[kjaftaedi]

It's not about reproducibility but severity and value.

Offering low bounties for something like this can act as an incentive for people who find something like this to sell it somewhere else.

A bug like this would be orders of magnitude more valuable in the wrong hands.

[psds2]

How can a low bounty act as an incentive?

[kjaftaedi]

This attack could have been used to gain access to any Azure account.

If you knew that Microsoft would pay you a couple thousand for this and the black market would offer hundreds of thousands of dollars. It could influence a decision to not report the vulnerability to the developer.

[psds2]

I don't see how your explanation shows Microsoft creating the incentive. Your argument seems to amount to "Microsoft is not creating a sufficient disincentive." The problem with creating a sufficient disincentive is that you draw a lot of attention and still run the risk of being outbid when a vulnerability is discovered.