Government Cloud SupportGovernment cloud accounts or tenants (Microsoft 365 Government) are currently unsupported, but we expect to add support for them in the near future.
Prerequisites
Configure authentication for Microsoft 365 by following the Microsoft 365 Authentication guide. This includes:- Registering an application in Microsoft Entra ID
- Granting all required Microsoft Graph and external API permissions
- Generating the application certificate (recommended) or client secret
- Setting up PowerShell module permissions (for full security coverage)
Prowler App
Step 1: Obtain Domain ID
-
Go to the Entra ID portal, then search for “Domain” or go to Identity > Settings > Domain Names


- Select the domain to use as unique identifier for the Microsoft 365 account in Prowler App
Step 2: Access Prowler App
- Go to Prowler Cloud or launch Prowler App
-
Navigate to “Configuration” > “Cloud Providers”

-
Click on “Add Cloud Provider”

-
Select “Microsoft 365”

-
Add the Domain ID and an optional alias, then click “Next”

Step 3: Select Authentication Method and Provide Credentials
Prowler App now separates Microsoft 365 authentication into two app-only options. After adding the Domain ID, choose the method that matches your setup:
Application Certificate Authentication (Recommended)
- Copy the Application (client) ID and Tenant ID from the app registration overview page.
- Paste both values into the Prowler App form.
- Upload the PFX bundle or paste the Base64-encoded certificate (
M365_CERTIFICATE_CONTENT), then click Test Connection.

Application Client Secret Authentication
- From the app registration, copy the Application (client) ID and Tenant ID.
- Paste both values plus the client secret into the Prowler App form.
- Click Test Connection to validate the credentials.

Step 4: Launch the Scan
-
Review the summary, then click Next.

-
Click Launch Scan to start auditing Microsoft 365.

Prowler CLI
Use Prowler CLI to scan Microsoft 365 environments.PowerShell Requirements
PowerShell 7.4+ is required for comprehensive Microsoft 365 security coverage. Installation instructions are available in the Authentication guide.Authentication Options
Select an authentication method from the Microsoft 365 Authentication guide:- Application Certificate Authentication (recommended):
--certificate-auth - Application Client Secret Authentication:
--sp-env-auth - Azure CLI Authentication:
--az-cli-auth - Interactive Browser Authentication:
--browser-auth

