edits and add filtering

windows/client-management/manage-recall.md

@@ -41,6 +41,8 @@ Privacy and security are built into Recall's design. With Copilot+ PCs, you get
 
 Recall doesn't share snapshots with other users that are signed into Windows on the same device. Microsoft can't access or view the snapshots. Recall requires users to confirm their identity with [Windows Hello](https://support.microsoft.com/windows/configure-windows-hello-dae28983-8242-bb2a-d3d1-87c9d265a5f0) before it launches and before accessing snapshots. At least one biometric sign-in option must be enabled for Windows Hello, either facial recognition or a fingerprint, to launch and use Recall. Before snapshots start getting saved the device, users need to open Recall and authenticate. Recall takes advantage of just in time decryption protected by Windows [Hello Enhanced Sign-in Security (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security). Snapshots and any associated information in the vector database are always encrypted. Encryption keys are protected via Trusted Platform Module (TPM), which is tied to the user's Windows Hello ESS identity, and can be used by operations within a secure environment called a [Virtualization-based Security Enclave (VBS Enclave)](/windows/win32/trusted-execution/vbs-enclaves). This means that other users can't access these keys and thus can't decrypt this information. Device Encryption or BitLocker are enabled by default on Windows 11. For more information, see [Recall security and privacy architecture in the Windows Experience Blog](https://blogs.windows.com/windowsexperience/?p=179096).
 
+When using Recall, the [**Sensitive Information Filtering**](#user-controlled-settings-for-recall) setting is enabled by default to help ensure your data's confidentiality. This feature operates directly on the device, utilizing the NPU and the Microsoft Classification Engine (MCE), which is the same technology leveraged by Microsoft Purview for detecting and labeling sensitive information. When this setting is enabled, snapshots won't be saved when potentially sensitive information is detected. Most importantly, the sensitive information remains on the device at all times, regardless of whether the **Sensitive Information Filtering setting** is enabled or disabled. For more information about the types of potentially sensitive information, see [Reference for sensitive information filtering in Recall](#sensitive-information-filtering-in-recall).
+
 In keeping with Microsoft's commitment to data privacy and security, all captured images and processed data are kept on the device and processed locally. However, Click to Do allows users to choose if they want to perform additional actions on their content. 
 
 Click to Do allows users to choose to get more information about their selected content online. When users choose one of the following Click to Do actions, the selected content is sent to the online provider from the local device to complete the request:
@@ -79,7 +81,7 @@ Users need a supported browser for Recall to [filter websites](#user-controlled-
 
 ## Configure policies for Recall
 
-By default, Recall is removed on commercially managed devices except for devices running Windows Home edition. Many of the policies for Recall are available for both the device and the user scope to give you more flexibility. Policies for Recall fall into the following general areas:
+By default, Recall is removed on commercially managed devices except for devices running Windows Home edition. If you want to allow Recall to be available for your users and allow them to choose to save snapshots, you need to configure both the **Allow Recall to be enabled** and **Turn off saving snapshots for Windows** policies. Policies for Recall fall into the following general areas:
 
 - [Allow Recall and snapshots policies](#allow-recall-and-snapshots-policies)
 - [Storage policies](#storage-policies)
@@ -89,9 +91,8 @@ By default, Recall is removed on commercially managed devices except for devices
 
 ### Allow Recall and snapshots policies
 
-If you want to allow Recall to be available for your users and allow them to choose to save snapshots, you need to configure both the **Allow Recall to be enabled** and **Turn off saving snapshots for Windows** policies. 
+The **Allow Recall to be enabled** policy setting allows you to determine whether the Recall optional component is available for end users to enable on their device. By default, Recall is disabled for managed commercial devices. Recall isn't available on managed devices by default, and individual users can't enable Recall on their own. 
 
-**Allow Recall to be enabled**:
 |   | Setting  |
 |---|---|
 | **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[AllowRecallEnablement](mdm/policy-csp-windowsai.md#allowrecallenablement) |
@@ -102,26 +103,30 @@ The **Turn off saving snapshots for Windows** policy allows you to give the user
 
 |   | Setting  |
 |---|---|
-| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis)|
-| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** </br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[DisableAIDataAnalysis](mdm/policy-csp-windowsai.md#disableaidataanalysis)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Turn off saving snapshots for Windows** |
 
 ### Storage policies
 
+You can define how much disk space Recall can use by using the **Set maximum storage for snapshots used by Recall** policy. You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB. When the storage limit is reached, the oldest snapshots are deleted first. When this setting is not configured, the OS configures the storage allocation for snapshots based on the device storage capacity. 25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.	
 
-#### Storage allocation
-
-The amount of disk space users can allocate to Recall varies depending on how much storage the device has. The following chart shows the storage space options for Recall:
-
-| Device storage capacity | Storage allocation options for Recall |
+| &nbsp; | Setting  |
 |---|---|
-| 256 GB | 25 GB (default), 10 GB |
-| 512 GB | 75 GB (default), 50 GB, 25 GB |
-| 1 TB, or more | 150 GB (default), 100 GB, 75 GB, 50 GB, 25 GB |
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots) </br> </br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageSpaceForRecallSnapshots](mdm/policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br> User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** |
+
+You can define how long snapshots can be retained on the device by using the **Set maximum duration for storing snapshots used by Recall** policy. You can configure the maximum storage duration to be 30, 60, 90, or 180 days. If the policy is not configured, snapshots aren't deleted until the maximum storage allocation is reached, and then the oldest snapshots are deleted first.
+
+| &nbsp; | Setting  |
+|---|---|
+| **CSP** | ./Device/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#SetMaximumStorageDurationForRecallSnapshots) </br></br> ./User/Vendor/MSFT/Policy/Config/WindowsAI/[SetMaximumStorageDurationForRecallSnapshots](mdm/policy-csp-windowsai.md#sSetMaximumStorageDurationForRecallSnapshots)|
+| **Group policy** | Computer Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum storage for snapshots used by Recall** </br></br>User Configuration > Administrative Templates > Windows Components > Windows AI > **Set maximum duration for storing snapshots used by Recall** |
 
 
 ### App and website filtering policies
 
 
+
 #### Applications that are automatically excluded from snapshots
 
 Snapshots won't be saved when certain applications are being used. The following apps are automatically excluded from snapshots:<!--9119193-->

windows/client-management/recall-sensitive-information-filtering.md

@@ -0,0 +1,190 @@
+---
+title: Sensitive information filtering in Recall
+description: Learn about the types of potentially sensitive information Recall detects.
+ms.topic: reference
+ms.subservice: windows-copilot
+ms.date: 11/14/2024
+ms.author: mstewart
+author: mestew
+ms.collection:
+  - windows-copilot
+  - magic-ai-copilot
+appliesto:
+- ✅ <a href="https://www.microsoft.com/windows/business/devices/copilot-plus-pcs#copilot-plus-pcs" target="_blank">Copilot+ PCs</a>
+---
+
+
+# Reference for sensitive information filtering in Recall
+
+This article provides information about the types of potentially sensitive information that [Recall](manage-recall.md) detects.
+
+## Types of potentially sensitive information
+
+Types of potentially sensitive information that Recall detects and filters include:
+
+ABA Routing Number </br>
+Argentina National Identity (DNI) Number </br>
+Argentina Unique Tax Identification Key (CUIT/CUIL) </br>
+Australia Bank Account Number </br>
+Australia Drivers License Number </br>
+Australia Tax File Number </br>
+Austria Driver's License Number </br>
+Austria Identity Card </br>
+Austria Social Security Number </br>
+Austria Tax Identification Number </br>
+Austria Value Added Tax </br>
+Azure Document DB Auth Key </br>
+Azure IAAS Database Connection String and Azure SQL Connection String </br>
+Azure IoT Connection String </br>
+Azure Redis Cache Connection String </br>
+Azure SAS </br>
+Azure Secrets (Generic) </br>
+Azure Service Bus Connection String </br>
+Azure Storage Account Key </br>
+Belgium Driver's License Number </br>
+Belgium National Number </br>
+Belgium Value Added Tax Number </br>
+Brazil CPF Number </br>
+Brazil Legal Entity Number (CNPJ) </br>
+Brazil National ID Card (RG) </br>
+Bulgaria Driver's License Number </br>
+Bulgaria Uniform Civil Number </br>
+Canada Bank Account Number </br>
+Canada Driver's License Number </br>
+Canada Social Insurance Number </br>
+Chile Identity Card Number </br>
+China Resident Identity Card (PRC) Number </br>
+Colombia National ID </br>
+Credit Card Number </br>
+Croatia Driver's License Number </br>
+Croatia Identity Card Number </br>
+Croatia Personal Identification (OIB) Number </br>
+Cyprus Driver's License Number </br>
+Cyprus Identity Card </br>
+Cyprus Tax Identification Number </br>
+Czech Driver's License Number </br>
+Czech Personal Identity Number </br>
+DEA Number </br>
+Denmark Driver's License Number </br>
+Denmark Personal Identification Number </br>
+Ecuador Unique Identification Number </br>
+Estonia Driver's License Number </br>
+Estonia Personal Identification Code </br>
+EU Debit Card Number </br>
+EU Driver's License Number </br>
+EU National Id Card </br>
+EU SSN or Equivalent Number </br>
+EU Tax File Number </br>
+Finland Driver's License Number </br>
+Finnish National ID </br>
+France CNI </br>
+France Driver's License Number </br>
+France INSEE </br>
+France Tax Identification Number (numéro SPI.) </br>
+France Value Added Tax Number </br>
+General Password </br>
+German Driver's License Number </br>
+Germany Identity Card Number </br>
+Germany Tax Identification Number </br>
+Germany Value Added Tax Number </br>
+Greece Driver's License Number </br>
+Greece National ID Card </br>
+Greece Social Security Number (AMKA) </br>
+Greek Tax Identification Number </br>
+Hong Kong Identity Card (HKID) number </br>
+Hungarian Social Security Number (TAJ) </br>
+Hungarian Value Added Tax Number </br>
+Hungary Driver's License Number </br>
+Hungary Personal Identification Number </br>
+Hungary Tax Identification Number </br>
+IBAN </br>
+India Driver's License Number </br>
+India GST number </br>
+India Permanent Account Number </br>
+India Unique Identification (Aadhaar) number </br>
+India Voter Id Card </br>
+Indonesia Drivers License Number </br>
+Indonesia Identity Card (KTP) Number </br>
+Ireland Driver's License Number </br>
+Ireland Personal Public Service (PPS) Number </br>
+Israel Bank Account Number </br>
+Israel National ID Number </br>
+Italy Driver's license Number </br>
+Italy Fiscal Code </br>
+Italy Value Added Tax </br>
+Japan Bank Account Number </br>
+Japan Driver's License Number </br>
+Japan Residence Card Number </br>
+Japan Resident Registration Number </br>
+Japan Social Insurance Number </br>
+Japanese My Number – Corporate </br>
+Japanese My Number – Personal </br>
+Latvia Driver's License Number </br>
+Latvia Personal Code </br>
+Lithuania Driver's License Number </br>
+Lithuania Personal Code </br>
+Luxembourg Driver's License Number </br>
+Luxembourg National Identification Number (Natural persons) </br>
+Luxembourg National Identification Number (Non-natural persons) </br>
+Malaysia ID Card Number </br>
+Malta Driver's License Number </br>
+Malta Identity Card Number </br>
+Malta Tax ID Number </br>
+Mexico Unique Population Registry Code (CURP) </br>
+Netherlands Citizen's Service (BSN) Number </br>
+Netherlands Driver's License Number </br>
+Netherlands Tax Identification Number </br>
+Netherlands Value Added Tax Number </br>
+New Zealand Bank Account Number </br>
+New Zealand Driver License Number </br>
+New Zealand Inland Revenue Number </br>
+Newzealand Social Welfare Number </br>
+Norway Identification Number </br>
+Philippines National ID </br>
+Philippines Passport Number </br>
+Philippines Unified Multi-Purpose ID number </br>
+Poland Driver's License Number </br>
+Poland Identity Card </br>
+Poland National ID (PESEL) </br>
+Poland Tax Identification Number </br>
+Polish REGON Number </br>
+Portugal Citizen Card Number </br>
+Portugal Driver's License Number </br>
+Portugal Tax Identification Number </br>
+Qatari ID Card Number </br>
+Romania Driver's License Number </br>
+Romania Personal Numerical Code (CNP) </br>
+Saudi Arabia National ID </br>
+Singapore Driving License Number </br>
+Singapore National Registration Identity Card (NRIC) Number </br>
+Slovakia Driver's License Number </br>
+Slovakia Personal Number </br>
+Slovenia Driver's License Number </br>
+Slovenia Tax Identification Number </br>
+Slovenia Unique Master Citizen Number </br>
+South Africa Identification Number </br>
+South Korea Driver's License Number </br>
+South Korea Resident Registration Number </br>
+Spain DNI </br>
+Spain Driver's License Number </br>
+Spain SSN </br>
+Spain Tax Identification Number </br>
+Sweden Driver's License Number </br>
+Sweden National ID </br>
+Sweden Tax Identification Number </br>
+SWIFT Code </br>
+Swiss SSN AHV Number </br>
+Taiwan Resident Certificate (ARC/TARC) </br>
+Taiwanese National ID </br>
+Thai Citizen ID </br>
+Turkish National Identity </br>
+U.K. Driver's License Number </br>
+U.K. Electoral Number </br>
+U.K. NHS Number </br>
+U.K. NINO </br>
+U.K. Unique Taxpayer Reference Number </br>
+U.S. Bank Account Number </br>
+U.S. Driver's License Number </br>
+U.S. Individual Taxpayer Identification Number (ITIN) </br>
+U.S. Social Security Number </br>
+UAE Identity Card Number </br>

windows/client-management/toc.yml

@@ -51,7 +51,9 @@ items:
               - name: Updated Windows and Microsoft Copilot experience
                 href: manage-windows-copilot.md
               - name: Manage Recall
-                href: manage-recall.md                
+                href: manage-recall.md
+              - name: Reference for sensitive information filtering in Recall
+                href: recall-sensitive-information-filtering.md                                 
               - name: Secured-Core PC Configuration Lock
                 href: config-lock.md
               - name: Certificate renewal