Microsoft's internal IT organization deployed Recall across its enterprise Copilot+ PC fleet in November 2025, acting as "Customer Zero" to validate enterprise-grade controls built in collaboration with the Purview and Intune product teams.
Deployment: Microsoft Digital (internal IT) across enterprise Copilot+ PCs
Integration: Microsoft Purview sensitivity labels and DLP policies
Protection: Documents labeled "Highly Confidential" are not indexed by Recall
Default state: Disabled on enterprise devices; requires IT admin enablement and individual user opt-in
API: Public DLP provider API available for third-party integrations
Microsoft Digital helped define tenant trust requirements and built exclusion logic ensuring Recall ignores credential-related content such as passwords and certificates. The Purview integration means enterprise DLP policies now extend to Recall's snapshot store, with sensitivity labels controlling what gets captured. Recall is disabled by default in enterprise builds, requiring both IT policy changes and individual user consent before activation.
Sources: Microsoft Inside Track · Microsoft Inside Track - Enterprise
