In 2019, Microsoft launched its Dynamics 365 Bounty program wherein it offers rewards up to US$20,000 for eligible vulnerabilities in both Dynamics 365 online services and the latest edition of Dynamics 365 on-premises.
“Through this expanded program, we encourage researchers to discover and report high impact security vulnerabilities they may find in the new Power Platform scope to help protect customers,” Microsoft Security Response Centre’s Madeline Eckert and Lynn Miyashita said in an online post
The additional Microsoft products that are now eligible for bounty awards are Power Automate, Power Virtual Agent, Power Apps, and Power Portals.
“Researchers can expect to see the Dynamics 365 and Power Platform Bounty Program continue to grow as we identify new areas of scope for bounty eligibility,” Eckert and Miyashita said.
“Through targeted and expanding program scope, Microsoft can better protect our customers and partner with researchers to secure new and interesting attack surface," the pair added.
In March, Microsoft added Teams to the security research program.