Microsoft is planning to add additional security layers to the Recall feature, including "just in time" decryption protected by Windows Hello Enhanced Sign-in Security (ESS), so Recall snapshots will only be decrypted and accessible when the user authenticates. This gives an additional layer of protection to Recall data in addition to other default enabled Windows Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall.
Fixing Recall's security issues before its initial release was challenging due to the need for encryption and Windows Hello authentication implementation. Additionally, OEMs already had the final Windows bits shipping on devices, complicating the situation further. The changes were required to address concerns from researchers and ensure user data security.