to this policy take effect after device restart.
| &nbsp; | Setting |
|---|---|
| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall)|
| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall**|
#### Remote desktop connection clients filtered from snapshots
Snapshots won't be saved when remote desktop connection clients are used. The following remote desktop connection clients are filtered from snapshots:<!--9119193-->
- [Remote Desktop Connection (mstsc.exe)](/windows-server/administration/windows-commands/mstsc)
- [VMConnect.exe](/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect)
- [Microsoft Remote Desktop from the Microsoft Store](/windows-server/remote/remote-desktop-services/clients/windows) is saved in snapshots. To prevent the app from being saved in snapshots, add it to the app filtering list.
- [Azure Virtual Desktop (MSI)](/azure/virtual-desktop/users/connect-windows)
- [Azure Virtual Desktop apps from the Microsoft Store](/azure/virtual-desktop/users/connect-remote-desktop-client) are saved in snapshots. To prevent these apps from being saved in snapshots, add them to the app filtering list.
- [Remote applications integrated locally (RAIL)](/openspecs/windows_protocols/ms-rdperp/485e6f6d-2401-4a9c-9330-46454f0c5aba) windows
- [Windows App from the Microsoft Store](/windows-app/get-started-connect-devices-desktops-apps) is saved in snapshots. To prevent the app from being saved in snapshots, add it to the app filtering list.
## Information for developers
If you're a developer and want to launch Recall, you can call the `ms-recall` protocol URI. When you call this URI, Recall opens and takes a snapshot of the screen, which is the default behavior for when Recall is launched. For more information about using Recall in your Windows app, see [Recall overview](/windows/ai/apis/recall) in the Windows AI API documentation.
## Microsoft's commitment to responsible AI
@ -91,6 +180,10 @@ Microsoft has been on a responsible AI journey since 2017, when we defined our p
Recall uses optical character recognition (OCR), local to the PC, to analyze snapshots and facilitate search. For more information about OCR, see [Transparency note and use cases for OCR](/legal/cognitive-services/computer-vision/ocr-transparency-note). For more information about privacy and security, see [Privacy and control over your Recall experience](https://support.microsoft.com/windows/privacy-and-control-over-your-recall-experience-d404f672-7647-41e5-886c-a3c59680af15).
## Information for developers
If you're a developer and want to launch Recall, you can call the `ms-recall` protocol URI. When you call this, Recall opens and takes a snapshot of the screen, which is the default behavior for when Recall is launched. For more information about using Recall in your Windows app, see [Recall overview](/windows/ai/apis/recall) in the Windows AI API documentation.
## Related links
- [Policy CSP - WindowsAI](/windows/client-management/mdm/policy-csp-windowsai)
- [Update on Recall security and privacy architecture](https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/)
- [Retrace your steps with Recall](https://support.microsoft.com/windows/aa03f8a0-a78b-4b3e-b0a1-2eb8ac48701c)
- [Privacy and control over your Recall experience](https://support.microsoft.com/windows/d404f672-7647-41e5-886c-a3c59680af15)
- [Click to Do in Recall](https://support.microsoft.com/topic/967304a8-32d1-4812-a904-fad59b5e6abf)
- [Previewing Recall with Click to Do on Copilot+ PCs with Windows Insiders in the Dev Channel](https://blogs.windows.com/windows-insider/2024/11/22/previewing-recall-with-click-to-do-on-copilot-pcs-with-windows-insiders-in-the-dev-channel/)

8
windows/client-management/mdm/policies-in-preview.md
View File

@ -1,7 +1,7 @@
---
title: Configuration service provider preview policies
description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
ms.date: 11/05/2024
ms.date: 11/22/2024
---
<!-- Auto-Generated CSP Document -->
@ -137,9 +137,15 @@ This article lists the policies that are applicable for Windows Insider Preview
## WindowsAI
- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey)
- [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall)
- [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall)
- [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)
- [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)
- [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
- [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
- [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement)
## WindowsLicensing CSP

390
windows/client-management/mdm/policy-csp-windowsai.md
View File

@ -1,7 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
ms.date: 11/05/2024
ms.date: 11/22/2024
---
<!-- Auto-Generated CSP Document -->
@ -15,28 +15,103 @@ ms.date: 11/05/2024
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- WindowsAI-Editable-End -->
<!-- AllowRecallEnablement-Begin -->
## AllowRecallEnablement
<!-- AllowRecallEnablement-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- AllowRecallEnablement-Applicability-End -->
<!-- AllowRecallEnablement-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallEnablement
```
<!-- AllowRecallEnablement-OmaUri-End -->
<!-- AllowRecallEnablement-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled for managed commercial devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own.
- If this policy isn't configured, end users will have the Recall component in a disabled state.
- If this policy is disabled, the Recall component will be in disabled state and the bits for Recall will be removed from the device. If snapshots were previously saved on the device, they'll be deleted when this policy is disabled. Removing Recall requires a device restart.
- If the policy is enabled, end users will have Recall available on their device. Depending on the state of the DisableAIDataAnalysis policy (Turn off saving snapshots for use with Recall), end users are able to choose if they want to save snapshots of their screen and use Recall to find things they've seen on their device.
<!-- AllowRecallEnablement-Description-End -->
<!-- AllowRecallEnablement-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowRecallEnablement-Editable-End -->
<!-- AllowRecallEnablement-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 1 |
<!-- AllowRecallEnablement-DFProperties-End -->
<!-- AllowRecallEnablement-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 | Recall isn't available. |
| 1 (Default) | Recall is available. |
<!-- AllowRecallEnablement-AllowedValues-End -->
<!-- AllowRecallEnablement-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | AllowRecallEnablement |
| Friendly Name | Allow Recall to be enabled |
| Location | Computer Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | AllowRecallEnablement |
| ADMX File Name | WindowsCopilot.admx |
<!-- AllowRecallEnablement-GpMapping-End -->
<!-- AllowRecallEnablement-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowRecallEnablement-Examples-End -->
<!-- AllowRecallEnablement-End -->
<!-- DisableAIDataAnalysis-Begin -->
## DisableAIDataAnalysis
<!-- DisableAIDataAnalysis-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
| Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- DisableAIDataAnalysis-Applicability-End -->
<!-- DisableAIDataAnalysis-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
```
<!-- DisableAIDataAnalysis-OmaUri-End -->
<!-- DisableAIDataAnalysis-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device.
This policy setting allows you to determine whether snapshots of the screen can be saved for use with Recall. By default, snapshots for Recall aren't enabled. IT administrators can't, on their own, enable saving snapshots on behalf of their users. The choice to enable saving snapshots requires individual user opt-in consent.
- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall.
- If the policy isn't configured, snapshots won't be saved for use with Recall.
- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall.
- If you enable this policy, snapshots won't be saved for use with Recall. If snapshots were previously saved on the device, they'll be deleted when this policy is enabled.
If you set this policy to disabled, end users will have a choice to save snapshots of their screen and use Recall to find things they've seen on their device.
<!-- DisableAIDataAnalysis-Description-End -->
<!-- DisableAIDataAnalysis-Editable-Begin -->
@ -68,8 +143,8 @@ This policy setting allows you to control whether Windows saves snapshots of the
| Name | Value |
|:--|:--|
| Name | DisableAIDataAnalysis |
| Friendly Name | Turn off Saving Snapshots for Windows |
| Location | User Configuration |
| Friendly Name | Turn off saving snapshots for use with Recall |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | DisableAIDataAnalysis |
@ -222,7 +297,7 @@ This policy setting allows you to control whether Image Creator functionality is
<!-- SetCopilotHardwareKey-OmaUri-End -->
<!-- SetCopilotHardwareKey-Description-Begin -->
<!-- Description-Source-DDF -->
<!-- Description-Source-ADMX -->
This policy setting determines which app opens when the user presses the Copilot key on their keyboard.
- If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings.
@ -249,7 +324,11 @@ This policy setting determines which app opens when the user presses the Copilot
| Name | Value |
|:--|:--|
| Name | SetCopilotHardwareKey |
| Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
| Friendly Name | Set Copilot Hardware Key |
| Location | User Configuration |
| Path | Windows Components > Windows Copilot |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CopilotKey |
| ADMX File Name | WindowsCopilot.admx |
<!-- SetCopilotHardwareKey-GpMapping-End -->
<!-- SetCopilotHardwareKey-Examples-Begin -->
@ -258,12 +337,297 @@ This policy setting determines which app opens when the user presses the Copilot
<!-- SetCopilotHardwareKey-End -->
<!-- SetDenyAppListForRecall-Begin -->
## SetDenyAppListForRecall
<!-- SetDenyAppListForRecall-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- SetDenyAppListForRecall-Applicability-End -->
<!-- SetDenyAppListForRecall-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
```
<!-- SetDenyAppListForRecall-OmaUri-End -->
<!-- SetDenyAppListForRecall-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy allows you to define a list of apps that won't be included in snapshots for Recall.
Users are able to add additional applications to exclude from snapshots using Recall settings.
The list can include Application User Model IDs (AUMID) or name of the executable file.
Use a semicolon-separated list of apps to define the deny app list for Recall.
For example: `code.exe;Microsoft.WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe`
> [!IMPORTANT]
> When configuring this policy setting, changes won't take effect until the device restarts.
<!-- SetDenyAppListForRecall-Description-End -->
<!-- SetDenyAppListForRecall-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SetDenyAppListForRecall-Editable-End -->
<!-- SetDenyAppListForRecall-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `;`) |
<!-- SetDenyAppListForRecall-DFProperties-End -->
<!-- SetDenyAppListForRecall-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SetDenyAppListForRecall |
| Friendly Name | Set a list of apps to be filtered from snapshots for Recall |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | SetDenyAppListForRecall |
| ADMX File Name | WindowsCopilot.admx |
<!-- SetDenyAppListForRecall-GpMapping-End -->
<!-- SetDenyAppListForRecall-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SetDenyAppListForRecall-Examples-End -->
<!-- SetDenyAppListForRecall-End -->
<!-- SetDenyUriListForRecall-Begin -->
## SetDenyUriListForRecall
<!-- SetDenyUriListForRecall-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- SetDenyUriListForRecall-Applicability-End -->
<!-- SetDenyUriListForRecall-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
```
<!-- SetDenyUriListForRecall-OmaUri-End -->
<!-- SetDenyUriListForRecall-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting lets you define a list of URIs that won't be included in snapshots for Recall when a supported browser is used. People within your organization can use Recall settings to add more websites to the list. Define the list using a semicolon to separate URIs.
For example: `https://www.Contoso.com;https://www.WoodgroveBank.com;https://www.Adatum.com`.
Adding `https://www.WoodgroveBank.com` to the list would also filter `https://Account.WoodgroveBank.com` and `https://www.WoodgroveBank.com/Account`.
> [!IMPORTANT]
> Changes to this policy take effect after device restart.
<!-- SetDenyUriListForRecall-Description-End -->
<!-- SetDenyUriListForRecall-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SetDenyUriListForRecall-Editable-End -->
<!-- SetDenyUriListForRecall-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
| Allowed Values | List (Delimiter: `;`) |
<!-- SetDenyUriListForRecall-DFProperties-End -->
<!-- SetDenyUriListForRecall-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SetDenyUriListForRecall |
| Friendly Name | Set a list of URIs to be filtered from snapshots for Recall |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | SetDenyUriListForRecall |
| ADMX File Name | WindowsCopilot.admx |
<!-- SetDenyUriListForRecall-GpMapping-End -->
<!-- SetDenyUriListForRecall-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SetDenyUriListForRecall-Examples-End -->
<!-- SetDenyUriListForRecall-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Begin -->
## SetMaximumStorageDurationForRecallSnapshots
<!-- SetMaximumStorageDurationForRecallSnapshots-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- SetMaximumStorageDurationForRecallSnapshots-Applicability-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
```
<!-- SetMaximumStorageDurationForRecallSnapshots-OmaUri-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to control the maximum amount of time (in days) that Windows saves snapshots for Recall.
When the policy is enabled, you can configure the maximum storage duration to be 30, 60, 90, or 180 days.
When this policy isn't configured, a time frame isn't set for deleting snapshots.
Snapshots aren't deleted until the maximum storage allocation for Recall is reached, and then the oldest snapshots are deleted first.
<!-- SetMaximumStorageDurationForRecallSnapshots-Description-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Editable-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- SetMaximumStorageDurationForRecallSnapshots-DFProperties-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Let the OS define the maximum amount of time the snapshots will be saved. |
| 30 | 30 days. |
| 60 | 60 days. |
| 90 | 90 days. |
| 180 | 180 days. |
<!-- SetMaximumStorageDurationForRecallSnapshots-AllowedValues-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SetMaximumStorageDurationForRecallSnapshots |
| Friendly Name | Set maximum duration for storing snapshots used by Recall |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | SetMaximumStorageDurationForRecallSnapshots |
| ADMX File Name | WindowsCopilot.admx |
<!-- SetMaximumStorageDurationForRecallSnapshots-GpMapping-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SetMaximumStorageDurationForRecallSnapshots-Examples-End -->
<!-- SetMaximumStorageDurationForRecallSnapshots-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Begin -->
## SetMaximumStorageSpaceForRecallSnapshots
<!-- SetMaximumStorageSpaceForRecallSnapshots-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
<!-- SetMaximumStorageSpaceForRecallSnapshots-Applicability-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-OmaUri-Begin -->
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
```
```Device
./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
```
<!-- SetMaximumStorageSpaceForRecallSnapshots-OmaUri-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting allows you to control the maximum amount of disk space that can be used by Windows to save snapshots for Recall.
You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB.
When this setting isn't configured, the OS configures the storage allocation for snapshots based on the device storage capacity.
25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.
<!-- SetMaximumStorageSpaceForRecallSnapshots-Description-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Editable-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-DFProperties-Begin -->
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
<!-- SetMaximumStorageSpaceForRecallSnapshots-DFProperties-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-AllowedValues-Begin -->
**Allowed values**:
| Value | Description |
|:--|:--|
| 0 (Default) | Let the OS define the maximum storage amount based on hard drive storage size. |
| 10000 | 10GB. |
| 25000 | 25GB. |
| 50000 | 50GB. |
| 75000 | 75GB. |
| 100000 | 100GB. |
| 150000 | 150GB. |
<!-- SetMaximumStorageSpaceForRecallSnapshots-AllowedValues-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-GpMapping-Begin -->
**Group policy mapping**:
| Name | Value |
|:--|:--|
| Name | SetMaximumStorageSpaceForRecallSnapshots |
| Friendly Name | Set maximum storage for snapshots used by Recall |
| Location | Computer and User Configuration |
| Path | Windows Components > Windows AI |
| Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
| Registry Value Name | SetMaximumStorageSpaceForRecallSnapshots |
| ADMX File Name | WindowsCopilot.admx |
<!-- SetMaximumStorageSpaceForRecallSnapshots-GpMapping-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-Examples-End -->
<!-- SetMaximumStorageSpaceForRecallSnapshots-End -->
<!-- TurnOffWindowsCopilot-Begin -->
## TurnOffWindowsCopilot
> [!NOTE]
> This policy is deprecated and may be removed in a future release.
<!-- TurnOffWindowsCopilot-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
@ -282,7 +646,7 @@ This policy setting allows you to turn off Windows Copilot.
- If you enable this policy setting, users won't be able to use Copilot. The Copilot icon won't appear on the taskbar either.
- If you disable or don't configure this policy setting, users will be able to use Copilot when it's available to them.
- If you disable or don't configure this policy setting, users are able to use Copilot when it's available to them.
<!-- TurnOffWindowsCopilot-Description-End -->
<!-- TurnOffWindowsCopilot-Editable-Begin -->

190
windows/client-management/recall-sensitive-information-filtering.md Normal file
View File

@ -0,0 +1,190 @@
---
title: Sensitive information filtering in Recall
description: Learn about the types of potentially sensitive information Recall detects.
ms.topic: reference
ms.subservice: windows-copilot
ms.date: 11/22/2024
ms.author: mstewart
author: mestew
ms.collection:
- windows-copilot
- magic-ai-copilot
appliesto:
- ✅ <a href="https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs" target="_blank">Copilot+ PCs</a>
---
# Reference for sensitive information filtering in Recall
This article provides information about the types of potentially sensitive information that [Recall](manage-recall.md) detects when the **Sensitive Information Filtering** setting is enabled.
## Types of potentially sensitive information
Types of potentially sensitive information that Recall detects and filters include:
ABA Routing Number </br>
Argentina National Identity (DNI) Number </br>
Argentina Unique Tax Identification Key (CUIT/CUIL) </br>
Australia Bank Account Number </br>
Australia Drivers License Number </br>
Australia Tax File Number </br>
Austria Driver's License Number </br>
Austria Identity Card </br>
Austria Social Security Number </br>
Austria Tax Identification Number </br>
Austria Value Added Tax </br>
Azure Document DB Auth Key </br>
Azure IAAS Database Connection String and Azure SQL Connection String </br>
Azure IoT Connection String </br>
Azure Redis Cache Connection String </br>
Azure SAS </br>
Azure Secrets (Generic) </br>
Azure Service Bus Connection String </br>
Azure Storage Account Key </br>
Belgium Driver's License Number </br>
Belgium National Number </br>
Belgium Value Added Tax Number </br>
Brazil CPF Number </br>
Brazil Legal Entity Number (CNPJ) </br>
Brazil National ID Card (RG) </br>
Bulgaria Driver's License Number </br>
Bulgaria Uniform Civil Number </br>
Canada Bank Account Number </br>
Canada Driver's License Number </br>
Canada Social Insurance Number </br>
Chile Identity Card Number </br>
China Resident Identity Card (PRC) Number </br>
Colombia National ID </br>
Credit Card Number </br>
Croatia Driver's License Number </br>
Croatia Identity Card Number </br>
Croatia Personal Identification (OIB) Number </br>
Cyprus Driver's License Number </br>
Cyprus Identity Card </br>
Cyprus Tax Identification Number </br>
Czech Driver's License Number </br>
Czech Personal Identity Number </br>
DEA Number </br>
Denmark Driver's License Number </br>
Denmark Personal Identification Number </br>
Ecuador Unique Identification Number </br>
Estonia Driver's License Number </br>
Estonia Personal Identification Code </br>
EU Debit Card Number </br>
EU Driver's License Number </br>
EU National Id Card </br>
EU SSN or Equivalent Number </br>
EU Tax File Number </br>
Finland Driver's License Number </br>
Finnish National ID </br>
France CNI </br>
France Driver's License Number </br>
France INSEE </br>
France Tax Identification Number (numéro SPI.) </br>
France Value Added Tax Number </br>
General Password </br>
German Driver's License Number </br>
Germany Identity Card Number </br>
Germany Tax Identification Number </br>
Germany Value Added Tax Number </br>
Greece Driver's License Number </br>
Greece National ID Card </br>
Greece Social Security Number (AMKA) </br>
Greek Tax Identification Number </br>
Hong Kong Identity Card (HKID) number </br>
Hungarian Social Security Number (TAJ) </br>
Hungarian Value Added Tax Number </br>
Hungary Driver's License Number </br>
Hungary Personal Identification Number </br>
Hungary Tax Identification Number </br>
IBAN </br>
India Driver's License Number </br>
India GST number </br>
India Permanent Account Number </br>
India Unique Identification (Aadhaar) number </br>
India Voter Id Card </br>
Indonesia Drivers License Number </br>
Indonesia Identity Card (KTP) Number </br>
Ireland Driver's License Number </br>
Ireland Personal Public Service (PPS) Number </br>
Israel Bank Account Number </br>
Israel National ID Number </br>
Italy Driver's license Number </br>
Italy Fiscal Code </br>
Italy Value Added Tax </br>
Japan Bank Account Number </br>
Japan Driver's License Number </br>
Japan Residence Card Number </br>
Japan Resident Registration Number </br>
Japan Social Insurance Number </br>
Japanese My Number Corporate </br>
Japanese My Number Personal </br>
Latvia Driver's License Number </br>
Latvia Personal Code </br>
Lithuania Driver's License Number </br>
Lithuania Personal Code </br>
Luxembourg Driver's License Number </br>
Luxembourg National Identification Number (Natural persons) </br>
Luxembourg National Identification Number (Non-natural persons) </br>
Malaysia ID Card Number </br>
Malta Driver's License Number </br>
Malta Identity Card Number </br>
Malta Tax ID Number </br>
Mexico Unique Population Registry Code (CURP) </br>
Netherlands Citizen's Service (BSN) Number </br>
Netherlands Driver's License Number </br>
Netherlands Tax Identification Number </br>
Netherlands Value Added Tax Number </br>
New Zealand Bank Account Number </br>
New Zealand Driver License Number </br>
New Zealand Inland Revenue Number </br>
Newzealand Social Welfare Number </br>
Norway Identification Number </br>
Philippines National ID </br>
Philippines Passport Number </br>
Philippines Unified Multi-Purpose ID number </br>
Poland Driver's License Number </br>
Poland Identity Card </br>
Poland National ID (PESEL) </br>
Poland Tax Identification Number </br>
Polish REGON Number </br>
Portugal Citizen Card Number </br>
Portugal Driver's License Number </br>
Portugal Tax Identification Number </br>
Qatari ID Card Number </br>
Romania Driver's License Number </br>
Romania Personal Numerical Code (CNP) </br>
Saudi Arabia National ID </br>
Singapore Driving License Number </br>
Singapore National Registration Identity Card (NRIC) Number </br>
Slovakia Driver's License Number </br>
Slovakia Personal Number </br>
Slovenia Driver's License Number </br>
Slovenia Tax Identification Number </br>
Slovenia Unique Master Citizen Number </br>
South Africa Identification Number </br>
South Korea Driver's License Number </br>
South Korea Resident Registration Number </br>
Spain DNI </br>
Spain Driver's License Number </br>
Spain SSN </br>
Spain Tax Identification Number </br>
Sweden Driver's License Number </br>
Sweden National ID </br>
Sweden Tax Identification Number </br>
SWIFT Code </br>
Swiss SSN AHV Number </br>
Taiwan Resident Certificate (ARC/TARC) </br>
Taiwanese National ID </br>
Thai Citizen ID </br>
Turkish National Identity </br>
U.K. Driver's License Number </br>
U.K. Electoral Number </br>
U.K. NHS Number </br>
U.K. NINO </br>
U.K. Unique Taxpayer Reference Number </br>
U.S. Bank Account Number </br>
U.S. Driver's License Number </br>
U.S. Individual Taxpayer Identification Number (ITIN) </br>
U.S. Social Security Number </br>
UAE Identity Card Number </br>

4
windows/client-management/toc.yml
View File

@ -51,7 +51,9 @@ items:
- name: Updated Windows and Microsoft Copilot experience
href: manage-windows-copilot.md
- name: Manage Recall
href: manage-recall.md
href: manage-recall.md
- name: Reference for sensitive information filtering in Recall
href: recall-sensitive-information-filtering.md
- name: Secured-Core PC Configuration Lock
href: config-lock.md
- name: Certificate renewal