Microsoft Identity Bounty Improvements

Microsoft is continually improving our existing bounty programs. Today we’re happy to share the latest updates to the Microsoft Identity Bounty. Originally launched in July 2018, the Microsoft Identity bounty program has helped build a partnership with the security research community to improve the security of customer and enterprise identity solutions across Azure, Windows, and OpenID standards. Today’s bounty improvements include:

• Faster bounty review

• Rewards will be based on security impact, severity and report quality, supporting faster review and bounty reward decisions for this program

• Simplified bounty terms

• The Identity Bounty terms are now easier to read and compare with our other programs, helping researchers better understand scope and focus on high priority targets and awards

• Higher bounty awards

• Information Disclosure award range raised to align with other Cloud programs.

Microsoft is committed to continually improving the experience of the many researchers who help us identify vulnerabilities in our products and services and secure Microsoft customers. We regularly launch new bounty programs, like the ElectionGuard bounty last week, to open new avenues of research in emerging technology and create new opportunities to earn bounty rewards. We offer our public thanks for contributions from the security researcher community, and this summer shared successes and lessons learned together on stage at Blackhat USA.

We look forward to sharing more bounty program updates and improvements in the coming months.

Chloé Brown, Program Manager, MSRC