Secure research starts with responsible testing.
Microsoft Dynamics 365 and Power Platform Bounty Program
Partner with Microsoft to strengthen our products and services by identifying and reporting security vulnerabilities that could impact our customers.
IMPORTANT: The Microsoft Bounty Program is subject to these terms and those outlined in the Microsoft Bounty Terms and Conditions, Microsoft Bounty Legal Safe Harbor, Rules of Engagement, Coordinated Vulnerability Disclosure (CVD), Bounty Program Guidelines, and the Microsoft Bounty Program page.
PROGRAM DESCRIPTION
Dynamics 365 is a suite of intelligent business applications designed to connect customers, products, people, and operations. Power Platform is a line of applications created so that companies can analyze data, build solutions, automate processes, and create virtual agents to overcome business challenges. We invite researchers to identify security vulnerabilities in targeted Dynamics 365 and Power Platform applications and share them with our team. Qualified submissions are eligible for bounty awards from $1,250 to $30,000 USD. This includes third-party and open-source components included in the service. Please note that qualifying reports must demonstrate a qualifying security impact on the specified service.
ELIGIBLE SUBMISSIONS
The goal of the Microsoft Bug Bounty program is to uncover significant technical vulnerabilities that have a direct and demonstrable impact on the security of our customers.
In addition to the eligibility requirements listed on the Bounty Program Guidelines page, vulnerability submissions must meet the following criteria to be eligible for bounty awards:
- Such vulnerability must be of Critical or Important severity and must reproduce on the latest, fully patched version of the in-scope products or services.
- To be eligible for AI Bounty Awards, such vulnerability must be Critical or Important severity as defined in the Microsoft Vulnerability Severity Classification for AI Systems and reproducible on a product or service listed in the In Scope Services and Products.
We request researchers include the following information to help us quickly assess their submission:
- Submit through the MSRC Researcher Portal
- Indicate if the vulnerability submission qualifies for a high impact scenario (if any)
- Power/Dynamics Environment ID
- Username of the account used to reproduce the vulnerability
Microsoft may accept or reject any submission at our sole discretion that we determine does not meet the above criteria.
SCOPE
Vulnerabilities submitted in the following Product(s) are eligible under this bounty program:
- Microsoft Dynamics 365 online applications, including
- Dynamics 365 Sales
- Dynamics 365 Customer Service
- Dynamics 365 Field Service
- Dynamics 365 Human Resources
- Dynamics 365 Finance
- Dynamics 365 Project Operations
- Dynamics 365 Commerce
- Dynamics 365 Remote Assist
- Dynamics 365 Customer Insights
- Dynamics 365 Business Central
- Dynamics 365 Contact Center
- Dynamics 365 Customer Voice
- Dynamics 365 Electronic Invoicing
- Dynamics 365 Guides
- Dynamics 365 Intelligent Order Management
- Dynamics 365 Supply Chain Management
- Dynamics 365 General
- Microsoft Dynamics 365 on-premise products
- Dynamics 365 for Finance + Operations
- Microsoft Dynamics CRM
- Microsoft Dynamics GP
- Microsoft Dynamics NAV
- Microsoft Dynamics SL
- Power Apps
- Power Automate
- Microsoft Copilot Studio
- Power Pages
- Power Admin
- AI Builder
- Dataverse
GETTING STARTED
Please follow the guidance below to create a test account for security testing and probing. Additionally, please follow the Research Rules of Engagement to avoid harm to customer data, privacy, and service availability. If in doubt, please contact bounty@microsoft.com.
In all cases, where possible, please include the string “MSOBB” in your account name and/or tenant name to identify it as being used for security research.
Dynamics 365
- Sign up for a free trial of Dynamics 365.
- To learn about Dynamics 365, please see our documentation site and follow the Dynamics 365 blog and Dynamics 365 community to hear about the latest features and updates.
Power Platform
- Before sharing your research, check out our documentation site, security FAQs and commonly reported issues.
When setting up an account in Power Platform, please select “sign in with new OrgID.” You will then be prompted to create a new OrgID and create a test tenant. A trial license will be assigned automatically
- Power Apps
- Microsoft Power Apps documentation - Power Apps | Microsoft Docs
- Sign up for free
- Making applications through conversations
- Copilot assistance for form filling in model-driven apps
- Copilot chat in model driven applications (can be accessed through the copilot icon in the right navigation bar in a model-driven app)
- Microsoft Power Apps documentation - Power Apps | Microsoft Docs
- Power Automate
- Get started with Power Automate - Power Automate | Microsoft Docs
- Sign in with OrgID
- Open Power Automate
- Microsoft Copilot Studio
- Get started with Microsoft Copilot Studio - Training | Microsoft Learn
- Sign in with OrgId
- Go through tutorial
- Power Pages
- Get started with Power Pages - Training | Microsoft Learn
- Sign in with OrgId
- Go through tutorial
- Microsoft Copilot Studio
- Get started with Microsoft Copilot Studio - Training | Microsoft Learn
- Sign in with OrgId
- Go through tutorial
- Power Pages
- Get started with Power Pages - Training | Microsoft Learn
- Sign in with OrgId
- Go through tutorial
- Extend Copilot capabilities in finance and operations apps
- Enable Copilot capabilities in finance and operations apps (preview)
BOUNTY AWARDS
Bounty awards range from $1,250 up to $30,000 USD. Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. If a single submission is eligible for multiple awards, the submission will be awarded the single highest qualifying award.
Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgement if their submission leads to a vulnerability fix; they may also earn points in our Researcher Recognition Program to receive swag and secure a place on the Microsoft Most Valuable Researcher list.
If a reported vulnerability does not qualify for a bounty award under the High-Impact Scenarios, it may be eligible for a bounty award under General Awards (see applicable chart below).
High-Impact Scenario Awards
| Scenario | Award or Multiplier |
|---|---|
| Cross-tenant information disclosure | $20,000 |
| Power Platform escalation of privileges in Dataverse using an entry point other than Dataverse to gain access to Dataverse (Example: an individual who doesn't have access to a record in Dataverse cannot use another Power Platform service to get access to the record.) | +20% |
| Dataverse Plugin Sandbox "guest to host" escape | +20% |
AI Bounty Awards
| Severity | |||||
|---|---|---|---|---|---|
| Security Impact | Report Quality | Critical | Important | Moderate | Low |
| Inference Manipulation | High Medium Low | $30,000 $20,000 $12,000 | $20,000 $10,000 $6,000 | $0 | $0 |
| Inferential Information Disclosure | High Medium Low | $30,000 $20,000 $12,000 | $20,000 $10,000 $6,000 | $0 | $0 |
In all scenarios, please follow the Research Rules of Engagement to ensure your research does not harm customer data, privacy, or service availability. If in doubt, please contact bounty@microsoft.com.
General Awards
| Severity | |||||
|---|---|---|---|---|---|
| Security Impact | Report Quality | Critical | Important | Moderate | Low |
| Remote Code Execution | High Medium Low | $20,000 $15,000 $10,000 | $15,000 $10,000 $6,000 | $0 | $0 |
| Elevation of Privilege | High Medium Low | $12,000 $8,000 $4,000 | $6,000 $4,000 $2,000 | $0 | $0 |
| Information Disclosure | High Medium Low | $12,000 $8,000 $4,000 | $6,000 $4,000 $2,000 | $0 | $0 |
| Spoofing | High Medium Low | $8,000 $5,000 $2,500 | $4,000 $2,500 $1,250 | $0 | $0 |
| Tampering | High Medium Low | $8,000 $5,000 $2,500 | $4,000 $2,500 $1,250 | $0 | $0 |
| Denial of Service | High/Low | Out of Scope | |||
Sample high- and low-quality reports are available here.
OUT OF SCOPE VULNERABILITIES
Microsoft is happy to receive and review every submission on a case-by-case basis, but some submission and vulnerability types may not qualify for bounty award.
If your submission is evaluated as out of scope for this individual bounty program, it may still qualify for an award under the Standard Award Policy.
Here are some of the common low-severity or out-of-scope issues that typically do not earn bounty awards:
- Publicly-disclosed vulnerabilities which have already been reported to Microsoft or are already known to the wider security community.
- Vulnerabilities in any version other than latest, fully patched version at time of submission.
- Vulnerabilities that are addressed via product documentation updates, without change to product code or function.
- Vulnerabilities on Microsoft Customer pages.
- Vulnerabilities based on user configuration or action, for example:
- Vulnerabilities based on user-generated content or user-created apps
- Vulnerabilities requiring extensive or unlikely user actions
- Security misconfiguration of a service by a user or administrator
- Out-of-scope vulnerability types, including:
- Server-side information disclosure
- Denial of service (DoS) attacks
- Cookie replay vulnerabilities
- Sub-domain takeovers
- Blind Cross-Site Scripting (XSS)
- Vulnerability patterns or categories for which Microsoft is actively investigating broad mitigations. As of June 2023, for example, these include, without limitation:
- Dependency Confusion issues
- AI prompt injection attacks that do not have a security impact on users other than the attacker.
- Model hallucination where the model pretends to run arbitrary code provided to it.
- Attacks that aim to leak (part of) the system/meta prompt.
- Content-related issues as defined by the Microsoft Vulnerability Severity and Content Classifications for AI Systems.
- Content-related issues can be reported to the MSRC Researcher Portal. In the Security Impact section, select “AI derived harm”.
- Vulnerabilities based on third parties that do not demonstrate a qualifying security impact on the specified service.
- Training, documentation, samples, and community forum sites related to Dynamics 365 & Power Platform Bounty Program products and services are not in scope for bounty awards.
We reserve the right to reject any submission that we determine, in our sole discretion, falls into any of these categories of vulnerabilities even if otherwise eligible for a bounty.
ADDITIONAL INFORMATION
For additional information, please see our FAQ.
REVISION HISTORY
- July 17, 2019: Program launched.
- July 29, 2019: Documentation and training domains moved out of scope, including experience.dynamics.com and community.dynamics.com.
- October 13, 2021: Added Power Platform scope and rebranded program name.
- October 19, 2021: Added clarity to In Scope Vulnerabilities section.
- February 24, 2022: Added clarification that vulnerabilities addressed via product documentation updates are out of scope.
- April 14, 2022: Added high impact scenario award for Dynamics 365 and Power Platform.
- May 3, 2022: Added additional getting started material for Power Platform.
- June 1, 2022: Updated product names in “Dynamics 365 In-Scope Services and Products”.
- April 20, 2023: Updated product name for “Power Portals” to “Power Pages”.
- June 1, 2023: Added Dependency Confusion issues to Out-of-Scope.
- February 14, 2024: Added additional High Impact Scenarios
- July 23, 2024: Updated Rules of Engagement and Out of Scoped Blind XSS
- November 19, 2024: Added temporary Zero Day Quest Award Multipliers for eligible security impacts and high impact scenarios.
- February 24, 2025: Updated name of Power Virtual Agent to Microsoft Copilot Studio in the Getting Started section.
- March 3, 2025: Removed reference to Zero Day Quest and bonus multipliers as the research challenge ended.
- March 10, 2025: Added Power Admin to in-scope.
- March 18, 2025: Added Environment ID and Username of the account requirement to Eligible Submissions section.
- April 17, 2025: Updated Eligible Submissions section, added AI Bounty Award category, and updated Out of Scope Vulnerabilities section.
- May 5, 2025: Updated products in the In-Scope Services and Products section.
- May 13, 2025: Updated Research Rules of Engagement section.
- August 1, 2025: Updated Getting Started and AI Bounty Award sections.
- September 16, 2025: Removed Model Manipulation vulnerability type from the Bounty Awards section to align with the Microsoft Vulnerability Severity Classification for AI Systems and updated Out of Scope Submissions and Vulnerabilities section.
- December 11, 2025: Increased awards, updated hyperlinks, and standardized language.