Getting Started With Microsoft 365 on Prowler¶
Government Cloud Support
Government cloud accounts or tenants (Microsoft 365 Government) are currently unsupported, but we expect to add support for them in the near future.
Prerequisites¶
Configure authentication for Microsoft 365 by following the Microsoft 365 Authentication guide. This includes:
- Creating a Service Principal Application
- Granting required Microsoft Graph API permissions
- Setting up PowerShell module permissions (for full security coverage)
- Assigning appropriate roles to users (if using user authentication)
Prowler App¶
Step 1: Obtain Domain ID¶
-
Go to the Entra ID portal, then search for "Domain" or go to Identity > Settings > Domain Names
-
Select the domain to use as unique identifier for the Microsoft 365 account in Prowler App
Step 2: Access Prowler App¶
- Go to Prowler Cloud or launch Prowler App
-
Navigate to "Configuration" > "Cloud Providers"
-
Click on "Add Cloud Provider"
-
Select "Microsoft 365"
-
Add the Domain ID and an optional alias, then click "Next"
Step 3: Add Credentials to Prowler App¶
-
Go to App Registration overview and copy the Client ID and Tenant ID
-
Go to Prowler App and paste:
- Client ID
- Tenant ID
AZURE_CLIENT_SECRETfrom the Service Principal setup
If using user authentication, also add:
M365_USER(email using the assigned domain in tenant)M365_PASSWORD(user password)
-
Click "Next"
-
Click "Launch Scan"
Prowler CLI¶
Use Prowler CLI to scan Microsoft 365 environments.
PowerShell Requirements¶
PowerShell 7.4+ is required for comprehensive Microsoft 365 security coverage. Installation instructions are available in the Authentication guide.
Authentication Options¶
Select an authentication method from the Microsoft 365 Authentication guide:
- Service Principal Application (recommended):
--sp-env-auth - Service Principal with User Credentials:
--env-auth - Interactive Browser Authentication:
--browser-auth
Basic Usage¶
After configuring authentication, run a basic scan:
For comprehensive scans including PowerShell checks: