I just had a similar issue - they key is to set your firewall overview page tp 30 mins and filter by the MS ASN ( 1. AS8075 - MICROSOFT-CORP-MSN-AS-BLOCK) then initiate a scan from the big webmaster site and watch to see if you get any blocks in the firewall.
For me the issue was the Cloudflare specials rulset was blocking bingbot. As soon as i turned that off everything was ok. Pretty stupid the protection for a fake bing bot false positives the real bing bot. I am new to Cloudflare and this is the first thing that left me less than impressed.
I did not have to create a rule to enable bingbot via the firewall after i disabled this rule set, though a firewall rule to allow through the ASN works too.
This was the json report that made me realized the issue. (see the meta data section where it says the ruleset) good luck.
Using Bingbot verification tool, the IP 126.96.36.199 comes from the Microsoft AS number and contains Bingbot in the user-agent, but unfortunately you are wrong as this one is a real fake one and Cloudflare blocked it correctly and reasonably (as a WAF rule specified Anomaly:Header:User-Agent - Fake Bing or MSN Bot"):
yes just did, would certainly help explain some of the arguments i have seen in this community where people swear blind CF blocked legit bing traffic and others vociferously said it couldn’t have They are both right. Maybe folks can learn something from that…
thanks for pointing me in right direction, i will be monkey on MS’s back on this one