Microsoft has introduced a new Application Bounty Program that invites researchers to identify vulnerabilities in specific Microsoft apps and share them with Microsoft. Qualified submissions are eligible for bounty rewards from $500 to $30,000 USD.
The first, and at the moment only app, in this new program is Microsoft Teams desktop client. It’s not very clear but I would assume this is the Windows desktop electron client, I’d expect x86/x64 and ARM. More Microsoft apps will be added to this new app bounty program in the future.
There is an existing program that covers the Microsoft Teams Service, the Microsoft Online Services Bounty Program. This covers all of Office 365 and Microsoft Accounts.
There are also other specific bounty programs:
- Azure Bounty Program
- Azure DevOps Bounty Program
- Microsoft Dynamics 365 Bounty Program
- Microsoft Identity Bounty Program