That opens another question: which means of communication would count for that? Does commenting on a GitHub issue really count? Wouldn't you have some sort of contact details specifically for that in a license agreement or similar?
Usually, for the statutory thing, you do have to be able to prove the counterparty received the communication, so registered mail is often the best way, because someone has actually signed for it at that point.
But if they respond at all using other channels, you probably still have enough.
Seems GDPR is pretty explicit since it requires specific documentation (Data Protection Statements/Privacy policy) and explains that they should contain complaint contact information. I think it would be pretty easy to contact Microsoft on the "expected" channel for a GDPR complaint.
GDPR terms allow them to ask for any data about them personally. And Microsoft can say no if for example all the telemetry data is anonymous and aggregated. These attempts at sounding like a lawyer with demands to answer make the issue commenters sound like they are 14 years old and any engagement with that issue will never end unless it's locked.