Microsoft Preview

What is Microsoft Preview?

Microsoft Preview crawler bot is Microsoft’s metadata fetcher (user agent typically “MicrosoftPreview/1.0”) that retrieves Open Graph, Twitter Card, oEmbed and favicon assets to render link previews across Microsoft apps such as Teams, Outlook, OneDrive/SharePoint and Copilot. When a URL is typed, pasted, or received, the service performs server-side HEAD/GET requests from Microsoft IP ranges, follows redirects, downloads representative images, and does not execute client-side scripts. For defenders and fraud teams, its traffic can appear as automated “first clicks,” skewing analytics, firing webhooks, consuming one-time links, or tripping bot/geo policies. Use cases: allowlist/identify it to avoid false positives, block it on sensitive endpoints, design idempotent GETs, avoid side effects on preview fetches, and provide explicit preview metadata for safer, consistent rendering.

Why is Microsoft Preview crawling my site?

It’s typically triggered when someone in a Microsoft ecosystem (e.g., mail, chat, browser) shares or opens your URLs, prompting automated fetching for safety checks and preview generation. Potential downsides: increased crawl traffic and bandwidth costs; skewed analytics (inflated pageviews, unusual referrers, misattributed campaigns); false positives in bot/fraud detectors and WAFs; premature activation of single-use links (password reset, magic links, unsubscribe, download tokens, payment or promo URLs); accidental invocation of webhooks or workflows; session or geo/AB-test leakage that alters user experience or pricing logic; rate-limit exhaustion impacting real users; noisy logs that hinder incident triage; and compliance/privacy concerns if sensitive, unguessable URLs are probed from private contexts. Ensure sensitive routes require proper authorization and that tokens/links are resilient to non-human prefetching without relying on client-side behavior.

Threat research insights on Microsoft Preview

All data in this section are produced by DataDome's Galileo Threat Research team from our proprietary detection network and reviewed by human analysts.

Verified Bot A verified bot has high identification strength
Verified
Robots.txt Compliance Whether this bot respects robots.txt directives
Not respected
Identification Strength How confidently DataDome can identify this bot
High

Traffic origins

Top 15 countries by bot traffic

US US 100.0%

Most used autonomous system (AS)

Top 5 by traffic share

Microsoft Corporation
100.0%
Traffic Occupancy
<0.1%

On average, occupy <0.1% of the traffic from bots in the directory

Authorization Rate
100%

Businesses decide to authorize this bot 100% of the time

How to block Microsoft Preview?

1) User-Agent filtering at the web server
Nginx: if ($http_user_agent ~* "(BingPreview|MicrosoftPreview)") { return 403; }
Apache:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "(?i)(BingPreview|MicrosoftPreview)"
RewriteRule .* - [F]

2) IP/ASN/network blocking
Block known IP ranges or hosting ASNs used by BingPreview or MicrosoftPreview if identified and unwanted.

3) Rate limiting and dynamic banning
Use Nginx limit_req / similar to throttle high-frequency requests from these bots and auto-ban offenders.

4) Server-side script blocking
Example in PHP:
if (isset($_SERVER['HTTP_USER_AGENT']) &&
preg_match('/BingPreview|MicrosoftPreview/i', $_SERVER['HTTP_USER_AGENT'])) {
header('HTTP/1.1 403 Forbidden');
exit;
}

DataDome

See which bots and AI agents bypass your defenses

Create your account to start analyzing and mitigating malicious bots and AI-drive threats in real-time