I submitted another HTTP SSRF in MS services via MSRC recently, this time within an insecure api.php endpoint I found on train.digital.nuance.com. This was a full HTTP SSRF, capable of interacting with internal services, and could be used for both GET and POST requests, including sending full GET/POST bodies with arbitrary parameter/value pairs to arbitrary resources. Bounty? None. A few weeks after submission, MS responded that they confirmed the bug, were investigating the issue, and asked for any more information I could provide.