The general consensus from I saw from discussions years ago was that scanning of your local files was not something that happened (which would be detectable and eventually discovered and called out by someone). Doing so would also require the dll which contains how photodna works, which Microsoft does/did not want out in the wild and requires an NDA to use. Secretly exfiltrating your files for scanning would get Microsoft in legal trouble.

Incidentally, how it works is clever and interesting imo, though defeatable if you know how it works: https://www.hackerfactor.com/blog/index.php?%2Farchives%2F93...

The obvious alternative of course, is openly and aggressively getting users to agree to uploading their files to Microsoft’s computers (OneDrive), which are scanned.

However in the age of machine learning, copilot and the like, I would not be surprised if local scans start becoming a thing, since offering classification of objects in photos is a perfectly reasonable thing to offer from Microsoft’s point of view, and of course CSAM detection can come along with that.