Here is the updated blog post with the custom XML code:
Securing Your Windows PCs Against Recall Using Workspace ONE UEM
With the introduction of Windows 11 Copilot+ machines, Microsoft introduced a feature called Recall, designed to create an explorable timeline of your PC’s past actions. While useful for users, Recall has raised privacy concerns, particularly due to its ability to capture sensitive data like passwords and MFA codes.
Why Disable Recall?
Recall captures screenshots of a user’s activity, posing security risks. If malicious actors exploit this, sensitive information could be exposed. This poses a substantial concern for IT admins responsible for securing corporate networks and personal data.
Disabling Recall in Workspace ONE UEM
Step 1: Create a Windows Profile
• Navigate to Devices > Profiles & Resources.
• Select Add Profile, choose Windows Desktop, and configure general settings like profile name and target devices.
Step 2: Add Custom XML to Disable Recall
You will need to create a custom XML profile using SyncML commands that disable the Recall feature on managed Windows devices. Insert the following SyncML commands:
To Disable Recall:
<Replace>
<CmdID>34e7f8c0-1dd4-42ed-bbcc-07da966bc0e0</CmdID>
<Item>
<Target>
<LocURI>./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>1</Data>
</Item>
</Replace>To Re-enable Recall on Profile Removal:
<Delete>
<CmdID>34e7f8c0-1dd4-42ed-bbcc-07da966bc0e0</CmdID>
<Item>
<Target>
<LocURI>./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>1</Data>
</Item>
</Delete>These commands ensure that Recall is disabled on the initial profile installation and that it will revert to default behavior if the profile is removed.
Step 3: Publish the Profile
Save and publish the profile to all applicable devices. Ensure the affected devices are listed as expected. A reboot might be necessary for the changes to take full effect.
Conclusion
Until Microsoft addresses Recall’s security flaws, disabling this feature using Workspace ONE UEM is a crucial step for organizations prioritizing privacy and security. By following the steps outlined here, IT administrators can ensure their managed devices are protected from potential security risks posed by Recall.