{"id":1666,"date":"2025-01-31T10:03:39","date_gmt":"2025-01-31T10:03:39","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/01\/31\/microsoft-to-boost-m365-bounty-program-with-new-products-rewards-up-to-27000\/"},"modified":"2025-01-31T10:03:39","modified_gmt":"2025-01-31T10:03:39","slug":"microsoft-to-boost-m365-bounty-program-with-new-products-rewards-up-to-27000","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/01\/31\/microsoft-to-boost-m365-bounty-program-with-new-products-rewards-up-to-27000\/","title":{"rendered":"Microsoft to Boost M365 Bounty Program With New Products &amp; Rewards Up to $27,000"},"content":{"rendered":"\n<div>Microsoft to Boost M365 Bounty Program With New Products &#038; Rewards Up to $27,000<\/div>\n<p> \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p>A significant extension of Microsoft\u2019s <a href=\"https:\/\/cybersecuritynews.com\/microsoft-365-down-2\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365<\/a> (M365) Bounty Program has been announced.<\/p>\n<p>The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.\u00a0<\/p>\n<p>This update underscores Microsoft\u2019s commitment to enhancing the security of its software ecosystem and encouraging global collaboration in vulnerability detection.<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">We\u2019re excited to announce the scope of the M365 Bounty Program has expanded to include new Viva products for Critical and Important cases, with awards up to $27,000.<\/p>\n<p>New Viva scope includes:<br \/>\u2013 Feature Access Control<br \/>\u2013 Glint<br \/>\u2013 Learning<br \/>\u2013 Pulse<\/p>\n<p>Additionally, Yammer, which is\u2026<\/p>\n<p>\u2014 Security Response (@msftsecresponse) <a href=\"https:\/\/twitter.com\/msftsecresponse\/status\/1885074752345391245?ref_src=twsrc%5Etfw\">January 30, 2025<\/a>\n<\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div>\n<\/figure>\n<h2 class=\"wp-block-heading\"><strong>New Additions to the M365 Bounty Program<\/strong><\/h2>\n<p>The expanded scope introduces four new Viva products to the program:<\/p>\n<ul class=\"wp-block-list\">\n<li>Feature Access Control<\/li>\n<li>Glint<\/li>\n<li>Learning<\/li>\n<li>Pulse<\/li>\n<\/ul>\n<p>These additions aim to enhance the security of the Viva suite, which is part of Microsoft\u2019s employee experience platform.\u00a0<\/p>\n<p>Viva integrates seamlessly with <a href=\"https:\/\/cybersecuritynews.com\/fake-microsoft-teams-page-drops-malware-on-windows\/\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Teams<\/a> and other M365 applications, offering tools for employee engagement, learning, and productivity.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 93%,rgb(169,184,195) 100%)\"><strong><code>Collect Threat Intelligence with\u00a0TI Lookup\u00a0to Improve Your Company\u2019s Security\u00a0-\u00a0<a href=\"https:\/\/intelligence.any.run\/plans\/?utm_source=csn_jan&amp;utm_medium=article&amp;utm_campaign=ti&amp;utm_content=plans&amp;utm_content=linktotiplans&amp;utm_term=280125\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Get 50 Free Request<\/a><\/code><\/strong><\/p>\n<p>Researchers can now submit vulnerabilities in these components under the categories of \u201cCritical\u201d and \u201cImportant,\u201d depending on severity.<\/p>\n<p>Moreover, Yammer, a long-standing component of the program, has been rebranded as Viva Engage as part of Microsoft\u2019s ongoing efforts to unify its Viva product line.<\/p>\n<p>The bounty rewards range from $500 to $27,000 USD, depending on the severity and quality of the submitted vulnerability reports.\u00a0<\/p>\n<p>Critical vulnerabilities in the newly added Viva products are eligible for the maximum reward.\u00a0<\/p>\n<p>This incentivizes researchers to focus on high-impact issues that could pose significant risks to users if left unaddressed. Submissions must meet Microsoft\u2019s stringent criteria outlined in their Bounty Terms and Conditions to qualify for rewards.<\/p>\n<h2 class=\"wp-block-heading\"><strong>Technical Focus Areas<\/strong><\/h2>\n<p>The M365 Bounty Program invites researchers to probe specific domains and endpoints within <a href=\"https:\/\/i2.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEit2HoujO2rNJQvWMQ_eBpi_a1HqbiVo-M7N0fBpVvLW_Am7xtwTXCj1N4nuWFYNgSl8XOrDvwHovgyhmFaSae4e0FvGFcTAZoqsDZN-6-yOspNc63GntJLKwbUQskRoDCSncJfTKmEzGm4vjMHtp6Sh3qT1F_f0cq_3ohsY8io4yxVcSD0xx_jm_KIA3k_\/s16000\/WhatsApp%20View%20Once%20Privacy%20Bug.webp?w=356&amp;resize=356,364&amp;ssl=1\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft 365 services<\/a>.\u00a0<\/p>\n<p>With the inclusion of Viva products, areas like access control mechanisms, data integrity, and user authentication are likely to be key targets for vulnerability assessment.\u00a0<\/p>\n<p>The program\u2019s goal is to identify flaws that could compromise data security or system functionality. For instance:<\/p>\n<ul class=\"wp-block-list\">\n<li>In Feature Access Control, researchers might examine how permissions are enforced across different user roles.<\/li>\n<li>In Viva Learning, they could analyze integrations with external learning management systems (LMS) or data-sharing protocols.<\/li>\n<li>Pulse and Glint, which focus on employee feedback and analytics, may require scrutiny for potential data leaks or unauthorized access vulnerabilities.<\/li>\n<\/ul>\n<p>Security <a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\/bounty-online-services?oneroute=true\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">researchers<\/a> interested in participating can visit Microsoft\u2019s official M365 Bounty Program page for detailed guidelines.\u00a0<\/p>\n<p>Submissions must include clear proof-of-concept code or steps to reproduce the identified vulnerability. Reports are evaluated based on their impact, exploitability, and clarity.<\/p>\n<p>As cyber threats continue to evolve, programs like these play a crucial role in safeguarding digital ecosystems while empowering ethical hackers to make meaningful contributions.<\/p>\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 94%,rgb(169,184,195) 100%)\"><strong>Find this story interesting! Follow us on <a href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMOffpwsw1Oq_Aw\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>, <a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>, and <a href=\"https:\/\/x.com\/The_Cyber_News\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a> for more instant updates.<\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/microsoft-to-boost-m365-bounty-program-with-new-products\/\">Microsoft to Boost M365 Bounty Program With New Products &amp; Rewards Up to $27,000<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Kaaviya Ragupathy<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/microsoft-to-boost-m365-bounty-program-with-new-products\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft to Boost M365 Bounty Program With New Products &#038; Rewards Up to $27,000 A significant extension of Microsoft\u2019s Microsoft 365 (M365) Bounty Program has been announced. The program now includes new Viva products under its scope for identifying vulnerabilities, with rewards reaching up to $27,000 for critical submissions.\u00a0 This update underscores Microsoft\u2019s commitment to [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,158],"tags":[130],"class_list":["post-1666","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-microsoft","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1666"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=1666"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1666\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=1666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=1666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=1666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}