Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000

A significant extension of Microsoft’s Microsoft 365 (M365) Bounty Program has been announced.

The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions. 

This update underscores Microsoft’s commitment to enhancing the security of its software ecosystem and encouraging global collaboration in vulnerability detection.

New Additions to the M365 Bounty Program

The expanded scope introduces four new Viva products to the program:

• Feature Access Control
• Glint
• Learning
• Pulse

These additions aim to enhance the security of the Viva suite, which is part of Microsoft’s employee experience platform. 

Viva integrates seamlessly with Microsoft Teams and other M365 applications, offering tools for employee engagement, learning, and productivity.

Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

Researchers can now submit vulnerabilities in these components under the categories of “Critical” and “Important,” depending on severity.

Moreover, Yammer, a long-standing component of the program, has been rebranded as Viva Engage as part of Microsoft’s ongoing efforts to unify its Viva product line.

The bounty rewards range from $500 to $27,000 USD, depending on the severity and quality of the submitted vulnerability reports. 

Critical vulnerabilities in the newly added Viva products are eligible for the maximum reward. 

This incentivizes researchers to focus on high-impact issues that could pose significant risks to users if left unaddressed. Submissions must meet Microsoft’s stringent criteria outlined in their Bounty Terms and Conditions to qualify for rewards.

Technical Focus Areas

The M365 Bounty Program invites researchers to probe specific domains and endpoints within Microsoft 365 services. 

With the inclusion of Viva products, areas like access control mechanisms, data integrity, and user authentication are likely to be key targets for vulnerability assessment. 

The program’s goal is to identify flaws that could compromise data security or system functionality. For instance:

• In Feature Access Control, researchers might examine how permissions are enforced across different user roles.
• In Viva Learning, they could analyze integrations with external learning management systems (LMS) or data-sharing protocols.
• Pulse and Glint, which focus on employee feedback and analytics, may require scrutiny for potential data leaks or unauthorized access vulnerabilities.

Security researchers interested in participating can visit Microsoft’s official M365 Bounty Program page for detailed guidelines. 

Submissions must include clear proof-of-concept code or steps to reproduce the identified vulnerability. Reports are evaluated based on their impact, exploitability, and clarity.

As cyber threats continue to evolve, programs like these play a crucial role in safeguarding digital ecosystems while empowering ethical hackers to make meaningful contributions.

Find this story interesting! Follow us on Google News, LinkedIn, and X for more instant updates.

The post Microsoft to Boost M365 Bounty Program With New Products & Rewards Up to $27,000 appeared first on Cyber Security News.