URLs rewritten from MICROSOFT-CORP-MSN-AS-BLOCK

Question

We have a website which cart accepts URL with parameters from newsletters or online offers. The URL is like the following:

ourwebsite.com/cart/?c=INTEGER&product=INTEGER&coupon=SOMEVOUCHER

Let's narrow it down to something like.

ourwebsite.com/cart/?c=1&product=3&coupon=AAAAAA

We have detected that when the HTTP requests come from some network block with ISP ID: MICROSOFT-CORP-MSN-AS-BLOCK, which seems to be coming from MS Azure, the coupon parameter is changed to:

ourwebsite.com/cart/?c=1&product=3&coupon=BBBBBB

The coupon code is of the same length as the original, but it obviously makes our cart page return an "Invalid coupon" message resulting in the client leaving the page.

Can anybody shed some light on why this could be happening?

Answer 1

It turned out to be Safe-Links feature in MS products

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links

In our case this "feature" is selectively rewriting only some parts in our -add to cart- URLs, in a way that messes them up completely.

I won't judge on the kind of "features" that MS adds to their products, each one should draw his own conclusions.