Microsoft is committed to ensuring our cloud is secure from modern threats and we built Azure with security in mind from the beginning. We work hard to earn your trust in the cloud, but we don’t do it alone. Security researchers have repeatedly demonstrated that working together helps protect customers by identifying and reporting vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure (CVD).

The Azure Security Lab provides additional resources, environments, and tooling to help security researchers explore and research for high impact vulnerabilities in the cloud. Security researchers will have the opportunity to participate in limited time research challenges and earn awards specific to each research challenge.

This bounty program is subject to these terms and those outlined in the Azure Bounty Program and Microsoft Bounty Terms and Conditions

CURRENT RESEARCH CHALLENGE

Coming soon. More information will be published when new research challenges become available.

 

PAST RESEARCH CHALLENGES

Azure Sphere Security Research Challenge [CLOSED]

This research challenge aimed to spark new high impact security research in Azure Sphere, a comprehensive IoT security solution that includes hardware, OS and cloud components. This three-month, application-only security research challenge offered special bounty awards and provided program participants research resources.

Azure Security Lab Scenario Challenge  [CLOSED]

The isolated environment provided by Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios in isolation from Azure customers, while also being able to engage directly with Microsoft Azure security experts.

REVISION HISTORY 

  • August 5, 2019: Azure Security Lab launched.
  • May 5, 2020: Azure Security Lab expanded to include rotating research initiatives and a dedicated program page. 
  • May 15, 2020: The application period for the Azure Sphere Security Research Challenge is now closed.
  • September 1, 2020: The Azure Sphere Security Research Challenge has concluded and has been moved to the Microsoft Azure Security Lab – Research Challenge Archive page.