Microsoft is excited to announce new Azure Bounty Program awards up to $60,000 to encourage and reward vulnerability research focused on the highest potential impact to customer security. These increased awards are a part of our ongoing investment in partnership with the security research community, and an important part of Microsoft’s holistic approach to defending against security threats.
Scenarios and Bounty Awards
The Azure Bounty Program now includes 6 scenario-based awards for vulnerabilities that could put customer privacy and security at risk of exploitation. Eligible submissions may qualify for 20% and 50% bonuses on top of the current awards. The High Impact Scenarios will continue to evolve as we identify new areas for focused research and higher awards. To learn more about eligible scope and award amounts, please visit the Azure Bounty Program page.
| Target | Scenario | Bonus |
|---|---|---|
| Azure Synapse Analytics | Cross-tenant data leakage | +50% |
| Authorization issues impacting a single tenant | +20% | |
| Key Vault | Compromise logging or auditing keys | +50% |
| Leaking keys | +40% | |
| Editing or deleting keys | +30% | |
| Azure Kubernetes Service | All bounty eligible submissions targeting this high priority service | +20% |
The Future of High Impact Scenarios
High impact, high reward scenarios are now available across select Microsoft Bug Bounty Programs, including Windows Insider Preview Bounty Program and Applications Bounty Program, and are planned for further expansion into other programs.
If you have any questions about the Azure High Impact Scenarios or general inquiries about any other security research incentive program, please email us at bounty@microsoft.com.
Madeline Eckert and Lynn Miyashita, MSRC