We are pleased to announce the addition of Microsoft Teams mobile applications to the Microsoft Applications Bounty Program. Through the expanded program we welcome researchers from across the globe to seek out and disclose any high impact security vulnerabilities they may find in Teams mobile applications to help secure customers. Rewards up to $30,000 USD are available for eligible submissions.  

• Scenario-Based Bounty Awards: Rewards from $15,000 to $30,000 USD for 2 scenario-based awards focused on vulnerabilities that have the highest potential impact on customer privacy and security.
• General Bounty Awards: Rewards from $500 to $15,000 USD for other eligible vulnerability reports for Teams iOS and Android mobile applications.
• Teams Desktop: Submissions for Teams desktop client will continue to be awarded under the Applications Bounty Program.
• Teams Online: Submissions for Teams online services will continue to be awarded under the Online Services Bounty Program.
• Researcher Recognition Program Points: Valid reports for Microsoft Teams mobile application research are eligible for a 2x bonus multiplier under the Researcher Recognition Program. Points earned contribute toward your eligibility for the annual MSRC Most Valuable Security Researcher list.

Microsoft is committed to strengthening our partnership with the security research community, and we look forward to sharing more bounty updates and improvements in the coming months. If you have any questions about the new bounty awards or any other security research incentive program, please email us at [email protected].

Lynn Miyashita, Program Manager, MSRC