From 63b0b31338abdff9686c016824989eeae49e9ec5 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 2 May 2025 15:20:17 -0700 Subject: [PATCH 01/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 3efb9631dc..44a9459f28 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -82,6 +82,7 @@ By default, Recall is removed on commercially managed devices. If you want to al - [App and website filtering policies](#app-and-website-filtering-policies) - App and website filtering policies apply only to Enterprise and Education editions of Windows + > [!IMPORTANT] > The policy to manage Click to Do doesn't affect Click to Do in Recall. For more information, see [Manage Click to Do](manage-click-to-do.md). @@ -172,6 +173,22 @@ Snapshots won't be saved when supported remote desktop clients are used. The rem > [!Note] > Clients will be saved by Recall unless the client implements screen capture protection, for example [screen capture protection in Azure Virtual desktop](/azure/virtual-desktop/screen-capture-protection). Clients can control how screen capture protection is implemented and may allow some pages to be saved but not the remote session. Customers can always add filters for specific client apps. Check with the provider of your remote client software for details on their screen capture policy. For information about adding screen capture protection to a client, see the [Information for developers](#information-for-developers) section. +## Allow export of Recall and snapshot information + +This policy allows you to determine whether Recall and snapshot information can be exported. The files that are exported are encrypted since Recall and snapshot information may be sensitive. Users can export from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** -> **Export past snapshots** -> **Export**. From **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings**, users can also choose to turn on the option to **Export snapshots from now on**, which continuously exports their snapshots. + +Before export, users are notified that their files are encrypted since they may contain sensitive information. The user is also notified that they'll need to provide an export code if they want to allow trusted apps or websites access to exported snapshots. Before starting an export, the user must authenticate with Windows Hello. + +When you set this policy to enabled, users will be able to export Recall and snapshot information. + +If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. + +|   | Setting | +|---|---| +| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md#allowrecallexport) | +| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow export of Recall and snapshot information** | + + ## Bring your own device (BYOD) considerations For managed devices, IT admins have control over if they want to allow users access to Recall. It's removed by default unless IT sets the policy to enable Recall. When organizations allow users to BYOD, they need to consider the following: From e4c18fef9132c621b55cd07a5b6bca4b96618979 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 2 May 2025 15:21:50 -0700 Subject: [PATCH 02/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 44a9459f28..86ebe34abd 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -81,7 +81,7 @@ By default, Recall is removed on commercially managed devices. If you want to al - Storage policies apply only to Enterprise and Education editions of Windows - [App and website filtering policies](#app-and-website-filtering-policies) - App and website filtering policies apply only to Enterprise and Education editions of Windows - +- [Allow export of Recall and snapshot information](#allow-export-of-recall-and-snapshot-information) > [!IMPORTANT] > The policy to manage Click to Do doesn't affect Click to Do in Recall. For more information, see [Manage Click to Do](manage-click-to-do.md). From 1e620aa280ed9d785f13a7b37b267242c6b9a247 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Mon, 5 May 2025 08:02:17 -0700 Subject: [PATCH 03/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 86ebe34abd..cfc556ff42 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -82,6 +82,7 @@ By default, Recall is removed on commercially managed devices. If you want to al - [App and website filtering policies](#app-and-website-filtering-policies) - App and website filtering policies apply only to Enterprise and Education editions of Windows - [Allow export of Recall and snapshot information](#allow-export-of-recall-and-snapshot-information) + - The export of Recall and snapshot information feature and its policy applies only to devices in the European Economic Area (EEA) > [!IMPORTANT] > The policy to manage Click to Do doesn't affect Click to Do in Recall. For more information, see [Manage Click to Do](manage-click-to-do.md). @@ -183,6 +184,9 @@ When you set this policy to enabled, users will be able to export Recall and sna If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. +> [!Important] +> The export of Recall and snapshot information feature and its policy applies only to devices in the European Economic Area (EEA). The feature isn't available in other regions. The policy is available in all regions, but it won't have any effect outside of the EEA. + |   | Setting | |---|---| | **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md#allowrecallexport) | From 0cfea02d01af62af4bf38c7164ae784ca6f9f82f Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 20 May 2025 11:25:39 -0700 Subject: [PATCH 04/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index cfc556ff42..91256cc0c9 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -176,16 +176,18 @@ Snapshots won't be saved when supported remote desktop clients are used. The rem ## Allow export of Recall and snapshot information -This policy allows you to determine whether Recall and snapshot information can be exported. The files that are exported are encrypted since Recall and snapshot information may be sensitive. Users can export from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** -> **Export past snapshots** -> **Export**. From **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings**, users can also choose to turn on the option to **Export snapshots from now on**, which continuously exports their snapshots. +This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export past snapshots** > **Export**. -Before export, users are notified that their files are encrypted since they may contain sensitive information. The user is also notified that they'll need to provide an export code if they want to allow trusted apps or websites access to exported snapshots. Before starting an export, the user must authenticate with Windows Hello. +Users can also choose to continuously export their snapshots if they turn on the option to **Export snapshots from now on** from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export**. + +Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow trusted apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: When you set this policy to enabled, users will be able to export Recall and snapshot information. If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. > [!Important] -> The export of Recall and snapshot information feature and its policy applies only to devices in the European Economic Area (EEA). The feature isn't available in other regions. The policy is available in all regions, but it won't have any effect outside of the EEA. +> This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. |   | Setting | |---|---| From 0c390ff55afba539ca0f31a43ae84f6af558299d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Tue, 20 May 2025 11:27:14 -0700 Subject: [PATCH 05/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 27 +++++++++++----------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 91256cc0c9..3eb69e5aca 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -161,19 +161,6 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t | **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall)

./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetDenyAppListForRecall](mdm/policy-csp-windowsai.md#setdenyapplistforrecall)| | **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall**

User Configuration > Administrative Templates > Windows Components > Windows AI > **Set a list of apps to be filtered from snapshots for Recall**| - -## Remote desktop connection clients filtered from snapshots - -Snapshots won't be saved when supported remote desktop clients are used. The remote desktop connection sessions from the following clients are filtered from snapshots: - - - [Remote Desktop Connection (mstsc.exe)](/windows-server/administration/windows-commands/mstsc) - - [VMConnect.exe](/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect) - - [Azure Virtual Desktop (MSI)](/azure/virtual-desktop/users/connect-windows) - - [Remote applications integrated locally (RAIL)](/openspecs/windows_protocols/ms-rdperp/485e6f6d-2401-4a9c-9330-46454f0c5aba) - -> [!Note] -> Clients will be saved by Recall unless the client implements screen capture protection, for example [screen capture protection in Azure Virtual desktop](/azure/virtual-desktop/screen-capture-protection). Clients can control how screen capture protection is implemented and may allow some pages to be saved but not the remote session. Customers can always add filters for specific client apps. Check with the provider of your remote client software for details on their screen capture policy. For information about adding screen capture protection to a client, see the [Information for developers](#information-for-developers) section. - ## Allow export of Recall and snapshot information This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export past snapshots** > **Export**. @@ -195,6 +182,20 @@ If the policy is set to disabled or not configured, users won't be able to expor | **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow export of Recall and snapshot information** | +## Remote desktop connection clients filtered from snapshots + +Snapshots won't be saved when supported remote desktop clients are used. The remote desktop connection sessions from the following clients are filtered from snapshots: + + - [Remote Desktop Connection (mstsc.exe)](/windows-server/administration/windows-commands/mstsc) + - [VMConnect.exe](/windows-server/virtualization/hyper-v/learn-more/hyper-v-virtual-machine-connect) + - [Azure Virtual Desktop (MSI)](/azure/virtual-desktop/users/connect-windows) + - [Remote applications integrated locally (RAIL)](/openspecs/windows_protocols/ms-rdperp/485e6f6d-2401-4a9c-9330-46454f0c5aba) + +> [!Note] +> Clients will be saved by Recall unless the client implements screen capture protection, for example [screen capture protection in Azure Virtual desktop](/azure/virtual-desktop/screen-capture-protection). Clients can control how screen capture protection is implemented and may allow some pages to be saved but not the remote session. Customers can always add filters for specific client apps. Check with the provider of your remote client software for details on their screen capture policy. For information about adding screen capture protection to a client, see the [Information for developers](#information-for-developers) section. + + + ## Bring your own device (BYOD) considerations For managed devices, IT admins have control over if they want to allow users access to Recall. It's removed by default unless IT sets the policy to enable Recall. When organizations allow users to BYOD, they need to consider the following: From 36f4e8c64a0e5ac78682036e51cf6eb828077d10 Mon Sep 17 00:00:00 2001 From: scottmca <89857809+scottmca@users.noreply.github.com> Date: Tue, 10 Jun 2025 11:33:16 -0400 Subject: [PATCH 06/19] Learn Editor: Update enable-extended-security-updates.md --- windows/whats-new/enable-extended-security-updates.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/windows/whats-new/enable-extended-security-updates.md b/windows/whats-new/enable-extended-security-updates.md index af03388d2c..cb0b1f3891 100644 --- a/windows/whats-new/enable-extended-security-updates.md +++ b/windows/whats-new/enable-extended-security-updates.md @@ -151,7 +151,11 @@ If the device doesn't have access to the internet or to the Microsoft Activation ## Activate large numbers of devices that don't have internet access -For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that the VAMT tool includes updated PkeyConfig files for Windows 10 ESU MAK keys. +For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that you have latest VAMT tool + +Note: In order to add Windows 10 ESU keys to VAMT update the pkeyconfig files with this update + +[https://www.microsoft.com/en-us/download/details.aspx?id=106364](https://www.microsoft.com/download/details.aspx?id=106364) For more information on adding additional activations to a Windows 10 ESU MAK, see [Request an increase to MAK activation limits](/microsoft-365/commerce/licenses/product-keys-for-vl#request-an-increase-to-mak-activation-limits). From ab58bbc0ceaca33938801d28bcd1d20a2390779a Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 08:53:42 -0700 Subject: [PATCH 08/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 25 ++++++++++++++++------ 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 3eb69e5aca..3262acc765 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -3,7 +3,7 @@ title: Manage Recall for Windows clients description: Learn how to manage Recall for commercial environments and about Recall features. ms.topic: how-to ms.subservice: windows-copilot -ms.date: 04/24/2025 +ms.date: 06/13/2025 ms.author: mstewart author: mestew ms.collection: @@ -163,18 +163,29 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t ## Allow export of Recall and snapshot information -This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export past snapshots** > **Export**. +The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see Announcing Windows 11 Insider Preview Build ****. -Users can also choose to continuously export their snapshots if they turn on the option to **Export snapshots from now on** from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export**. +In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://support.microsoft.com/topic/680bd134-4aaa-4bf5-8548-a8e2911c8069) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: -Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow trusted apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: +- Snapshots, including snapshots that the user or Recall saved +- Snapshot details, including information related to each snapshot such as the time and date it was saved along with associated information from opened apps -When you set this policy to enabled, users will be able to export Recall and snapshot information. +The user has the following two options for exporting Recall snapshots: +- **Export past snapshots**: A single export of all the user's Recall snapshots from the last 7 days, last 30 days, or all of their snapshots. +- **Export snapshots from now on**: Starts a continuous export of snapshots from the time the user turns on this setting until they turn it off or reset Recall. Users will be reminded every 30 days that continuous export is enabled. -If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. +The **Allow export of Recall and snapshot information** policy allows IT admins to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with apps or websites. **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export past snapshots** > **Export**. +Users can also choose to continuously export their snapshots if they turn on the option to **Export snapshots from now on** from **Settings** > **Privacy & Security** > **Recall & Snapshots** > **Advanced Settings** > **Export snapshots** > **Export**. + +Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: + +- When you set this policy to enabled, users will be able to export their Recall snapshots +- If the policy is set to disabled or not configured, users won't be able to export their Recall snapshots. > [!Important] -> This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. +> - This setting applies to devices in the European Economic Area (EEA) only. Export of Recall snapshots is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. +> - Changes to this policy take effect after device restart. +> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](/windows/ai/recall/decrypt-exported-snapshots). |   | Setting | |---|---| From 8f48010d00d32f00ee7445a71fc82bc73f793dd5 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 09:06:49 -0700 Subject: [PATCH 09/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 3262acc765..c0611f0440 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -163,7 +163,7 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t ## Allow export of Recall and snapshot information -The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see Announcing Windows 11 Insider Preview Build ****. +The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see [Announcing Windows 11 Insider Preview Build 26120.4441 (Beta Channel)](https://blogs.windows.com/windows-insider). In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://support.microsoft.com/topic/680bd134-4aaa-4bf5-8548-a8e2911c8069) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: From 418377f149fd65dab6055c88d345a75b0a2d261b Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 09:19:59 -0700 Subject: [PATCH 10/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index c0611f0440..79e7f5e843 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -165,7 +165,7 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see [Announcing Windows 11 Insider Preview Build 26120.4441 (Beta Channel)](https://blogs.windows.com/windows-insider). -In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://support.microsoft.com/topic/680bd134-4aaa-4bf5-8548-a8e2911c8069) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: +In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://go.microsoft.com/fwlink/?linkid=2309200) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: - Snapshots, including snapshots that the user or Recall saved - Snapshot details, including information related to each snapshot such as the time and date it was saved along with associated information from opened apps @@ -185,11 +185,11 @@ Before starting an export, the user must authenticate with Windows Hello and the > [!Important] > - This setting applies to devices in the European Economic Area (EEA) only. Export of Recall snapshots is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. > - Changes to this policy take effect after device restart. -> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](/windows/ai/recall/decrypt-exported-snapshots). +> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](https://go.microsoft.com/fwlink/?linkid=2309200). |   | Setting | |---|---| -| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md#allowrecallexport) | +| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md) | | **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow export of Recall and snapshot information** | From 309c2ea01e74380dcc3fdf211571c81b8b5356d3 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 09:29:32 -0700 Subject: [PATCH 11/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 79e7f5e843..3d0bd1a902 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -165,7 +165,7 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see [Announcing Windows 11 Insider Preview Build 26120.4441 (Beta Channel)](https://blogs.windows.com/windows-insider). -In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://go.microsoft.com/fwlink/?linkid=2309200) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: +In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://support.microsoft.com/topic/680bd134-4aaa-4bf5-8548-a8e2911c8069) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: - Snapshots, including snapshots that the user or Recall saved - Snapshot details, including information related to each snapshot such as the time and date it was saved along with associated information from opened apps @@ -185,7 +185,7 @@ Before starting an export, the user must authenticate with Windows Hello and the > [!Important] > - This setting applies to devices in the European Economic Area (EEA) only. Export of Recall snapshots is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. > - Changes to this policy take effect after device restart. -> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](https://go.microsoft.com/fwlink/?linkid=2309200). +> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](/windows/ai/recall/decrypt-exported-snapshots). |   | Setting | |---|---| From b973a890061695d81f50f9bb3d5ad79bd9dc1a5d Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 14:43:00 -0700 Subject: [PATCH 12/19] export-recall-9257953 --- windows/client-management/manage-recall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 3d0bd1a902..03b9cf875b 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -185,7 +185,7 @@ Before starting an export, the user must authenticate with Windows Hello and the > [!Important] > - This setting applies to devices in the European Economic Area (EEA) only. Export of Recall snapshots is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. > - Changes to this policy take effect after device restart. -> - For information about adding exported Recall and snapshot information to your application or website, see [Decrypt exported snapshots from Recall](/windows/ai/recall/decrypt-exported-snapshots). +> - Developer documentation will be coming at a later date. |   | Setting | |---|---| From b494ac802473c1059ff2dc681606f6a281372367 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 12 Jun 2025 16:23:23 -0600 Subject: [PATCH 13/19] Add AllowRecallExport policy --- .../mdm/policies-in-preview.md | 3 +- .../mdm/policy-csp-windowsai.md | 63 ++++++++++++++++++- 2 files changed, 64 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md index 36f79a143f..0e17724c64 100644 --- a/windows/client-management/mdm/policies-in-preview.md +++ b/windows/client-management/mdm/policies-in-preview.md @@ -1,7 +1,7 @@ --- title: Configuration service provider preview policies description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview. -ms.date: 06/09/2025 +ms.date: 06/12/2025 ms.topic: generated-reference --- @@ -227,6 +227,7 @@ This article lists the policies that are applicable for Windows Insider Preview - [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) - [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots) - [DisableClickToDo](policy-csp-windowsai.md#disableclicktodo) +- [AllowRecallExport](policy-csp-windowsai.md#allowrecallexport) - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator) - [DisableCocreator](policy-csp-windowsai.md#disablecocreator) - [DisableGenerativeFill](policy-csp-windowsai.md#disablegenerativefill) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 6f59fee325..4136f865e3 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -1,7 +1,7 @@ --- title: WindowsAI Policy CSP description: Learn more about the WindowsAI Area in Policy CSP. -ms.date: 05/02/2025 +ms.date: 06/12/2025 ms.topic: generated-reference --- @@ -85,6 +85,67 @@ This policy setting allows you to determine whether the Recall optional componen + +## AllowRecallExport + + +| Scope | Editions | Applicable OS | +|:--|:--|:--| +| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | + + + +```Device +./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallExport +``` + + + + +This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export past snapshots > Export. Users can also choose to continuously export their snapshots if they turn on the option to Export snapshots from now on from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export. Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow trusted apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: When you set this policy to enabled, users will be able to export Recall and snapshot information. If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. + +> [!IMPORTANT] +> This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. + + + + + + + +**Description framework properties**: + +| Property name | Property value | +|:--|:--| +| Format | `int` | +| Access Type | Add, Delete, Get, Replace | +| Default Value | 0 | + + + +**Allowed values**: + +| Value | Description | +|:--|:--| +| 0 (Default) | Deny export of Recall and snapshots information. | +| 1 | Allow export of Recall and snapshot information. | + + + +**Group policy mapping**: + +| Name | Value | +|:--|:--| +| Name | AllowRecallExport | +| Path | WindowsAI > AT > WindowsComponents > WindowsAI | + + + + + + + + ## DisableAIDataAnalysis From 710ae0f01ad94c1bb8086e54d8e4b83b74408527 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 15:25:57 -0700 Subject: [PATCH 14/19] Update enable-extended-security-updates.md Tweaks --- windows/whats-new/enable-extended-security-updates.md | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/windows/whats-new/enable-extended-security-updates.md b/windows/whats-new/enable-extended-security-updates.md index cb0b1f3891..33a12659e0 100644 --- a/windows/whats-new/enable-extended-security-updates.md +++ b/windows/whats-new/enable-extended-security-updates.md @@ -151,15 +151,11 @@ If the device doesn't have access to the internet or to the Microsoft Activation ## Activate large numbers of devices that don't have internet access -For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that you have latest VAMT tool - -Note: In order to add Windows 10 ESU keys to VAMT update the pkeyconfig files with this update - -[https://www.microsoft.com/en-us/download/details.aspx?id=106364](https://www.microsoft.com/download/details.aspx?id=106364) +For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that you have the latest VAMT. You'll also need to install an update to the VMAT from [https://www.microsoft.com/download/details.aspx?id=106364](https://www.microsoft.com/download/details.aspx?id=106364) so it includes updated PkeyConfig files for Windows 10 ESU MAK keys. For more information on adding additional activations to a Windows 10 ESU MAK, see [Request an increase to MAK activation limits](/microsoft-365/commerce/licenses/product-keys-for-vl#request-an-increase-to-mak-activation-limits). ## Related content - [Slmgr.vbs options](/windows-server/get-started/activation-slmgr-vbs-options) -- [Extended Security Updates (ESU) program for Windows 10](extended-security-updates.md) \ No newline at end of file +- [Extended Security Updates (ESU) program for Windows 10](extended-security-updates.md) From e48ad3ef0331f1be607d3b1190038e6ae6434191 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Thu, 12 Jun 2025 15:27:25 -0700 Subject: [PATCH 15/19] Update enable-extended-security-updates.md remove extra space --- windows/whats-new/enable-extended-security-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/enable-extended-security-updates.md b/windows/whats-new/enable-extended-security-updates.md index 33a12659e0..25bbd39ee0 100644 --- a/windows/whats-new/enable-extended-security-updates.md +++ b/windows/whats-new/enable-extended-security-updates.md @@ -151,7 +151,7 @@ If the device doesn't have access to the internet or to the Microsoft Activation ## Activate large numbers of devices that don't have internet access -For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that you have the latest VAMT. You'll also need to install an update to the VMAT from [https://www.microsoft.com/download/details.aspx?id=106364](https://www.microsoft.com/download/details.aspx?id=106364) so it includes updated PkeyConfig files for Windows 10 ESU MAK keys. +For more information on how to do manual activation of large numbers of devices, review the Volume Activation Management Tool (VAMT) [Proxy Activation](/windows/deployment/volume-activation/proxy-activation-vamt) scenario. You should install the latest [Automated Deployment Kit (ADK) tool](/windows-hardware/get-started/adk-install) to ensure that you have the latest VAMT. You'll also need to install an update to the VMAT from [https://www.microsoft.com/download/details.aspx?id=106364](https://www.microsoft.com/download/details.aspx?id=106364) so it includes updated PkeyConfig files for Windows 10 ESU MAK keys. For more information on adding additional activations to a Windows 10 ESU MAK, see [Request an increase to MAK activation limits](/microsoft-365/commerce/licenses/product-keys-for-vl#request-an-increase-to-mak-activation-limits). From 0fac1a8cb0e46ff045d4eb5008519262903c638e Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 13 Jun 2025 09:38:08 -0700 Subject: [PATCH 16/19] Update policy-csp-windowsai.md formatting tweaks, correct pro --- windows/client-management/mdm/policy-csp-windowsai.md | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 4136f865e3..9082f93581 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -91,7 +91,7 @@ This policy setting allows you to determine whether the Recall optional componen | Scope | Editions | Applicable OS | |:--|:--|:--| -| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | +| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview | @@ -102,7 +102,13 @@ This policy setting allows you to determine whether the Recall optional componen -This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export past snapshots > Export. Users can also choose to continuously export their snapshots if they turn on the option to Export snapshots from now on from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export. Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow trusted apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: When you set this policy to enabled, users will be able to export Recall and snapshot information. If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. +This policy allows you to determine whether users can export their own Recall and snapshot information. Exporting allows users to share their Recall and snapshot information with trusted apps or websites. Users can export from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export past snapshots > Export. + +Users can also choose to continuously export their snapshots if they turn on the option to Export snapshots from now on from Settings > Privacy & security > Recall & snapshots > Advanced settings > Export snapshots > Export. + +Before starting an export, the user must authenticate with Windows Hello and they're notified that their exported snapshots are encrypted since they might contain sensitive information. The user is also notified that they'll need to provide their Recall export code if they want to allow apps or websites access to exported snapshots. The Recall export code is displayed to users during Recall setup even if this policy is set to disabled or not configured. For managed devices: +- When you set this policy to enabled, users will be able to export Recall and snapshot information. +- If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. > [!IMPORTANT] > This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. From 94938723338938988cb114e450a79f22f4628a01 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 13 Jun 2025 09:46:26 -0700 Subject: [PATCH 17/19] Update policy-csp-windowsai.md restart --- windows/client-management/mdm/policy-csp-windowsai.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md index 9082f93581..11dd71ac87 100644 --- a/windows/client-management/mdm/policy-csp-windowsai.md +++ b/windows/client-management/mdm/policy-csp-windowsai.md @@ -111,7 +111,8 @@ Before starting an export, the user must authenticate with Windows Hello and the - If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information. > [!IMPORTANT] -> This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. +> - This setting applies to devices in the European Economic Area (EEA) only. Export of Recall and snapshot information is a user-initiated process and is per user. IT admins or other users can't initiate an export on behalf of another. +> - Changes to this policy take effect after device restart. From 7bb2b586c9dcdf30026db0ed38e59974ea428868 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 13 Jun 2025 09:51:35 -0700 Subject: [PATCH 18/19] add blog --- windows/client-management/manage-recall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index 03b9cf875b..e0bbbc1598 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -163,7 +163,7 @@ To filter websites from being saved in snapshots, use the **Set a list of URIs t ## Allow export of Recall and snapshot information -The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see [Announcing Windows 11 Insider Preview Build 26120.4441 (Beta Channel)](https://blogs.windows.com/windows-insider). +The Recall export experience is available in preview to Copilot + PCs through the Windows Insiders Program. For more information, see [Announcing Windows 11 Insider Preview Build 26120.4441 (Beta Channel)](https://blogs.windows.com/windows-insider/2025/06/13/announcing-windows-11-insider-preview-build-26120-4441-beta-channel/). In the European Economic Area (EEA), users can choose to [export their Recall snapshots](https://support.microsoft.com/topic/680bd134-4aaa-4bf5-8548-a8e2911c8069) if IT admins allow exporting. By default, exporting Recall and snapshot information is disabled for managed devices. Exporting allows users to share their Recall and snapshot information with third-party apps or websites that the user trusts. Exporting is optional, and users can review their snapshots at any time in Recall without needing to export. Exported information includes: From 20f506e8db238c21e8665cb5c58e26f357044199 Mon Sep 17 00:00:00 2001 From: Meghan Stewart <33289333+mestew@users.noreply.github.com> Date: Fri, 13 Jun 2025 09:53:21 -0700 Subject: [PATCH 19/19] esit --- windows/client-management/manage-recall.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/manage-recall.md b/windows/client-management/manage-recall.md index e0bbbc1598..a60af3d1fa 100644 --- a/windows/client-management/manage-recall.md +++ b/windows/client-management/manage-recall.md @@ -189,7 +189,7 @@ Before starting an export, the user must authenticate with Windows Hello and the |   | Setting | |---|---| -| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md) | +| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallExport](mdm/policy-csp-windowsai.md#allowrecallexport) | | **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Allow export of Recall and snapshot information** |