Skip to content

Getting Started With Microsoft 365 on Prowler

Government Cloud Support

Government cloud accounts or tenants (Microsoft 365 Government) are currently unsupported, but we expect to add support for them in the near future.

Prerequisites

Configure authentication for Microsoft 365 by following the Microsoft 365 Authentication guide. This includes:

  • Creating a Service Principal Application
  • Granting required Microsoft Graph API permissions
  • Setting up PowerShell module permissions (for full security coverage)
  • Assigning appropriate roles to users (if using user authentication)

Prowler App

Step 1: Obtain Domain ID

  1. Go to the Entra ID portal, then search for "Domain" or go to Identity > Settings > Domain Names

    Search Domain Names

    Custom Domain Names

  2. Select the domain to use as unique identifier for the Microsoft 365 account in Prowler App

Step 2: Access Prowler App

  1. Go to Prowler Cloud or launch Prowler App
  2. Navigate to "Configuration" > "Cloud Providers"

    Cloud Providers Page

  3. Click on "Add Cloud Provider"

    Add a Cloud Provider

  4. Select "Microsoft 365"

    Select Microsoft 365

  5. Add the Domain ID and an optional alias, then click "Next"

    Add Domain ID

Step 3: Add Credentials to Prowler App

  1. Go to App Registration overview and copy the Client ID and Tenant ID

    App Overview

  2. Go to Prowler App and paste:

    • Client ID
    • Tenant ID
    • AZURE_CLIENT_SECRET from the Service Principal setup

    If using user authentication, also add:

    • M365_USER (email using the assigned domain in tenant)
    • M365_PASSWORD (user password)

    Prowler Cloud M365 Credentials

  3. Click "Next"

    Next Detail

  4. Click "Launch Scan"

    Launch Scan M365


Prowler CLI

Use Prowler CLI to scan Microsoft 365 environments.

PowerShell Requirements

PowerShell 7.4+ is required for comprehensive Microsoft 365 security coverage. Installation instructions are available in the Authentication guide.

Authentication Options

Select an authentication method from the Microsoft 365 Authentication guide:

  • Service Principal Application (recommended): --sp-env-auth
  • Service Principal with User Credentials: --env-auth
  • Interactive Browser Authentication: --browser-auth

Basic Usage

After configuring authentication, run a basic scan:

prowler m365 --sp-env-auth

For comprehensive scans including PowerShell checks:

prowler m365 --sp-env-auth --init-modules