[kjaftaedi]

This attack could have been used to gain access to any Azure account.

If you knew that Microsoft would pay you a couple thousand for this and the black market would offer hundreds of thousands of dollars. It could influence a decision to not report the vulnerability to the developer.

[psds2]

I don't see how your explanation shows Microsoft creating the incentive. Your argument seems to amount to "Microsoft is not creating a sufficient disincentive." The problem with creating a sufficient disincentive is that you draw a lot of attention and still run the risk of being outbid when a vulnerability is discovered.