Skip to main content
To enable Prowler to assume an identity for scanning with the required privileges, a Service Principal must be created. This Service Principal authenticates against Azure and retrieves necessary metadata for checks. Service Principal Applications can be created using either the Azure Portal or the Azure CLI. Registering an Application in Azure CLI for Prowler

Creating a Service Principal via Azure Portal / Entra Admin Center

  1. Access Microsoft Entra ID in the Azure Portal Search Microsoft Entra ID
  2. Navigate to “Manage” > “App registrations” App Registration nav
  3. Click ”+ New registration”, complete the form, and click “Register” New Registration
  4. Go to “Certificates & secrets” > ”+ New client secret” Certificate & Secrets nav New Client Secret
  5. Fill in the required fields and click “Add”, then copy the generated value
ValueDescription
Client IDApplication ID
Client SecretSecret to Connect to the App
Tenant IDMicrosoft Entra Tenant ID

Creating a Service Principal from Azure CLI

To create a Service Principal using the Azure CLI, follow these steps:
  1. Open a terminal and execute the following command: 
    az ad sp create-for-rbac --name "ProwlerApp"
  2. The output will be similar to: 
    {
"appId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
"displayName": "ProwlerApp",
"password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"tenant": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
  3. Save the values of appId, password and tenant, as they will be used as credentials in Prowler.

Assigning Proper Permissions

Go to Assigning Proper Permissions to learn how to assign the necessary permissions to the Service Principal.
I