microsoft bug bounty

Now that you know that Apple has an open bug bounty program, you might also be interested to know Microsoft also has a bug bounty program where you can get paid up to $250,000 reporting bugs to the company.

If you are a security researcher that has found a vulnerability in a Microsoft product, service, or device, this is for you.

Microsoft says If you identify a vulnerability that affects a product or service that is within the scope of one of their bounty programs, you may receive a bounty award according to the program descriptions.

“Security is always changing, and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”

Just yesterday Aditi Singh, a 20-year-old ethical hacker from Delhi, won a bounty of $30,000 for spotting a bug in Microsoft’s Azure cloud system. Aditi had yet again found a similar bug on Facebook just two months back and won a bounty of $7500. She had identified that both companies had a remote code execution (RCE) bug,

If you want to try, the Microsoft bug bounty programs are divided by technology areas listed below:
Program Name
Start date
Last Updated
End date
Eligible entries
Bounty Range
Microsoft Azure 2014-09-23 2020-08-24 Ongoing Vulnerability reports on Microsoft Azure cloud services Up to $40,000 USD
Vulnerability reports on Identity services, including Microsoft Account, Azure Active Directory, or select OpenID standards.
Up to $100,000 USD
Vulnerability reports on the Xbox Live network and services
Up to $20,000 USD
Microsoft Online Services 2014-09-23 2019-08-05 Ongoing Vulnerability reports on applicable Microsoft cloud services, including Office 365 Up to $20,000 USD
Microsoft Azure DevOps Services
2019-01-17 Ongoing
Vulnerability reports on applicable Microsoft Azure DevOps Services
Up to $20,000 USD
Microsoft Dynamics 365 2019-07-17 2019-07-29 Ongoing Vulnerablility reports on applicable Microsoft Dynamics 365 applications Up to $20,000 USD
Vulnerability reports on .NET Core and ASP.NET Core RTM and future builds (see link for program details)
Up to $15,000 USD
Program Name Start Date Last Updated End Date Eligible Entries Bounty Range
Microsoft Hyper-V 2017-05 -31 2020-04-13 Ongoing Critical remote code execution, information disclosure and denial of services vulnerabilities in Hyper-V Up to $250,000 USD
Microsoft Windows Insider Preview 2017-07-26 2020-08-27 Ongoing Critical and important vulnerabilities in Windows Insider Preview Up to $100,000 USD
Microsoft Applications 2021-03-24 2021-03-24 Ongoing Critical and important vulnerabilities in Microsoft Applications Up to $30,000 USD
Windows Defender Application Guard 2017-07-26 2017-07-26 Ongoing Critical vulnerabilities in Windows Defender Application Guard Up to $30,000 USD
Microsoft Edge (Chromium-based) 2019-08-20 2020-01-15 Ongoing Critical and important vulnerabilities in Microsoft Edge (Chromium-based) Dev, Beta, and Stable channels Up to $30,000
Office Insider 2017-03-15 2018-12-07 Ongoing Vulnerabilities on Office Insider Up to $15,000 USD
ElectionGuard 2019-10-18 2021-03-31 Ongoing Vulnerabilities in ElectionGuard Up to $15,000 USD
AlSO READ:  PS5 to Get Variable Refresh Rate This week
Program Name Start Date Last Updated End Date Eligible Entries Bounty Range
Mitigation Bypass and Bounty for Defense 2013-06-26 2018-10-02 Ongoing Novel exploitation techniques against protections built into the latest version of the Windows operating system. Additionally, defensive ideas that accompany a Mitigation Bypass submission. Up to $100,000 USD (plus up to an additional $100,000)
Grant: Microsoft Identity 2020-01-09 2020-04-09 Ongoing This project grant awards up to $75,000 USD for approved research proposals that improve the security of the Microsoft Identity solutions in new ways for both Consumers (Microsoft Account) and Enterprise (Azure Active Directory). Up to $75,000 USD
SIKE Cryptographic Challenge 2021-06-09 2021-06-09 Ongoing This challenge awards up to $50,000 USD for solutions that break the SIKE algorithm for two sets of toy parameters. Up to $50,000 USD

The Microsoft Bug Bounty Programs are subject to the legal terms and conditions outlined here, and their bounty Safe Harbor policy.


Follow Techspace Africa on Facebook and Twitter. For the latest news, tech news, breaking news headlines, reviews and live updates check out

Nigel Jr.
As a tech enthusiast and expert, Nigel Jr. is dedicated to providing in-depth and insightful content on all things technology. With a background in online journalism, product reviewing, and tech creation, Nigel has become a trusted source for all things tech.

You may also like