I’d like to +1 this issue, as we run into the same thing, discussed here.
Many of our corporate users (who disproportionately use Outlook) are unable to login using passwordless links, because by the time they click the link, it’s expired due to either URL sanitizing or Outlook’s Link Preview. If they use their personal Gmail accounts instead, they are able to log in.
I’m not entirely sure what can be done about this without reducing security, but if the tokens were at least time-limited (10 minutes?) instead of single-use, that would likely resolve our issue and keep us from having to implement an alternative login method. And perhaps Microsoft secretly has an attribute you can add to link tags to disable Link Preview on that link? (Wouldn’t help with server-side sanitizing.)
@konrad.sopala, I’m hoping for good news from the engineering team!