Microsoft Azure Security Lab

Microsoft is committed to ensuring our cloud is secure from modern threats and we built Azure with security in mind from the beginning. We work hard to earn your trust in the cloud, but we don’t do it alone. Security researchers have repeatedly demonstrated that working together helps protect customers by identifying and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD).

The Azure Security Lab provides additional resources, environments, and tooling to help security researchers explore and research for high impact vulnerabilities in the cloud. Security researchers will have the opportunity to participate in limited time research challenges and earn awards specific to each research challenge.

This bounty program is subject to these terms and those outlined in the Azure Bounty Program and Microsoft Bounty Terms and Conditions.

CURRENT RESEARCH CHALLENGE

Coming soon. More information will be published when new research challenges become available.

PAST RESEARCH CHALLENGES

Azure SSRF Security Research Challenge [CLOSED]

The Azure Server-Side Request Forgery (SSRF) Research Challenge invited security researchers to discover and share high impact Server-Side Request Forgery (SSRF) vulnerabilities in Microsoft Azure. This challenge featured a bonus structure based on specific scenarios. Qualified submissions were eligible for bounty awards up to $60,000 USD.

Azure Sphere Security Research Challenge [CLOSED]

This research challenge aimed to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution that includes hardware, OS and cloud components. This three-month, application-only security research challenge offered special bounty awards and provided program participants research resources.

Azure Security Lab Scenario Challenge [CLOSED]

The isolated environment provided by Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios in isolation from Azure customers, while also being able to engage directly with Microsoft Azure security experts.

REVISION HISTORY

August 5, 2019: Azure Security Lab launched.
May 5, 2020: Azure Security Lab expanded to include rotating research initiatives and a dedicated program page.
May 15, 2020: The application period for the Azure Sphere Security Research Challenge is now closed.
September 1, 2020: The Azure Sphere Security Research Challenge has concluded and has been moved to the Microsoft Azure Security Lab – Research Challenge Archive page.
August 19, 2021: The Azure SSRF Research Challenge launched.
November 19, 2021: The Azure SSRF Research Challenge has concluded.