Forum Discussion

SoyRod's avatar
SoyRod
Copper Contributor
May 03, 2026

Outlook on Windows 11: when local sync re‑contaminates global settings

Introduction

I want to share a finding that I believe is concerning: the Outlook client on Windows 11 can act as a vector of “re‑contamination” of local data, reactivating settings that were already disabled in the cloud. While this is not malware in the strict sense, the behavior is contradictory enough that it undermines privacy and user trust.

Context of the issue

To avoid any doubt, I disabled the Expanded People Suggestions option in all three possible places:

  1. Outlook client on Windows 11.
  2. Outlook Web.
  3. Global Privacy settings in my Microsoft Account.

In every case, the option was disabled and the exported configuration file appeared empty, confirming that the deletion had been applied correctly.

 

 

Cross‑account contamination → when another account was added to the Outlook client, the contaminated suggestions were transferred and appeared in that account as well, even though those addresses had never been used there.

 

 

Evidence observed

  1. Empty file in the cloud → confirms that the deletion was effective.
  2. Desktop client re‑sync → uploads obsolete local data and reactivates the option.
  3. Result → the global configuration once again shows suggestions that had already been disabled.
  4. Injected email addresses → the suggestions included addresses that I have never used or contacted. These appear to have been introduced by third parties or internal contamination, not by my own activity.
  5. Cross‑account contamination → when another account was added to the Outlook client, the contaminated suggestions were transferred and appeared there too.

Implications

  • The Outlook client does not respect privacy preferences set in the cloud.
  • Local data takes precedence over global settings, which contradicts modern synchronization logic.
  • The presence of never‑used, injected email addresses raises serious concerns about data integrity and possible external contamination.
  • This may affect many users, not just an isolated case.

Reflection

This behavior creates the perception that the client acts like intrusive software: even if the user deletes data in the cloud, the client “resurrects” it from its local cache. In practical terms, it is a form of re‑contamination that compromises confidence in synchronization between client and server. The fact that injected addresses appear in suggestions makes the issue even more problematic, as it suggests external influence beyond the user’s own history.

Conclusion

The cloud should be the source of truth. If a user disables data in Outlook Web and in the global Microsoft Account settings, no local client should have the ability to reactivate it. This finding deserves attention because it directly affects privacy, data integrity, and the coherence of the Microsoft ecosystem.

Invitation

Has anyone else observed this behavior in Outlook for Windows 11? Have you seen deleted cloud settings reappear after reinstalling or re‑synchronizing the client, or injected email addresses that were never used showing up in suggestions?

outlook for windows
outlook on the web
privacy
synchronization
No RepliesBe the first to reply