Microsoft Zero Day Quest

As announced in the MSRC blog, Microsoft Zero Day Quest invites security researchers to discover and report high-impact vulnerabilities in Microsoft Azure, Microsoft Copilot, Microsoft Dynamics 365 and Power Platform, Microsoft Identity, and M365 Bounty Programs. Zero Day Quest provides new opportunities for the security community to work hand in hand with Microsoft engineers and security researchers to share, learn, and build community as we work to keep everyone safe.

This challenge has two distinct opportunities:

• A Research Challenge (open to everyone)
• A Live Hacking Event (invite only)

Zero Day Quest will be subject to the terms of our bounty program, as outlined in the Microsoft Bounty Terms and Conditions and our bounty Safe Harbor policy, the applicable bounty program, and additional terms and conditions for the Research Challenge and Live Hacking Event. 

Visit the MSRC Researcher Portal and follow the instructions to submit your reports.

Microsoft is not responsible for excess, lost, late, or incomplete submissions. If disputed, submissions will be deemed submitted by the “authorized account holder” of the email address used to enter. The “authorized account holder” is the natural person assigned to an email address by an internet or online service provider, or other organization responsible for assigning email addresses.

To maintain the security and integrity of our services, all participants in Microsoft's bounty programs must strictly adhere to the Microsoft Security Testing Rules of Engagement (ROE). These guidelines are crafted to enable security researchers to assess the security of Microsoft Online Assets effectively while ensuring that other customers and infrastructure remain unaffected. For comprehensive details about these rules, please consult the Microsoft ROE website.

If you accidentally access unauthorized data, stop immediately. Notify MSRC with the details, delete the data, and acknowledge this in any bug bounty report. Do not share the accessed information.