Skip to main content
MSRC

New High Impact Scenarios and Awards for the Azure Bounty Program

Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.

Scenarios and Bounty Awards

The Azure Bounty Program now includes 6 scenario-based awards for vulnerabilities that could put customer privacy and security at risk of exploitation. Eligible submissions may qualify for 20% and 50% bonuses on top of the current awards. The High Impact Scenarios will continue to evolve as we identify new areas for focused research and higher awards. To learn more about eligible scope and award amounts, please visit the Azure Bounty Program page.

Target Scenario Bonus
Azure Synapse Analytics Cross-tenant data leakage +50%
Authorization issues impacting a single tenant +20%
Key Vault Compromise logging or auditing keys +50%
Leaking keys +40%
Editing or deleting keys +30%
Azure Kubernetes Service All bounty eligible submissions targeting this high priority service +20%

The Future of High Impact Scenarios

High impact, high reward scenarios are now available across select Microsoft Bug Bounty Programs, including Windows Insider Preview Bounty Program and Applications Bounty Program, and are planned for further expansion into other programs.

If you have any questions about the Azure High Impact Scenarios or general inquiries about any other security research incentive program, please email us at bounty@microsoft.com.

Madeline Eckert and Lynn Miyashita, MSRC


Related Posts

How satisfied are you with the MSRC Blog?

Rating

Feedback * (required)

Your detailed feedback helps us improve your experience. Please enter between 10 and 2,000 characters.

Thank you for your feedback!

We'll review your input and work on improving the site.