Microsoft 365 Insider Bug Bounty program is here, up to $30K for grabs

Reading time icon 1 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Microsoft doubles the maximum reward for critical bugs found in Insider builds to $30,000 USD.
  • Program scope expands to include more vulnerability types (e.g., security feature bypass) and products (e.g., Microsoft OneNote).
  • Tiered reward system based on vulnerability severity and report quality is introduced.

Microsoft is upping the ante to find and fix security vulnerabilities in pre-release versions of its popular productivity suite. The company announced today that it’s doubling the maximum reward for critical bugs found in Microsoft 365 Insider builds, raising the bar to a staggering USD 30,000.

This move comes alongside expanding the program’s scope, now encompassing a wider range of vulnerability types and products. Previously unreported vulnerabilities that bypass security features or impact Microsoft OneNote, for example, are now eligible for rewards.

Additionally, a tiered award system has been implemented, offering varying payouts based on the severity of the vulnerability and the quality of the report submitted.

“We are constantly evolving our bounty programs to stay ahead of the curve in the ever-changing security landscape,”

Said Bruce Robinson of the Microsoft Security Response Center (MSRC).

Researchers interested in participating can join the Microsoft 365 Insider program and submit their findings through the MSRC Researcher Portal.

This update highlights Microsoft’s continued commitment to working with the security research community to identify and address potential security issues before malicious actors can exploit them.

More here.

User forum

0 messages