And what prevents a distributed denial of service attack or fuzzing using Microsoft's infrastructure? If you were to trick many users into visiting a site with 1000 variants of:

  <img src="https://siteunderattack.com/api/computationally-expensive-function/?image=cute_bunnies_####.jpg"/>

or

  <img src="https://siteunderattack.com/api/function123/?name=Robert'); DROP TABLE students;--&image=cute_bunnies_####.jpg"/>

This is really no different than having the client do the request without the Microsoft proxy.