Skip to content

Azure Authentication in Prowler

By default, Prowler utilizes the Azure Python SDK identity package for authentication, leveraging the classes DefaultAzureCredential and InteractiveBrowserCredential. This enables authentication against Azure using the following approaches:

  • Service principal authentication via environment variables (Enterprise Application)
  • Currently stored AZ CLI credentials
  • Interactive browser authentication
  • Managed identity authentication

Before launching the tool, specify the desired method using the following flags:

# Service principal authentication:
prowler azure --sp-env-auth

# AZ CLI authentication
prowler azure --az-cli-auth

# Browser authentication
prowler azure --browser-auth --tenant-id "XXXXXXXX"

# Managed identity authentication
prowler azure --managed-identity-auth

Permission Configuration

To ensure Prowler can access the required resources within your Azure account, proper permissions must be configured. Refer to the Requirements section for details on setting up necessary privileges.