This is the Trace Id: 363c848482622c20aa996839c157eacd
Skip to main content

Penetration Testing Rules of Engagement

Microsoft Cloud


This document describes the unified rules (“Rules of Engagement”) for customers wishing to perform penetration tests against their Microsoft Cloud (defined below) components. In many cases, the Microsoft Cloud uses shared infrastructure to host your assets and assets belonging to other customers. Care must be taken to limit all penetration tests to your assets and avoid unintended consequences to other customers around you. These Rules of Engagement are designed to allow you to effectively evaluate the security of your assets while preventing harm to other customers or the infrastructure itself.

All penetration tests must follow the Microsoft Cloud Penetration Testing Rules of Engagement as detailed on this page. Your use of the Microsoft Cloud, will continue to be subject to the terms and conditions of the agreement(s) under which you purchased the relevant service. Any violation of these Rules of Engagement or the relevant service terms may result in suspension or termination of your account and legal action as set forth in the Microsoft Product Terms. You are responsible for any damage to the Microsoft Cloud and other customers data or use of the Microsoft Cloud that is caused by any failure to abide by these Rules of Engagement or the Microsoft Product Terms.


For the purposes of these Rules of Engagement, “Microsoft Cloud” is defined as including the following Microsoft products:

  • Azure Active Directory
  • Microsoft 365
  • Microsoft Account
  • Microsoft Azure
  • Microsoft Defender
  • Microsoft Dynamics 365
  • Microsoft Generative AI Service which includes, without limitation, Microsoft Copilot
  • Microsoft Intune
  • Microsoft Power Platform


If during your penetration testing you believe you discovered a potential security flaw related to the Microsoft Cloud, please follow the instructions here on how to validate the report first and then submit the valid vulnerabilities to the Microsoft Security Response Center (MSRC). Check out this blog for additional information regarding pentest reports.

If any valid vulnerabilities were reported to the MSRC, you agree that you will not disclose this vulnerability information publicly or to any third party until you hear back from Microsoft that the vulnerability has been fixed. All vulnerabilities reported must follow Coordinated Vulnerability Disclosure.

Microsoft offers bug bounty awards and recognition for many types of security issues. If you find a security issue in the Microsoft Cloud, and wish to be considered for a bounty, please follow our bug bounty rules and submission guidance, located here.


The goal of these guidelines is to enable customers to test their services hosted in Microsoft Cloud without causing harm to Microsoft or any Microsoft customers.

The following activities are prohibited:

  • Scanning or testing assets belonging to Microsoft or any Microsoft customer.
  • Gaining access to any data that is not wholly your own.
  • Performing any kind of denial of service testing.
  • Performing network intensive fuzzing against any asset except your Azure Virtual Machine
  • Performing automated testing of services that generates significant amounts of traffic.
  • Deliberately accessing any Microsoft or other Microsoft customer’s data.
  • Moving beyond “proof of concept” repro steps for infrastructure execution issues (i.e. proving that you have sysadmin access with SQLi is acceptable, running xp_cmdshell is not).
  • Using our services in a way that violates the Acceptable Use Policy, as set forth in the Microsoft Product Terms.
  • Attempting phishing or other social engineering attacks against our employees.
  • Extracting training data, model architectures, model weights, training code, or other aspects of the model itself.

The following activities are encouraged:

  • Create a small number of test accounts and/or trial tenants for demonstrating and proving cross-account or cross-tenant data access. However, it is prohibited to use one of these accounts to access any data or accounts that belongs to Microsoft or any Microsoft customer.
  • Fuzz, port scan, or run vulnerability assessment tools against your own Azure Virtual Machines.
  • Load testing your application by generating traffic which is expected to be seen during the normal course of business. This includes testing surge capacity.
  • Testing security monitoring and detections (e.g. generating anomalous security logs, dropping EICAR, etc).
  • Attempt to break out of a shared service container such as Azure Websites or Azure Functions. However, should you succeed, you must both immediately report it to Microsoft and cease digging deeper. Deliberately accessing Microsoft data or another customer’s data is a violation of the terms.
  • Applying conditional access or mobile application management (MAM) policies within Microsoft Intune to test the enforcement of the restriction enforced by those policies.
  • Attempt to break out of AI system boundaries. This includes, without limitation, bypassing restrictions in the system prompt.

Even with these prohibitions, Microsoft reserves the right to respond to any actions on its networks that appear to be malicious. Many automated mitigation mechanisms are employed across the MicrosoftCloud. These will not be disabled to facilitate a penetration test.