Microsoft Preview crawler bot is Microsoft’s metadata fetcher (user agent typically “MicrosoftPreview/1.0”) that retrieves Open Graph, Twitter Card, oEmbed and favicon assets to render link previews across Microsoft apps such as Teams, Outlook, OneDrive/SharePoint and Copilot. When a URL is typed, pasted, or received, the service performs server-side HEAD/GET requests from Microsoft IP ranges, follows redirects, downloads representative images, and does not execute client-side scripts. For defenders and fraud teams, its traffic can appear as automated “first clicks,” skewing analytics, firing webhooks, consuming one-time links, or tripping bot/geo policies. Use cases: allowlist/identify it to avoid false positives, block it on sensitive endpoints, design idempotent GETs, avoid side effects on preview fetches, and provide explicit preview metadata for safer, consistent rendering.
Microsoft Preview
What is Microsoft Preview?
Why is Microsoft Preview crawling my site?
It’s typically triggered when someone in a Microsoft ecosystem (e.g., mail, chat, browser) shares or opens your URLs, prompting automated fetching for safety checks and preview generation. Potential downsides: increased crawl traffic and bandwidth costs; skewed analytics (inflated pageviews, unusual referrers, misattributed campaigns); false positives in bot/fraud detectors and WAFs; premature activation of single-use links (password reset, magic links, unsubscribe, download tokens, payment or promo URLs); accidental invocation of webhooks or workflows; session or geo/AB-test leakage that alters user experience or pricing logic; rate-limit exhaustion impacting real users; noisy logs that hinder incident triage; and compliance/privacy concerns if sensitive, unguessable URLs are probed from private contexts. Ensure sensitive routes require proper authorization and that tokens/links are resilient to non-human prefetching without relying on client-side behavior.
Threat research insights on Microsoft Preview
All data in this section are produced by DataDome's Galileo Threat Research team from our proprietary detection network and reviewed by human analysts.
Traffic origins
Top 15 countries by bot traffic
Most used autonomous system (AS)
Top 5 by traffic share
On average, occupy <0.1% of the traffic from bots in the directory
Businesses decide to authorize this bot 100% of the time
How to block Microsoft Preview?
1) User-Agent filtering at the web server
Nginx: if ($http_user_agent ~* "(BingPreview|MicrosoftPreview)") { return 403; }
Apache:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "(?i)(BingPreview|MicrosoftPreview)"
RewriteRule .* - [F]
2) IP/ASN/network blocking
Block known IP ranges or hosting ASNs used by BingPreview or MicrosoftPreview if identified and unwanted.
3) Rate limiting and dynamic banning
Use Nginx limit_req / similar to throttle high-frequency requests from these bots and auto-ban offenders.
4) Server-side script blocking
Example in PHP:
if (isset($_SERVER['HTTP_USER_AGENT']) &&
preg_match('/BingPreview|MicrosoftPreview/i', $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.1 403 Forbidden');
exit;
}
See which bots and AI agents bypass your defenses
Create your account to start analyzing and mitigating malicious bots and AI-drive threats in real-time