Microsoft has expanded the remit of its bug bounty programme to include Outlook, Office365, Sharepoint, Lync, Windows.net, Microsoftonline.com and Yammer.
The expansion means bug hunters that spot flaws that could be used for cross-site scripting (XSS), cross-site request forgery (CSRF), cross-tenant data tampering, insecure direct object references, remote code injection, server-side code execution, privilege escalation, and security misconfigurations will receive a minimum payment of $500.
Researchers looking for payment will have to follow Microsoft's ethical testing guidelines and will be prohibited from several practices.
The guidelines prohibit "any kind of Denial of Service testing," gaining access to any data that is not wholly your own, moving beyond "proof of concept" repro steps for server-side execution issues and attempting phishing or other social engineering attacks against the Microsoft's employees.
Microsoft also clarified it will continue to refuse payments for flaws relating to missing HTTP security headers, server-side information disclosure and bugs in the web application that only affect unsupported browsers or plugins that require "unlikely user actions".
URL Redirects vulnerabilities in platform technologies that are not unique to the online services in question or cookie replay vulnerabilities are also listed as ineligible for payment.
The firm also added payments will be strictly at its discretion warning bug hunters:
"Bounty amounts will be determined at Microsoft's discretion based primarily on the impact of the vulnerability. However the detail, quality, and complexity of the vulnerability will also be considered in making a determination. Microsoft retains sole discretion in determining which submissions are qualified."
Microsoft is one of many big technology firms currently running bug bounty programmes. Twitter launched a bug bounty programme, paying from $140 per problem discovered in its web, iOS or Android services earlier in September.
For more information on the cloud security, visit the Intel IT Center.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all