Microsoft has expanded the remit of its bug bounty programme to include Outlook, Office365, Sharepoint, Lync, Windows.net, Microsoftonline.com and Yammer.
The expansion means bug hunters that spot flaws that could be used for cross-site scripting (XSS), cross-site request forgery (CSRF), cross-tenant data tampering, insecure direct object references, remote code injection, server-side code execution, privilege escalation, and security misconfigurations will receive a minimum payment of $500.
Researchers looking for payment will have to follow Microsoft's ethical testing guidelines and will be prohibited from several practices.
The guidelines prohibit "any kind of Denial of Service testing," gaining access to any data that is not wholly your own, moving beyond "proof of concept" repro steps for server-side execution issues and attempting phishing or other social engineering attacks against the Microsoft's employees.
Microsoft also clarified it will continue to refuse payments for flaws relating to missing HTTP security headers, server-side information disclosure and bugs in the web application that only affect unsupported browsers or plugins that require "unlikely user actions".
URL Redirects vulnerabilities in platform technologies that are not unique to the online services in question or cookie replay vulnerabilities are also listed as ineligible for payment.
The firm also added payments will be strictly at its discretion warning bug hunters:
"Bounty amounts will be determined at Microsoft's discretion based primarily on the impact of the vulnerability. However the detail, quality, and complexity of the vulnerability will also be considered in making a determination. Microsoft retains sole discretion in determining which submissions are qualified."
Microsoft is one of many big technology firms currently running bug bounty programmes. Twitter launched a bug bounty programme, paying from $140 per problem discovered in its web, iOS or Android services earlier in September.
For more information on the cloud security, visit the Intel IT Center.
Some parts of Atacama have not received rainfall for 500 years - but a sudden deluge of water upset the Desert's delicate biological balance
Spitzer Space Telescope could not spot Oumuamua, suggesting that it is actually pretty small
Greenland crater one of the 25 largest impact craters on Earth
This long-sought progenitor star was identified in an image captured by Hubble in 2007