> ## Documentation Index
> Fetch the complete documentation index at: https://docs.prowler.com/llms.txt
> Use this file to discover all available pages before exploring further.

<AgentInstructions>

## Submitting Feedback

If you encounter incorrect, outdated, or confusing documentation on this page, submit feedback:

POST https://docs.prowler.com/feedback

```json
{
  "path": "/user-guide/providers/azure/create-prowler-service-principal",
  "feedback": "Description of the issue"
}
```

Only submit feedback when you have something specific and actionable to report.

</AgentInstructions>

# Creating a Prowler Service Principal Application

To enable Prowler to assume an identity for scanning with the required privileges, a Service Principal must be created. This Service Principal authenticates against Azure and retrieves necessary metadata for checks.

Service Principal Applications can be created using either the Azure Portal or the Azure CLI.

<img src="https://mintcdn.com/prowler/cmPhg0PQUNFwgauQ/images/prowler-app/create-sp.gif?s=066bccb7c389584554748847381ab208" alt="Registering an Application in Azure CLI for Prowler" width="1918" height="938" data-path="images/prowler-app/create-sp.gif" />

## Creating a Service Principal via Azure Portal / Entra Admin Center

1. Access **Microsoft Entra ID** in the [Azure Portal](https://portal.azure.com)

   <img src="https://mintcdn.com/prowler/cmPhg0PQUNFwgauQ/images/providers/search-microsoft-entra-id.png?fit=max&auto=format&n=cmPhg0PQUNFwgauQ&q=85&s=189236d8ad79b92948a8291726b2efca" alt="Search Microsoft Entra ID" width="1043" height="347" data-path="images/providers/search-microsoft-entra-id.png" />

2. Navigate to "Manage" > "App registrations"

   <img src="https://mintcdn.com/prowler/VEKBBm2VL7R8-xYV/images/providers/app-registration-menu.png?fit=max&auto=format&n=VEKBBm2VL7R8-xYV&q=85&s=c2db94628ba5c10d7a59405bef539571" alt="App Registration nav" width="1294" height="1122" data-path="images/providers/app-registration-menu.png" />

3. Click "+ New registration", complete the form, and click "Register"

   <img src="https://mintcdn.com/prowler/3MeTQEK7UW2A9QiV/images/providers/new-registration.png?fit=max&auto=format&n=3MeTQEK7UW2A9QiV&q=85&s=0786c30207a713d75f6045d5b3ba0333" alt="New Registration" width="2334" height="1534" data-path="images/providers/new-registration.png" />

4. Go to "Certificates & secrets" > "+ New client secret"

   <img src="https://mintcdn.com/prowler/VEKBBm2VL7R8-xYV/images/providers/certificates-and-secrets.png?fit=max&auto=format&n=VEKBBm2VL7R8-xYV&q=85&s=01507142709ea0cfa1d047b6c9d5bb82" alt="Certificate & Secrets nav" width="2572" height="1140" data-path="images/providers/certificates-and-secrets.png" />

   <img src="https://mintcdn.com/prowler/3MeTQEK7UW2A9QiV/images/providers/new-client-secret.png?fit=max&auto=format&n=3MeTQEK7UW2A9QiV&q=85&s=b4a8ec55604f77f7cba885f3b27a1b04" alt="New Client Secret" width="1800" height="1170" data-path="images/providers/new-client-secret.png" />

5. Fill in the required fields and click "Add", then copy the generated value

| Value         | Description                  |
| ------------- | ---------------------------- |
| Client ID     | Application ID               |
| Client Secret | Secret to Connect to the App |
| Tenant ID     | Microsoft Entra Tenant ID    |

## Creating a Service Principal from Azure CLI

To create a Service Principal using the Azure CLI, follow these steps:

1. Open a terminal and execute the following command:

   ```console theme={null}
   az ad sp create-for-rbac --name "ProwlerApp"
   ```

2. The output will be similar to:

   ```json theme={null}
   {
   "appId": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX",
   "displayName": "ProwlerApp",
   "password": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
   "tenant": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
   }
   ```

3. Save the values of `appId`, `password` and `tenant`, as they will be used as credentials in Prowler.

## Assigning Proper Permissions

Go to [Assigning Proper Permissions](/user-guide/providers/azure/authentication#required-permissions) to learn how to assign the necessary permissions to the Service Principal.