Getting Started With Azure on Prowler¶
Prowler App¶
Walkthrough video onboarding an Azure Subscription using Service Principal.
Government Cloud Support
Government cloud subscriptions (Azure Government) are not currently supported, but we expect to add support for them in the near future.
Prerequisites¶
Before setting up Azure in Prowler App, you need to create a Service Principal with proper permissions.
For detailed instructions on how to create the Service Principal and configure permissions, see Authentication > Service Principal.
Step 1: Get the Subscription ID¶
- Go to the Azure Portal and search for
Subscriptions -
Locate and copy your Subscription ID
Step 2: Access Prowler App¶
- Navigate to Prowler Cloud or launch Prowler App
-
Navigate to
Configuration>Cloud Providers
-
Click on
Add Cloud Provider
-
Select
Microsoft Azure
-
Add the Subscription ID and an optional alias, then click
Next
Step 3: Add Credentials to Prowler App¶
Having completed the Service Principal setup from the Authentication guide:
-
Go to your App Registration overview and copy the
Client IDandTenant ID
-
Go to Prowler App and paste:
Client IDTenant IDClient Secretfrom earlier
-
Click
Next
-
Click "Launch Scan"
Prowler CLI¶
Configure Azure Credentials¶
To authenticate with Azure, Prowler CLI supports multiple authentication methods. Choose the method that best suits your environment.
For detailed authentication setup instructions, see Authentication.
Service Principal (Recommended)
Set up environment variables:
export AZURE_CLIENT_ID="XXXXXXXXX"
export AZURE_TENANT_ID="XXXXXXXXX"
export AZURE_CLIENT_SECRET="XXXXXXX"
Then run:
Azure CLI Credentials
Use stored Azure CLI credentials:
Browser Authentication
Authenticate using your default browser:
Managed Identity
When running on Azure resources:
Subscription Selection¶
To scan a specific Azure subscription:
To scan multiple Azure subscriptions: