About UsGovernment Cloud SupportGovernment cloud accounts or tenants (Microsoft 365 Government) are currently unsupported, but we expect to add support for them in the near future.
Prerequisites
Configure authentication for Microsoft 365 by following the Microsoft 365 Authentication guide. This includes:- Creating a Service Principal Application
- Granting required Microsoft Graph API permissions
- Setting up PowerShell module permissions (for full security coverage)
Prowler App
Step 1: Obtain Domain ID
-
Go to the Entra ID portal, then search for “Domain” or go to Identity > Settings > Domain Names
- Select the domain to use as unique identifier for the Microsoft 365 account in Prowler App
Step 2: Access Prowler App
- Go to Prowler Cloud or launch Prowler App
-
Navigate to “Configuration” > “Cloud Providers”
-
Click on “Add Cloud Provider”
-
Select “Microsoft 365”
-
Add the Domain ID and an optional alias, then click “Next”
Step 3: Add Credentials to Prowler App
-
Go to App Registration overview and copy the Client ID and Tenant ID
-
Go to Prowler App and paste:
- Client ID
- Tenant ID
AZURE_CLIENT_SECRETfrom the Service Principal setup
-
Click “Next”
-
Click “Launch Scan”
Prowler CLI
Use Prowler CLI to scan Microsoft 365 environments.PowerShell Requirements
PowerShell 7.4+ is required for comprehensive Microsoft 365 security coverage. Installation instructions are available in the Authentication guide.Authentication Options
Select an authentication method from the Microsoft 365 Authentication guide:- Service Principal Application (recommended):
--sp-env-auth - Interactive Browser Authentication:
--browser-auth