... following a federal requirement that unlawful material like child pornography must be reported to the National Center for Missing & Exploited Children (NCMEC).
A requirement to report something as and when it's found as a result of a support call or other associated activity is one thing, telling companies that they have to actively go out and find things to report is quite another. It's difficult to believe that the latter is really a requirement.
I won't shed any tears for any perverts caught out by this, but all the same: by what right have Microsoft been rifling through the private files belonging to their users?