fix(docs): add Organization.Read.All to M365 provider requirements (#7961)

2026-01-25 02:08:11 +00:00 · 2025-06-09 12:11:14 +02:00
parent 2eaa37921d
commit 359059dee6
5 changed files with 12 additions and 10 deletions
--- a/docs/getting-started/requirements.md
+++ b/docs/getting-started/requirements.md
@@ -202,11 +202,13 @@ Since this is a delegated permission authentication method, necessary permission
 Prowler for M365 requires two types of permission scopes to be set (if you want to run the full provider including PowerShell checks). Both must be configured using Microsoft Entra ID:

 - **Service Principal Application Permissions**: These are set at the **application** level and are used to retrieve data from the identity being assessed:
-    - `Domain.Read.All`: Required for all services.
-    - `Policy.Read.All`: Required for all services.
-    - `User.Read` (IMPORTANT: this must be set as **delegated**): Required for the sign-in.
-    - `SharePointTenantSettings.Read.All`: Required for SharePoint service.
    - `AuditLog.Read.All`: Required for Entra service.
+    - `Domain.Read.All`: Required for all services.
+    - `Organization.Read.All`: Required for retrieving tenant information.
+    - `Policy.Read.All`: Required for all services.
+    - `SharePointTenantSettings.Read.All`: Required for SharePoint service.
+    - `User.Read` (IMPORTANT: this must be set as **delegated**): Required for the sign-in.
+

 - **Powershell Modules Permissions**: These are set at the `M365_USER` level, so the user used to run Prowler must have one of the following roles:
    - `Global Reader` (recommended): this allows you to read all roles needed.
--- a/docs/tutorials/microsoft365/getting-started-m365.md
+++ b/docs/tutorials/microsoft365/getting-started-m365.md
@@ -114,29 +114,29 @@ Follow these steps to assign the permissions:
 3. Search and select every permission below and once all are selected click on `Add permissions`:
    - `AuditLog.Read.All`: Required for Entra service.
    - `Domain.Read.All`
+    - `Organization.Read.All`
    - `Policy.Read.All`
    - `SharePointTenantSettings.Read.All`


    ![Permission Screenshots](./img/directory-permission.png)

-4. Click `Add permissions`, then grant admin consent
+    ![Application Permissions](./img/app-permissions.png)

-    ![Grant Admin Consent](./img/grant-admin-consent.png)

-5. Click `+ Add a permission` > `Microsoft Graph` > `Delegated permissions`
+4. Click `+ Add a permission` > `Microsoft Graph` > `Delegated permissions`

    ![Add API Permission](./img/add-delegated-api-permission.png)

-6. Search and select:
+5. Search and select:

    - `User.Read`

    ![Permission Screenshots](./img/directory-permission-delegated.png)

-7. Click `Add permissions`, then grant admin consent
+6. Click `Add permissions`, then **grant admin consent**

-    ![Grant Admin Consent](./img/grant-admin-consent-delegated.png)
+    ![Grant Admin Consent](./img/grant-admin-consent.png)

    The final result of permission assignment should be this:

--- a/docs/tutorials/microsoft365/img/app-permissions.png
+++ b/docs/tutorials/microsoft365/img/app-permissions.png
--- a/docs/tutorials/microsoft365/img/final-permissions-m365.png
+++ b/docs/tutorials/microsoft365/img/final-permissions-m365.png
--- a/docs/tutorials/microsoft365/img/grant-admin-consent.png
+++ b/docs/tutorials/microsoft365/img/grant-admin-consent.png