Home
%3CLINGO-SUB%20id%3D%22lingo-sub-807907%22%20slang%3D%22en-US%22%3EThe%26nbsp%3BAzure%20Security%20Lab%26nbsp%3B-%20Dedicated%20cloud%20hosts%20for%20security%20researchers%20to%20test%20attacks%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-807907%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-left%22%20style%3D%22width%3A%20329px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F127234i23F747C806A5C42D%2Fimage-dimensions%2F329x333%3Fv%3D1.0%22%20width%3D%22329%22%20height%3D%22333%22%20alt%3D%22AzureSecurityLab.png%22%20title%3D%22AzureSecurityLab.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3EThe%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EAzure%20Security%20Lab%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eis%20a%20set%20of%20dedicated%20cloud%20hosts%20for%20security%20researchers%20to%20test%20attacks%20against%20IaaS%20scenarios%2C%20and%20which%20is%20isolated%20from%20Azure%20customers.%20As%20well%20as%20offering%20a%20secure%20testing%20space%2C%20the%20lab%20program%20will%20enable%20participating%20researchers%20to%20engage%20directly%20with%20Microsoft%20Azure%20security%20experts.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3EPlease%20note%20that%20the%20Azure%20Security%20Lab%20is%20for%20research%20purposes%20only.%3C%2FSTRONG%3E%20%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1620059768%22%20id%3D%22toc-hId-1620059768%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--932097193%22%20id%3D%22toc-hId--932097193%22%3EGETTING%26nbsp%3BSTARTED%26nbsp%3B%3C%2FH3%3E%0A%3CP%3EPlease%20create%20a%20test%20account%E2%80%AFand%20test%20tenants%20for%20security%20testing%20and%20probing.%26nbsp%3B%3C%2FP%3E%0A%3CUL%20class%3D%22c-list%22%3E%0A%3CLI%3EFor%20Azure%20services%2C%20you%20can%20start%20a%20free%20trial%20to%20use%20as%20your%20test%20account%E2%80%AF%3CA%20class%3D%22c-hyperlink%22%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Ffree%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%2C%26nbsp%3Band%20learn%20more%20about%20Azure%26nbsp%3Bwith%26nbsp%3B%3CA%20class%3D%22c-hyperlink%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fguides%2Fdeveloper%2Fazure-developer-guide%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EGetting%20Started%20Guide%20for%20Developers%3C%2FA%3E%26nbsp%3Band%20the%26nbsp%3B%3CA%20class%3D%22c-hyperlink%22%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20documentation%26nbsp%3B%3C%2FA%3Esite.%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EFor%20Microsoft%20Account%2C%20you%20can%20set%20up%20your%20test%20account%E2%80%AF%3CSTRONG%3E%3CA%20class%3D%22c-hyperlink%22%20href%3D%22http%3A%2F%2Fsignup.live.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehere%3C%2FA%3E%3C%2FSTRONG%3E%26nbsp%3B%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EIn%20all%20cases%2C%20where%20possible%2C%26nbsp%3Bplease%26nbsp%3Binclude%20the%20string%20%E2%80%9CMSOBB%E2%80%9D%20in%20your%20account%20name%20and%2For%20tenant%20name%26nbsp%3Bto%26nbsp%3Bidentify%20it%20as%20being%26nbsp%3Bused%26nbsp%3Bfor%26nbsp%3Bsecurity%20research.%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-810713142%22%20id%3D%22toc-hId-810713142%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--1741443819%22%20id%3D%22toc-hId--1741443819%22%3EAZURE%26nbsp%3BSECURITY%26nbsp%3BLAB%20SCENARIO%20CHALLENGE%26nbsp%3B%3C%2FH3%3E%0A%3CP%3EThe%20Azure%20Security%20Lab%20is%20a%20dedicated%20part%20of%20Azure%20reserved%20for%20registered%20researchers%20to%20explore%20and%20exploit%20vulnerabilities%20in%20ways%20that%20wouldn%E2%80%99t%20be%20practical%20on%20the%20standard%20cloud%2C%20and%20submit%20their%20findings%20to%20the%20Microsoft%20Bounty%20Program.%20For%20example%2C%20within%20the%20Azure%20Security%20Lab%20it%20is%20safe%20(and%20encouraged!)%20to%20find%20and%20exploit%20vulnerabilities%20for%20guest%20to%20host%20escape%20or%20denial%20of%20service.%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EWithin%20the%20Azure%20Security%20Lab%20(registered%20researchers%20only)%26nbsp%3B%3C%2FSTRONG%3EWe%20encourage%20researchers%20within%20the%20Azure%20Security%20Lab%20to%20explore%20the%20following%20high-value%20scenarios%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAzure%20is%20exceptionally%20secure.%26nbsp%3B%20To%20help%20keep%20it%20that%20way%2C%20we%20are%20doubling%20the%20top%20bounty%20reward%20for%20Azure%20vulnerabilities%20to%20%2440%2C000.%26nbsp%3B%26nbsp%3BThe%20isolation%20of%20the%20Azure%20Security%20Lab%20allows%20us%20to%20offer%20something%20new%3A%20researchers%20can%20not%20only%20research%20vulnerabilities%20in%20Azure%2C%20they%20can%20attempt%20to%20exploit%20them.%20Those%20with%20access%20to%20the%20Azure%20Security%20Lab%20may%20attempt%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3Escenario-based%20challenges%3C%2FSTRONG%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Ewith%20top%20awards%20of%20%24300%2C000.%20For%20more%20details%20on%20the%20new%20and%20increased%20awards%20please%20see%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fmsrc%2Fbounty-microsoft-azure%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EAzure%20Bounty%20Program%20page%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EMicrosoft%20is%20committed%20to%20ensuring%20our%20cloud%20is%20secure%20from%20modern%20threats.%20We%20built%20Azure%20with%20security%20in%20mind%20from%20the%20beginning%2C%20and%20work%20to%20help%20customers%20secure%20their%20Azure%20cloud%20environment%20with%20products%20such%20as%20Azure%20Sentinel%20and%20Azure%20Security%20Center.%20And%20if%20a%20situation%20arises%2C%20our%20Cloud%20Defense%20Operations%20Center%20(CDOC)%20and%20security%20teams%20work%20around%20the%20clock%20to%20identify%2C%20analyze%20and%20respond%20to%20threats%20in%20real%20time.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3EApplications%20to%20join%20the%20Azure%20Security%20Lab%20open%20today.%20To%20request%20a%20Windows%20or%20Linux%20VM%2C%20go%20to%20our%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Faka.ms%2FAzureSecLab%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Erequest%20form%3C%2FA%3E.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-807907%22%20slang%3D%22en-US%22%3E%3CP%3ETo%20make%20it%20easier%20for%20security%20researchers%20to%20confidently%20and%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CEM%3Eaggressively%3C%2FEM%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Etest%20Azure%2C%20we%20are%20inviting%20a%20select%20group%20of%20talented%20individuals%20to%20come%20and%20do%20their%20worst%20to%20emulate%20criminal%20hackers%20in%20a%20customer-safe%20cloud%20environment%20called%20the%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSTRONG%3EAzure%20Security%20Lab%3C%2FSTRONG%3E.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-TEASER%3E
Microsoft

AzureSecurityLab.png

The Azure Security Lab is a set of dedicated cloud hosts for security researchers to test attacks against IaaS scenarios, and which is isolated from Azure customers. As well as offering a secure testing space, the lab program will enable participating researchers to engage directly with Microsoft Azure security experts. 

 

Please note that the Azure Security Lab is for research purposes only.

 

GETTING STARTED 

Please create a test account and test tenants for security testing and probing. 

In all cases, where possible, please include the string “MSOBB” in your account name and/or tenant name to identify it as being used for security research. 

 

AZURE SECURITY LAB SCENARIO CHALLENGE 

The Azure Security Lab is a dedicated part of Azure reserved for registered researchers to explore and exploit vulnerabilities in ways that wouldn’t be practical on the standard cloud, and submit their findings to the Microsoft Bounty Program. For example, within the Azure Security Lab it is safe (and encouraged!) to find and exploit vulnerabilities for guest to host escape or denial of service.

Within the Azure Security Lab (registered researchers only) We encourage researchers within the Azure Security Lab to explore the following high-value scenarios:

 

Azure is exceptionally secure.  To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000.  The isolation of the Azure Security Lab allows us to offer something new: researchers can not only research vulnerabilities in Azure, they can attempt to exploit them. Those with access to the Azure Security Lab may attempt the scenario-based challenges with top awards of $300,000. For more details on the new and increased awards please see the Azure Bounty Program page.


Microsoft is committed to ensuring our cloud is secure from modern threats. We built Azure with security in mind from the beginning, and work to help customers secure their Azure cloud environment with products such as Azure Sentinel and Azure Security Center. And if a situation arises, our Cloud Defense Operations Center (CDOC) and security teams work around the clock to identify, analyze and respond to threats in real time.  


Applications to join the Azure Security Lab open today. To request a Windows or Linux VM, go to our request form.