Fun how MSFT doesn't share any identifiable information about what their scanning looks like. (https://internetscans.microsoft.com/). While it appears to be just a user agent, since it's spoofable, we can't mark it benign.

If anyone there wants to confirm the list of 240+ IPs we're observing/suspecting, LMK.