Microsoft will now reward researchers for identifying critical vulnerabilities in any of its online services, regardless of the code's origin. This change aims to enhance security by incentivizing the discovery of flaws in both Microsoft's own and third-party components that impact its services.

Microsoft awarded $17 million to 344 security researchers in the past year through its bug bounty programs, marking the highest annual payout since the programs began in 2018. The total amount distributed across all years now reaches $92.5 million, with ongoing updates to enhance program coverage and align with emerging security challenges.