Skip to main content

Prowler App

Walkthrough video onboarding an Azure Subscription using Service Principal.
Government Cloud SupportGovernment cloud subscriptions (Azure Government) are not currently supported, but we expect to add support for them in the near future.

Prerequisites

Before setting up Azure in Prowler App, you need to create a Service Principal with proper permissions. For detailed instructions on how to create the Service Principal and configure permissions, see Authentication > Service Principal.

Step 1: Get the Subscription ID

  1. Go to the Azure Portal and search for Subscriptions
  2. Locate and copy your Subscription ID Search Subscription Subscriptions Page

Step 2: Access Prowler App

  1. Navigate to Prowler Cloud or launch Prowler App
  2. Navigate to Configuration > Cloud Providers Cloud Providers Page
  3. Click on Add Cloud Provider Add a Cloud Provider
  4. Select Microsoft Azure Select Microsoft Azure
  5. Add the Subscription ID and an optional alias, then click Next Add Subscription ID

Step 3: Add Credentials to Prowler App

For Azure, Prowler App uses a service principal application to authenticate. For more information about the process of creating and adding permissions to a service principal refer to this section. When you finish creating and adding the Entra and Subscription scope permissions to the service principal, enter the Tenant ID, Client ID and Client Secret of the service principal application.
  1. Go to your App Registration overview and copy the Client ID and Tenant ID App Overview
  2. Go to Prowler App and paste:
    • Client ID
    • Tenant ID
    • Client Secret from earlier
    Prowler Cloud Azure Credentials
  3. Click Next Next Detail
  4. Click “Launch Scan” Launch Scan Azure

Prowler CLI

Configure Azure Credentials

To authenticate with Azure, Prowler CLI supports multiple authentication methods. Choose the method that best suits your environment. For detailed authentication setup instructions, see Authentication. Service Principal (Recommended) Set up environment variables: 
export AZURE_CLIENT_ID="XXXXXXXXX"
export AZURE_TENANT_ID="XXXXXXXXX"
export AZURE_CLIENT_SECRET="XXXXXXX"
Then run: 
prowler azure --sp-env-auth
Azure CLI Credentials Use stored Azure CLI credentials: 
prowler azure --az-cli-auth
Browser Authentication Authenticate using your default browser: 
prowler azure --browser-auth --tenant-id <tenant-id>
Managed Identity When running on Azure resources: 
prowler azure --managed-identity-auth

Subscription Selection

To scan a specific Azure subscription: 
prowler azure --subscription-ids <subscription-id>
To scan multiple Azure subscriptions: 
prowler azure --subscription-ids <subscription-id1> <subscription-id2> <subscription-id3>