Apart from the fact Windows 10 (Win10) is sending search data, even though I had disabled Cortana, it's also sending the data to Microsoft using certificates whose authenticity aren't proven.
First, Kaspersky intercepted this traffic going to: dubaivm1.uaenorth.cloudapp.azure.com
It's obviously owned by Microsoft. Details about its usage are in the Detailed Report below.
There's an additional connection that goes to: exo-ring.msedge.net
This is also related to Cortana search. (which is disabled)
These are details of the certificate. It's signed by DigiCert to Microsoft CA, then to: azwanp.trafficmanager.net
As extra precaution, I have Kaspersky set to use Mozilla's certificate store rather than Microsoft's. At least I can trust that Mozilla won't inject stuff behind my back.