chore(m365): accept all tenant domains in authentication (#7746 )

(cherry picked from commit a18dd76a5a) # Conflicts: # prowler/providers/m365/m365_provider.py
chore(ec2): improve severity logic in SG all ports open check (#7769 )
2026-06-09 21:04:53 +00:00 · 2025-05-19 08:09:59 +00:00 · 2025-05-16 16:06:51 +02:00 · 2025-05-15 16:53:12 +02:00 · 2025-05-15 15:01:42 +02:00 · 2025-05-14 10:21:01 +02:00
552 changed files with 33841 additions and 5133 deletions
@@ -9,8 +9,8 @@ updates:
  - package-ecosystem: "pip"
    directory: "/"
    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
+      interval: "monthly"
+    open-pull-requests-limit: 25
    target-branch: master
    labels:
      - "dependencies"
@@ -31,8 +31,8 @@ updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
+      interval: "monthly"
+    open-pull-requests-limit: 25
    target-branch: master
    labels:
      - "dependencies"
@@ -53,46 +53,47 @@ updates:
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
+      interval: "monthly"
+    open-pull-requests-limit: 25
    target-branch: master
    labels:
      - "dependencies"
      - "docker"

+  # Dependabot Updates are temporary disabled - 2025/04/15
  # v4.6
-  - package-ecosystem: "pip"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "pip"
-      - "v4"
+  # - package-ecosystem: "pip"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "weekly"
+  #   open-pull-requests-limit: 10
+  #   target-branch: v4.6
+  #   labels:
+  #     - "dependencies"
+  #     - "pip"
+  #     - "v4"

-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v4"
+  # - package-ecosystem: "github-actions"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "weekly"
+  #   open-pull-requests-limit: 10
+  #   target-branch: v4.6
+  #   labels:
+  #     - "dependencies"
+  #     - "github_actions"
+  #     - "v4"

-  - package-ecosystem: "docker"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    open-pull-requests-limit: 10
-    target-branch: v4.6
-    labels:
-      - "dependencies"
-      - "docker"
-      - "v4"
+  # - package-ecosystem: "docker"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "weekly"
+  #   open-pull-requests-limit: 10
+  #   target-branch: v4.6
+  #   labels:
+  #     - "dependencies"
+  #     - "docker"
+  #     - "v4"

  # Dependabot Updates are temporary disabled - 2025/03/19
  # v3
@@ -107,13 +108,13 @@ updates:
  #     - "pip"
  #     - "v3"

-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-    open-pull-requests-limit: 10
-    target-branch: v3
-    labels:
-      - "dependencies"
-      - "github_actions"
-      - "v3"
+  # - package-ecosystem: "github-actions"
+  #   directory: "/"
+  #   schedule:
+  #     interval: "monthly"
+  #   open-pull-requests-limit: 10
+  #   target-branch: v3
+  #   labels:
+  #     - "dependencies"
+  #     - "github_actions"
+  #     - "v3"
@@ -81,7 +81,7 @@ jobs:
      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          # Set push: false for testing
@@ -94,7 +94,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          push: true
@@ -48,12 +48,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/api-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -85,6 +85,14 @@ jobs:
            api/README.md
            api/mkdocs.yml

+      - name: Replace @master with current branch in pyproject.toml
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF_NAME}}"
+          echo "Using branch: $BRANCH_NAME"
+          sed -i "s|@master|@$BRANCH_NAME|g" pyproject.toml
+
      - name: Install poetry
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
@@ -92,9 +100,15 @@ jobs:
          python -m pip install --upgrade pip
          pipx install poetry==2.1.1

+      - name: Update poetry.lock after the branch name change
+        working-directory: ./api
+        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
+        run: |
+          poetry lock
+
      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -145,7 +159,7 @@ jobs:
        working-directory: ./api
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
        run: |
-          poetry run safety check --ignore 70612,66963
+          poetry run safety check --ignore 70612,66963,74429

      - name: Vulture
        working-directory: ./api
@@ -167,7 +181,7 @@ jobs:

      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -179,7 +193,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.API_WORKING_DIR }}
          push: false
@@ -11,7 +11,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@690e5c7aff8347c3885096f3962a0633d9129607 # v3.88.23
+        uses: trufflesecurity/trufflehog@b06f6d72a3791308bb7ba59c2b8cb7a083bd17e4 # v3.88.26
        with:
          path: ./
          base: ${{ github.event.repository.default_branch }}
@@ -0,0 +1,34 @@
+name: Prowler - Merged Pull Request
+
+on:
+  pull_request_target:
+    branches: ['master']
+    types: ['closed']
+
+jobs:
+  trigger-cloud-pull-request:
+    name: Trigger Cloud Pull Request
+    if: github.event.pull_request.merged == true && github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Set short git commit SHA
+        id: vars
+        run: |
+          shortSha=$(git rev-parse --short ${{ github.sha }})
+          echo "SHORT_SHA=${shortSha}" >> $GITHUB_ENV
+
+      - name: Trigger pull request
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3.0.0
+        with:
+          token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+          repository: ${{ secrets.CLOUD_DISPATCH }}
+          event-type: prowler-pull-request-merged
+          client-payload: '{
+            "PROWLER_COMMIT_SHA": "${{ github.sha }}",
+            "PROWLER_COMMIT_SHORT_SHA": "${{ env.SHORT_SHA }}",
+            "PROWLER_PR_TITLE": "${{ github.event.pull_request.title }}",
+            "PROWLER_PR_LABELS": ${{ toJson(github.event.pull_request.labels.*.name) }},
+            "PROWLER_PR_BODY": ${{ toJson(github.event.pull_request.body) }}
+          }'
@@ -62,7 +62,7 @@ jobs:
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2

      - name: Setup Python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}

@@ -127,7 +127,7 @@ jobs:

      - name: Build and push container image (latest)
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          push: true
          tags: |
@@ -140,7 +140,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          # Use local context to get changes
          # https://github.com/docker/build-push-action#path-context
@@ -0,0 +1,145 @@
+name: SDK - Bump Version
+
+on:
+  release:
+    types: [published]
+
+
+env:
+  PROWLER_VERSION: ${{ github.event.release.tag_name }}
+  BASE_BRANCH: master
+
+jobs:
+  bump-version:
+    name: Bump Version
+    if: github.repository == 'prowler-cloud/prowler'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Get Prowler version
+        shell: bash
+        run: |
+          if [[ $PROWLER_VERSION =~ ^([0-9]+)\.([0-9]+)\.([0-9]+)$ ]]; then
+            MAJOR_VERSION=${BASH_REMATCH[1]}
+            MINOR_VERSION=${BASH_REMATCH[2]}
+            FIX_VERSION=${BASH_REMATCH[3]}
+
+            # Export version components to GitHub environment
+            echo "MAJOR_VERSION=${MAJOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "MINOR_VERSION=${MINOR_VERSION}" >> "${GITHUB_ENV}"
+            echo "FIX_VERSION=${FIX_VERSION}" >> "${GITHUB_ENV}"
+
+            if (( MAJOR_VERSION == 5 )); then
+                if (( FIX_VERSION == 0 )); then
+                  echo "Minor Release: $PROWLER_VERSION"
+
+                  # Set up next minor version for master
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.$((MINOR_VERSION + 1)).${FIX_VERSION}
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=${BASE_BRANCH}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  # Set up patch version for version branch
+                  PATCH_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.1
+                  echo "PATCH_VERSION_TO=${PATCH_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  VERSION_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "VERSION_BRANCH=${VERSION_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next minor version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                  echo "Bumping to next patch version: ${PATCH_VERSION_TO} in branch ${VERSION_BRANCH}"
+                else
+                  echo "Patch Release: $PROWLER_VERSION"
+
+                  BUMP_VERSION_TO=${MAJOR_VERSION}.${MINOR_VERSION}.$((FIX_VERSION + 1))
+                  echo "BUMP_VERSION_TO=${BUMP_VERSION_TO}" >> "${GITHUB_ENV}"
+
+                  TARGET_BRANCH=v${MAJOR_VERSION}.${MINOR_VERSION}
+                  echo "TARGET_BRANCH=${TARGET_BRANCH}" >> "${GITHUB_ENV}"
+
+                  echo "Bumping to next patch version: ${BUMP_VERSION_TO} in branch ${TARGET_BRANCH}"
+                fi
+            else
+                echo "Releasing another Prowler major version, aborting..."
+                exit 1
+            fi
+          else
+            echo "Invalid version syntax: '$PROWLER_VERSION' (must be N.N.N)" >&2
+            exit 1
+          fi
+
+      - name: Bump versions in files
+        run: |
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using BUMP_VERSION_TO=$BUMP_VERSION_TO"
+
+            set -e
+
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${BUMP_VERSION_TO}\"|" pyproject.toml
+
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${BUMP_VERSION_TO}\"|" prowler/config/config.py
+
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${BUMP_VERSION_TO}|" .env
+
+            git --no-pager diff
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.TARGET_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.BUMP_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.BUMP_VERSION_TO }}"
+            body: |
+              ### Description
+
+              Bump Prowler version to v${{ env.BUMP_VERSION_TO }}
+
+              ### License
+
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+
+      - name: Handle patch version for minor release
+        if: env.FIX_VERSION == '0'
+        run: |
+            echo "Using PROWLER_VERSION=$PROWLER_VERSION"
+            echo "Using PATCH_VERSION_TO=$PATCH_VERSION_TO"
+
+            set -e
+
+            echo "Bumping version in pyproject.toml ..."
+            sed -i "s|version = \"${PROWLER_VERSION}\"|version = \"${PATCH_VERSION_TO}\"|" pyproject.toml
+
+            echo "Bumping version in prowler/config/config.py ..."
+            sed -i "s|prowler_version = \"${PROWLER_VERSION}\"|prowler_version = \"${PATCH_VERSION_TO}\"|" prowler/config/config.py
+
+            echo "Bumping version in .env ..."
+            sed -i "s|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PROWLER_VERSION}|NEXT_PUBLIC_PROWLER_RELEASE_VERSION=v${PATCH_VERSION_TO}|" .env
+
+            git --no-pager diff
+
+      - name: Create Pull Request for patch version
+        if: env.FIX_VERSION == '0'
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
+        with:
+            author: prowler-bot <179230569+prowler-bot@users.noreply.github.com>
+            token: ${{ secrets.PROWLER_BOT_ACCESS_TOKEN }}
+            base: ${{ env.VERSION_BRANCH }}
+            commit-message: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            branch: "version-bump-to-v${{ env.PATCH_VERSION_TO }}"
+            title: "chore(release): Bump version to v${{ env.PATCH_VERSION_TO }}"
+            body: |
+              ### Description
+
+              Bump Prowler version to v${{ env.PATCH_VERSION_TO }}
+
+              ### License
+
+              By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@@ -21,6 +21,7 @@ on:
    paths-ignore:
      - 'ui/**'
      - 'api/**'
+      - '.github/**'
  pull_request:
    branches:
      - "master"
@@ -30,6 +31,7 @@ on:
    paths-ignore:
      - 'ui/**'
      - 'api/**'
+      - '.github/**'
  schedule:
    - cron: '00 12 * * *'

@@ -54,12 +56,12 @@ jobs:

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        languages: ${{ matrix.language }}
        config-file: ./.github/codeql/sdk-codeql-config.yml

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+      uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
      with:
        category: "/language:${{matrix.language}}"
@@ -51,7 +51,7 @@ jobs:

      - name: Set up Python ${{ matrix.python-version }}
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ matrix.python-version }}
          cache: "poetry"
@@ -115,6 +115,7 @@ jobs:
          files: |
            ./prowler/providers/aws/**
            ./tests/providers/aws/**
+            .poetry.lock

      - name: AWS - Test
        if: steps.aws-changed-files.outputs.any_changed == 'true'
@@ -129,6 +130,7 @@ jobs:
          files: |
            ./prowler/providers/azure/**
            ./tests/providers/azure/**
+            .poetry.lock

      - name: Azure - Test
        if: steps.azure-changed-files.outputs.any_changed == 'true'
@@ -143,6 +145,7 @@ jobs:
          files: |
            ./prowler/providers/gcp/**
            ./tests/providers/gcp/**
+            .poetry.lock

      - name: GCP - Test
        if: steps.gcp-changed-files.outputs.any_changed == 'true'
@@ -157,6 +160,7 @@ jobs:
          files: |
            ./prowler/providers/kubernetes/**
            ./tests/providers/kubernetes/**
+            .poetry.lock

      - name: Kubernetes - Test
        if: steps.kubernetes-changed-files.outputs.any_changed == 'true'
@@ -171,6 +175,7 @@ jobs:
          files: |
            ./prowler/providers/nhn/**
            ./tests/providers/nhn/**
+            .poetry.lock

      - name: NHN - Test
        if: steps.nhn-changed-files.outputs.any_changed == 'true'
@@ -185,6 +190,7 @@ jobs:
          files: |
            ./prowler/providers/m365/**
            ./tests/providers/m365/**
+            .poetry.lock

      - name: M365 - Test
        if: steps.m365-changed-files.outputs.any_changed == 'true'
@@ -205,7 +211,7 @@ jobs:
      # Codecov
      - name: Upload coverage reports to Codecov
        if: steps.are-non-ignored-files-changed.outputs.any_changed == 'true'
-        uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5.4.0
+        uses: codecov/codecov-action@ad3126e916f78f00edff4ed0317cf185271ccc2d # v5.4.2
        env:
          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
        with:
@@ -7,7 +7,7 @@ on:
 env:
  RELEASE_TAG: ${{ github.event.release.tag_name }}
  PYTHON_VERSION: 3.11
-  CACHE: "poetry"
+  # CACHE: "poetry"

 jobs:
  repository-check:
@@ -71,10 +71,10 @@ jobs:
          pipx install poetry==2.1.1

      - name: Setup Python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: ${{ env.PYTHON_VERSION }}
-          cache: ${{ env.CACHE }}
+          # cache: ${{ env.CACHE }}

      - name: Build Prowler package
        run: |
@@ -4,7 +4,7 @@ name: SDK - Refresh AWS services' regions

 on:
  schedule:
-    - cron: "0 9 * * *" #runs at 09:00 UTC everyday
+    - cron: "0 9 * * 1" # runs at 09:00 UTC every Monday

 env:
  GITHUB_BRANCH: "master"
@@ -28,7 +28,7 @@ jobs:
          ref: ${{ env.GITHUB_BRANCH }}

      - name: setup python
-        uses: actions/setup-python@8d9ed9ac5c53483de85588cdf95a591a75ab9f55 # v5.5.0
+        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: 3.9 #install the python needed

@@ -81,7 +81,7 @@ jobs:
      - name: Build and push container image (latest)
        # Comment the following line for testing
        if: github.event_name == 'push'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -96,7 +96,7 @@ jobs:

      - name: Build and push container image (release)
        if: github.event_name == 'release'
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.WORKING_DIRECTORY }}
          build-args: |
@@ -48,12 +48,12 @@ jobs:

      # Initializes the CodeQL tools for scanning.
      - name: Initialize CodeQL
-        uses: github/codeql-action/init@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          languages: ${{ matrix.language }}
          config-file: ./.github/codeql/ui-codeql-config.yml

      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
        with:
          category: "/language:${{matrix.language}}"
@@ -31,7 +31,7 @@ jobs:
        with:
          persist-credentials: false
      - name: Setup Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@cdca7365b2dadb8aad0a33bc7601856ffabcc48e # v4.3.0
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
        with:
          node-version: ${{ matrix.node-version }}
      - name: Install dependencies
@@ -50,7 +50,7 @@ jobs:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
      - name: Build Container
-        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
+        uses: docker/build-push-action@14487ce63c7a62a4a324b0bfb37086795e31c6c1 # v6.16.0
        with:
          context: ${{ env.UI_WORKING_DIR }}
          # Always build using `prod` target
@@ -42,6 +42,9 @@ junit-reports/
 # VSCode files
 .vscode/

+# Cursor files
+.cursorignore
+
 # Terraform
 .terraform*
 *.tfstate
@@ -115,7 +115,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'safety check --ignore 70612,66963'
+        entry: bash -c 'safety check --ignore 70612,66963,74429'
        language: system

      - id: vulture
@@ -1,24 +1,43 @@
-FROM python:3.12.9-alpine3.20
+FROM python:3.12.10-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/prowler"
+LABEL org.opencontainers.image.source="https://github.com/prowler-cloud/prowler"

-# Update system dependencies and install essential tools
-#hadolint ignore=DL3018
-RUN apk --no-cache upgrade && apk --no-cache add curl git gcc python3-dev musl-dev linux-headers
+ARG POWERSHELL_VERSION=7.5.0
+
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install PowerShell
+RUN ARCH=$(uname -m) && \
+    if [ "$ARCH" = "x86_64" ]; then \
+        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
+    elif [ "$ARCH" = "aarch64" ]; then \
+        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
+    else \
+        echo "Unsupported architecture: $ARCH" && exit 1 ; \
+    fi && \
+    mkdir -p /opt/microsoft/powershell/7 && \
+    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
+    chmod +x /opt/microsoft/powershell/7/pwsh && \
+    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
+    rm /tmp/powershell.tar.gz
+
+# Add prowler user
+RUN addgroup --gid 1000 prowler && \
+    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler

-# Create non-root user
-RUN mkdir -p /home/prowler && \
-    echo 'prowler:x:1000:1000:prowler:/home/prowler:' > /etc/passwd && \
-    echo 'prowler:x:1000:' > /etc/group && \
-    chown -R prowler:prowler /home/prowler
 USER prowler

-# Copy necessary files
 WORKDIR /home/prowler
+
+# Copy necessary files
 COPY prowler/  /home/prowler/prowler/
 COPY dashboard/ /home/prowler/dashboard/
 COPY pyproject.toml /home/prowler
 COPY README.md /home/prowler/
+COPY prowler/providers/m365/lib/powershell/m365_powershell.py /home/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py

 # Install Python dependencies
 ENV HOME='/home/prowler'
@@ -34,6 +53,9 @@ RUN pip install --no-cache-dir --upgrade pip && \
 RUN poetry install --compile && \
    rm -rf ~/.cache/pip

+# Install PowerShell modules
+RUN poetry run python prowler/providers/m365/lib/powershell/m365_powershell.py
+
 # Remove deprecated dash dependencies
 RUN pip uninstall dash-html-components -y && \
    pip uninstall dash-core-components -y
@@ -75,7 +75,7 @@ It contains hundreds of controls covering CIS, NIST 800, NIST CSF, CISA, RBI, Fe
 | GCP | 78 | 13 | 7 | 3 |
 | Azure | 140 | 18 | 7 | 3 |
 | Kubernetes | 83 | 7 | 4 | 7 |
-| Microsoft365 | 5 | 2 | 1 | 0 |
+| M365 | 44 | 2 | 1 | 0 |
 | NHN (Unofficial) | 6 | 2 | 1 | 0 |

 > You can list the checks, services, compliance frameworks and categories with `prowler <provider> --list-checks`, `prowler <provider> --list-services`, `prowler <provider> --list-compliance` and `prowler <provider> --list-categories`.
@@ -80,7 +80,7 @@ repos:
      - id: safety
        name: safety
        description: "Safety is a tool that checks your installed dependencies for known security vulnerabilities"
-        entry: bash -c 'poetry run safety check --ignore 70612,66963'
+        entry: bash -c 'poetry run safety check --ignore 70612,66963,74429'
        language: system

      - id: vulture
@@ -3,6 +3,16 @@
 All notable changes to the **Prowler API** are documented in this file.


+## [v1.7.0] (Prowler v5.6.0)
+
+### Added
+
+- Added M365 as a new provider [(#7563)](https://github.com/prowler-cloud/prowler/pull/7563).
+- Added a `compliance/` folder and ZIP‐export functionality for all compliance reports.[(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
+- Added a new API endpoint to fetch and download any specific compliance file by name [(#7653)](https://github.com/prowler-cloud/prowler/pull/7653).
+
+---
+
 ## [v1.6.0] (Prowler v5.5.0)

 ### Added
@@ -1,13 +1,33 @@
-FROM python:3.12.8-alpine3.20 AS build
+FROM python:3.12.10-slim-bookworm AS build

 LABEL maintainer="https://github.com/prowler-cloud/api"

-# hadolint ignore=DL3018
-RUN apk --no-cache add gcc python3-dev musl-dev linux-headers curl-dev
+ARG POWERSHELL_VERSION=7.5.0
+ENV POWERSHELL_VERSION=${POWERSHELL_VERSION}
+
+# hadolint ignore=DL3008
+RUN apt-get update && apt-get install -y --no-install-recommends wget libicu72 \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install PowerShell
+RUN ARCH=$(uname -m) && \
+    if [ "$ARCH" = "x86_64" ]; then \
+        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-x64.tar.gz -O /tmp/powershell.tar.gz ; \
+    elif [ "$ARCH" = "aarch64" ]; then \
+        wget --progress=dot:giga https://github.com/PowerShell/PowerShell/releases/download/v${POWERSHELL_VERSION}/powershell-${POWERSHELL_VERSION}-linux-arm64.tar.gz -O /tmp/powershell.tar.gz ; \
+    else \
+        echo "Unsupported architecture: $ARCH" && exit 1 ; \
+    fi && \
+    mkdir -p /opt/microsoft/powershell/7 && \
+    tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 && \
+    chmod +x /opt/microsoft/powershell/7/pwsh && \
+    ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh && \
+    rm /tmp/powershell.tar.gz
+
+# Add prowler user
+RUN addgroup --gid 1000 prowler && \
+    adduser --uid 1000 --gid 1000 --disabled-password --gecos "" prowler

-RUN apk --no-cache upgrade && \
-    addgroup -g 1000 prowler && \
-    adduser -D -u 1000 -G prowler prowler
 USER prowler

 WORKDIR /home/prowler
@@ -17,7 +37,7 @@ COPY pyproject.toml ./
 RUN pip install --no-cache-dir --upgrade pip && \
    pip install --no-cache-dir poetry

-COPY src/backend/  ./backend/
+COPY src/backend/ ./backend/

 ENV PATH="/home/prowler/.local/bin:$PATH"

@@ -27,18 +47,13 @@ RUN poetry install --no-root && \

 COPY docker-entrypoint.sh ./docker-entrypoint.sh

+RUN poetry run python "$(poetry env info --path)/src/prowler/prowler/providers/m365/lib/powershell/m365_powershell.py"
+
 WORKDIR /home/prowler/backend

 # Development image
-# hadolint ignore=DL3006
 FROM build AS dev

-USER 0
-# hadolint ignore=DL3018
-RUN apk --no-cache add curl vim
-
-USER prowler
-
 ENTRYPOINT ["../docker-entrypoint.sh", "dev"]

 # Production image
@@ -235,6 +235,7 @@ To view the logs for any component (e.g., Django, Celery worker), you can use th

 ```console
 docker logs -f $(docker ps --format "{{.Names}}" | grep 'api-')
+```

 ## Applying migrations

@@ -7,7 +7,7 @@ authors = [{name = "Prowler Engineering", email = "engineering@prowler.com"}]
 dependencies = [
  "celery[pytest] (>=5.4.0,<6.0.0)",
  "dj-rest-auth[with_social,jwt] (==7.0.1)",
-  "django==5.1.7",
+  "django==5.1.8",
  "django-allauth==65.4.1",
  "django-celery-beat (>=2.7.0,<3.0.0)",
  "django-celery-results (>=2.5.1,<3.0.0)",
@@ -23,7 +23,7 @@ dependencies = [
  "drf-spectacular==0.27.2",
  "drf-spectacular-jsonapi==0.5.1",
  "gunicorn==23.0.0",
-  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.5",
+  "prowler @ git+https://github.com/prowler-cloud/prowler.git@v5.6",
  "psycopg2-binary==2.9.9",
  "pytest-celery[redis] (>=1.0.1,<2.0.0)",
  "sentry-sdk[django] (>=2.20.0,<3.0.0)",
@@ -35,7 +35,7 @@ name = "prowler-api"
 package-mode = false
 # Needed for the SDK compatibility
 requires-python = ">=3.11,<3.13"
-version = "1.6.0"
+version = "1.7.0"

 [project.scripts]
 celery = "src.backend.config.settings.celery"
@@ -46,6 +46,7 @@ coverage = "7.5.4"
 django-silk = "5.3.2"
 docker = "7.1.0"
 freezegun = "1.5.1"
+marshmallow = ">=3.15.0,<4.0.0"
 mypy = "1.10.1"
 pylint = "3.2.5"
 pytest = "8.2.2"
@@ -1,12 +1,38 @@
 from types import MappingProxyType

+from api.models import Provider
+from prowler.config.config import get_available_compliance_frameworks
 from prowler.lib.check.compliance_models import Compliance
 from prowler.lib.check.models import CheckMetadata

-from api.models import Provider
-
 PROWLER_COMPLIANCE_OVERVIEW_TEMPLATE = {}
 PROWLER_CHECKS = {}
+AVAILABLE_COMPLIANCE_FRAMEWORKS = {}
+
+
+def get_compliance_frameworks(provider_type: Provider.ProviderChoices) -> list[str]:
+    """
+    Retrieve and cache the list of available compliance frameworks for a specific cloud provider.
+
+    This function lazily loads and caches the available compliance frameworks (e.g., CIS, MITRE, ISO)
+    for each provider type (AWS, Azure, GCP, etc.) on first access. Subsequent calls for the same
+    provider will return the cached result.
+
+    Args:
+        provider_type (Provider.ProviderChoices): The cloud provider type for which to retrieve
+            available compliance frameworks (e.g., "aws", "azure", "gcp", "m365").
+
+    Returns:
+        list[str]: A list of framework identifiers (e.g., "cis_1.4_aws", "mitre_attack_azure") available
+        for the given provider.
+    """
+    global AVAILABLE_COMPLIANCE_FRAMEWORKS
+    if provider_type not in AVAILABLE_COMPLIANCE_FRAMEWORKS:
+        AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type] = (
+            get_available_compliance_frameworks(provider_type)
+        )
+
+    return AVAILABLE_COMPLIANCE_FRAMEWORKS[provider_type]


 def get_prowler_provider_checks(provider_type: Provider.ProviderChoices):
@@ -0,0 +1,32 @@
+# Generated by Django 5.1.7 on 2025-04-16 08:47
+
+from django.db import migrations
+
+import api.db_utils
+
+
+class Migration(migrations.Migration):
+    dependencies = [
+        ("api", "0016_finding_compliance_resource_details_and_more"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="provider",
+            name="provider",
+            field=api.db_utils.ProviderEnumField(
+                choices=[
+                    ("aws", "AWS"),
+                    ("azure", "Azure"),
+                    ("gcp", "GCP"),
+                    ("kubernetes", "Kubernetes"),
+                    ("m365", "M365"),
+                ],
+                default="aws",
+            ),
+        ),
+        migrations.RunSQL(
+            "ALTER TYPE provider ADD VALUE IF NOT EXISTS 'm365';",
+            reverse_sql=migrations.RunSQL.noop,
+        ),
+    ]
@@ -191,6 +191,7 @@ class Provider(RowLevelSecurityProtectedModel):
        AZURE = "azure", _("Azure")
        GCP = "gcp", _("GCP")
        KUBERNETES = "kubernetes", _("Kubernetes")
+        M365 = "m365", _("M365")

    @staticmethod
    def validate_aws_uid(value):
@@ -214,6 +215,15 @@ class Provider(RowLevelSecurityProtectedModel):
                pointer="/data/attributes/uid",
            )

+    @staticmethod
+    def validate_m365_uid(value):
+        if not re.match(r"^[a-zA-Z0-9-]+\.com$", value):
+            raise ModelValidationError(
+                detail="M365 domain ID must be a valid domain.",
+                code="m365-uid",
+                pointer="/data/attributes/uid",
+            )
+
    @staticmethod
    def validate_gcp_uid(value):
        if not re.match(r"^[a-z][a-z0-9-]{5,29}$", value):
@@ -1,7 +1,7 @@
 openapi: 3.0.3
 info:
  title: Prowler API
-  version: 1.6.0
+  version: 1.7.0
  description: |-
    Prowler API specification.

@@ -83,11 +83,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -99,6 +101,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -106,6 +109,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -450,11 +454,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -466,6 +472,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -473,6 +480,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -962,11 +970,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -978,6 +988,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -985,6 +996,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -1395,11 +1407,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -1411,6 +1425,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -1418,6 +1433,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -2047,11 +2063,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -2063,6 +2081,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -2070,6 +2089,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -2204,11 +2224,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -2220,6 +2242,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -2227,6 +2250,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -2377,11 +2401,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -2393,6 +2419,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -2400,6 +2427,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -2863,11 +2891,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider__in]
        schema:
@@ -3441,11 +3471,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -3457,6 +3489,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -3464,6 +3497,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -4167,11 +4201,13 @@ paths:
          - azure
          - gcp
          - kubernetes
+          - m365
        description: |-
          * `aws` - AWS
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
      - in: query
        name: filter[provider_type__in]
        schema:
@@ -4183,6 +4219,7 @@ paths:
            - azure
            - gcp
            - kubernetes
+            - m365
        description: |-
          Multiple values may be separated by commas.

@@ -4190,6 +4227,7 @@ paths:
          * `azure` - Azure
          * `gcp` - GCP
          * `kubernetes` - Kubernetes
+          * `m365` - M365
        explode: false
        style: form
      - in: query
@@ -4465,6 +4503,47 @@ paths:
              schema:
                $ref: '#/components/schemas/ScanUpdateResponse'
          description: ''
+  /api/v1/scans/{id}/compliance/{name}:
+    get:
+      operationId: scan_compliance_download
+      description: Download a specific compliance report (e.g., 'cis_1.4_aws') as
+        a CSV file.
+      summary: Retrieve compliance report as CSV
+      parameters:
+      - in: query
+        name: fields[scan-reports]
+        schema:
+          type: array
+          items:
+            type: string
+            enum:
+            - id
+            - name
+        description: endpoint return only specific fields in the response on a per-type
+          basis by including a fields[TYPE] query parameter.
+        explode: false
+      - in: path
+        name: id
+        schema:
+          type: string
+          format: uuid
+        description: A UUID string identifying this scan.
+        required: true
+      - in: path
+        name: name
+        schema:
+          type: string
+        description: The compliance report name, like 'cis_1.4_aws'
+        required: true
+      tags:
+      - Scan
+      security:
+      - jwtAuth: []
+      responses:
+        '200':
+          description: CSV file containing the compliance report
+        '404':
+          description: Compliance report not found
  /api/v1/scans/{id}/report:
    get:
      operationId: scans_report_retrieve
@@ -8347,6 +8426,33 @@ components:
                    - client_id
                    - client_secret
                    - tenant_id
+                  - type: object
+                    title: M365 Static Credentials
+                    properties:
+                      client_id:
+                        type: string
+                        description: The Azure application (client) ID for authentication
+                          in Azure AD.
+                      client_secret:
+                        type: string
+                        description: The client secret associated with the application
+                          (client) ID, providing secure access.
+                      tenant_id:
+                        type: string
+                        description: The Azure tenant ID, representing the directory
+                          where the application is registered.
+                      user:
+                        type: email
+                        description: User microsoft email address.
+                      encrypted_password:
+                        type: string
+                        description: User encrypted password.
+                    required:
+                    - client_id
+                    - client_secret
+                    - tenant_id
+                    - user
+                    - encrypted_password
                  - type: object
                    title: GCP Static Credentials
                    properties:
@@ -8814,12 +8920,14 @@ components:
              - azure
              - gcp
              - kubernetes
+              - m365
              type: string
              description: |-
                * `aws` - AWS
                * `azure` - Azure
                * `gcp` - GCP
                * `kubernetes` - Kubernetes
+                * `m365` - M365
            uid:
              type: string
              title: Unique identifier for the provider, set by the provider
@@ -8926,12 +9034,14 @@ components:
              - azure
              - gcp
              - kubernetes
+              - m365
              type: string
              description: |-
                * `aws` - AWS
                * `azure` - Azure
                * `gcp` - GCP
                * `kubernetes` - Kubernetes
+                * `m365` - M365
            uid:
              type: string
              title: Unique identifier for the provider, set by the provider
@@ -8969,12 +9079,14 @@ components:
                  - azure
                  - gcp
                  - kubernetes
+                  - m365
                  type: string
                  description: |-
                    * `aws` - AWS
                    * `azure` - Azure
                    * `gcp` - GCP
                    * `kubernetes` - Kubernetes
+                    * `m365` - M365
                uid:
                  type: string
                  minLength: 3
@@ -9559,6 +9671,33 @@ components:
                - client_id
                - client_secret
                - tenant_id
+              - type: object
+                title: M365 Static Credentials
+                properties:
+                  client_id:
+                    type: string
+                    description: The Azure application (client) ID for authentication
+                      in Azure AD.
+                  client_secret:
+                    type: string
+                    description: The client secret associated with the application
+                      (client) ID, providing secure access.
+                  tenant_id:
+                    type: string
+                    description: The Azure tenant ID, representing the directory where
+                      the application is registered.
+                  user:
+                    type: email
+                    description: User microsoft email address.
+                  encrypted_password:
+                    type: string
+                    description: User encrypted password.
+                required:
+                - client_id
+                - client_secret
+                - tenant_id
+                - user
+                - encrypted_password
              - type: object
                title: GCP Static Credentials
                properties:
@@ -9741,6 +9880,33 @@ components:
                    - client_id
                    - client_secret
                    - tenant_id
+                  - type: object
+                    title: M365 Static Credentials
+                    properties:
+                      client_id:
+                        type: string
+                        description: The Azure application (client) ID for authentication
+                          in Azure AD.
+                      client_secret:
+                        type: string
+                        description: The client secret associated with the application
+                          (client) ID, providing secure access.
+                      tenant_id:
+                        type: string
+                        description: The Azure tenant ID, representing the directory
+                          where the application is registered.
+                      user:
+                        type: email
+                        description: User microsoft email address.
+                      encrypted_password:
+                        type: string
+                        description: User encrypted password.
+                    required:
+                    - client_id
+                    - client_secret
+                    - tenant_id
+                    - user
+                    - encrypted_password
                  - type: object
                    title: GCP Static Credentials
                    properties:
@@ -9939,6 +10105,33 @@ components:
                - client_id
                - client_secret
                - tenant_id
+              - type: object
+                title: M365 Static Credentials
+                properties:
+                  client_id:
+                    type: string
+                    description: The Azure application (client) ID for authentication
+                      in Azure AD.
+                  client_secret:
+                    type: string
+                    description: The client secret associated with the application
+                      (client) ID, providing secure access.
+                  tenant_id:
+                    type: string
+                    description: The Azure tenant ID, representing the directory where
+                      the application is registered.
+                  user:
+                    type: email
+                    description: User microsoft email address.
+                  encrypted_password:
+                    type: string
+                    description: User encrypted password.
+                required:
+                - client_id
+                - client_secret
+                - tenant_id
+                - user
+                - encrypted_password
              - type: object
                title: GCP Static Credentials
                properties:
@@ -19,6 +19,7 @@ from prowler.providers.aws.aws_provider import AwsProvider
 from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
+from prowler.providers.m365.m365_provider import M365Provider


 class TestMergeDicts:
@@ -104,6 +105,7 @@ class TestReturnProwlerProvider:
            (Provider.ProviderChoices.GCP.value, GcpProvider),
            (Provider.ProviderChoices.AZURE.value, AzureProvider),
            (Provider.ProviderChoices.KUBERNETES.value, KubernetesProvider),
+            (Provider.ProviderChoices.M365.value, M365Provider),
        ],
    )
    def test_return_prowler_provider(self, provider_type, expected_provider):
@@ -176,6 +178,10 @@ class TestGetProwlerProviderKwargs:
                Provider.ProviderChoices.KUBERNETES.value,
                {"context": "provider_uid"},
            ),
+            (
+                Provider.ProviderChoices.M365.value,
+                {},
+            ),
        ],
    )
    def test_get_prowler_provider_kwargs(self, provider_type, expected_extra_kwargs):
@@ -3,16 +3,17 @@ import io
 import json
 import os
 from datetime import datetime, timedelta, timezone
-from unittest.mock import ANY, Mock, patch
+from unittest.mock import ANY, MagicMock, Mock, patch

 import jwt
 import pytest
-from botocore.exceptions import NoCredentialsError
+from botocore.exceptions import ClientError, NoCredentialsError
 from conftest import API_JSON_CONTENT_TYPE, TEST_PASSWORD, TEST_USER
 from django.conf import settings
 from django.urls import reverse
 from rest_framework import status

+from api.compliance import get_compliance_frameworks
 from api.models import (
    ComplianceOverview,
    Integration,
@@ -2277,7 +2278,8 @@ class TestScanViewSet:
        scan.save()

        monkeypatch.setattr(
-            "api.v1.views.env", type("env", (), {"str": lambda self, key: bucket})()
+            "api.v1.views.env",
+            type("env", (), {"str": lambda self, *args, **kwargs: "test-bucket"})(),
        )

        class FakeS3Client:
@@ -2346,6 +2348,263 @@ class TestScanViewSet:
        assert content_disposition.startswith('attachment; filename="')
        assert f'filename="{file_path.name}"' in content_disposition

+    def test_compliance_invalid_framework(self, authenticated_client, scans_fixture):
+        scan = scans_fixture[0]
+        scan.state = StateChoices.COMPLETED
+        scan.output_location = "dummy"
+        scan.save()
+
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": "invalid"})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_404_NOT_FOUND
+        assert resp.json()["errors"]["detail"] == "Compliance 'invalid' not found."
+
+    def test_compliance_executing(
+        self, authenticated_client, scans_fixture, monkeypatch
+    ):
+        scan = scans_fixture[0]
+        scan.state = StateChoices.EXECUTING
+        scan.save()
+        task = Task.objects.create(tenant_id=scan.tenant_id)
+        scan.task = task
+        scan.save()
+        dummy = {"id": str(task.id), "state": StateChoices.EXECUTING}
+
+        monkeypatch.setattr(
+            "api.v1.views.TaskSerializer",
+            lambda *args, **kwargs: type("S", (), {"data": dummy}),
+        )
+
+        framework = get_compliance_frameworks(scan.provider.provider)[0]
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": framework})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_202_ACCEPTED
+        assert "Content-Location" in resp
+        assert dummy["id"] in resp["Content-Location"]
+
+    def test_compliance_no_output(self, authenticated_client, scans_fixture):
+        scan = scans_fixture[0]
+        scan.state = StateChoices.COMPLETED
+        scan.output_location = ""
+        scan.save()
+
+        framework = get_compliance_frameworks(scan.provider.provider)[0]
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": framework})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_404_NOT_FOUND
+        assert resp.json()["errors"]["detail"] == "The scan has no reports."
+
+    def test_compliance_s3_no_credentials(
+        self, authenticated_client, scans_fixture, monkeypatch
+    ):
+        scan = scans_fixture[0]
+        bucket = "bucket"
+        key = "file.zip"
+        scan.output_location = f"s3://{bucket}/{key}"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        monkeypatch.setattr(
+            "api.v1.views.get_s3_client",
+            lambda: (_ for _ in ()).throw(NoCredentialsError()),
+        )
+
+        framework = get_compliance_frameworks(scan.provider.provider)[0]
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": framework})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_403_FORBIDDEN
+        assert resp.json()["errors"]["detail"] == "There is a problem with credentials."
+
+    def test_compliance_s3_success(
+        self, authenticated_client, scans_fixture, monkeypatch
+    ):
+        scan = scans_fixture[0]
+        bucket = "bucket"
+        prefix = "path/scan.zip"
+        scan.output_location = f"s3://{bucket}/{prefix}"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        monkeypatch.setattr(
+            "api.v1.views.env",
+            type("env", (), {"str": lambda self, *args, **kwargs: "test-bucket"})(),
+        )
+
+        match_key = "path/compliance/mitre_attack_aws.csv"
+
+        class FakeS3Client:
+            def list_objects_v2(self, Bucket, Prefix):
+                return {"Contents": [{"Key": match_key}]}
+
+            def get_object(self, Bucket, Key):
+                return {"Body": io.BytesIO(b"ignored")}
+
+        monkeypatch.setattr("api.v1.views.get_s3_client", lambda: FakeS3Client())
+
+        framework = match_key.split("/")[-1].split(".")[0]
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": framework})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_200_OK
+        cd = resp["Content-Disposition"]
+        assert cd.startswith('attachment; filename="')
+        assert cd.endswith('filename="mitre_attack_aws.csv"')
+
+    def test_compliance_s3_not_found(
+        self, authenticated_client, scans_fixture, monkeypatch
+    ):
+        scan = scans_fixture[0]
+        bucket = "bucket"
+        scan.output_location = f"s3://{bucket}/x/scan.zip"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        monkeypatch.setattr(
+            "api.v1.views.env",
+            type("env", (), {"str": lambda self, *args, **kwargs: "test-bucket"})(),
+        )
+
+        class FakeS3Client:
+            def list_objects_v2(self, Bucket, Prefix):
+                return {"Contents": []}
+
+            def get_object(self, Bucket, Key):
+                return {"Body": io.BytesIO(b"ignored")}
+
+        monkeypatch.setattr("api.v1.views.get_s3_client", lambda: FakeS3Client())
+
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": "cis_1.4_aws"})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_404_NOT_FOUND
+        assert (
+            resp.json()["errors"]["detail"]
+            == "No compliance file found for name 'cis_1.4_aws'."
+        )
+
+    def test_compliance_local_file(
+        self, authenticated_client, scans_fixture, tmp_path, monkeypatch
+    ):
+        scan = scans_fixture[0]
+        scan.state = StateChoices.COMPLETED
+        base = tmp_path / "reports"
+        comp_dir = base / "compliance"
+        comp_dir.mkdir(parents=True)
+        fname = comp_dir / "scan_cis.csv"
+        fname.write_bytes(b"ignored")
+
+        scan.output_location = str(base / "scan.zip")
+        scan.save()
+
+        monkeypatch.setattr(
+            glob,
+            "glob",
+            lambda p: [str(fname)] if p.endswith("*_cis_1.4_aws.csv") else [],
+        )
+
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": "cis_1.4_aws"})
+        resp = authenticated_client.get(url)
+        assert resp.status_code == status.HTTP_200_OK
+        cd = resp["Content-Disposition"]
+        assert cd.startswith('attachment; filename="')
+        assert cd.endswith(f'filename="{fname.name}"')
+
+    @patch("api.v1.views.Task.objects.get")
+    @patch("api.v1.views.TaskSerializer")
+    def test__get_task_status_returns_none_if_task_not_executing(
+        self, mock_task_serializer, mock_task_get, authenticated_client, scans_fixture
+    ):
+        scan = scans_fixture[0]
+        scan.state = StateChoices.COMPLETED
+        scan.output_location = "dummy"
+        scan.save()
+
+        task = Task.objects.create(tenant_id=scan.tenant_id)
+        mock_task_get.return_value = task
+        mock_task_serializer.return_value.data = {
+            "id": str(task.id),
+            "state": StateChoices.COMPLETED,
+        }
+
+        url = reverse("scan-report", kwargs={"pk": scan.id})
+        response = authenticated_client.get(url)
+
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+
+    @patch("api.v1.views.get_s3_client")
+    @patch("api.v1.views.sentry_sdk.capture_exception")
+    def test_compliance_list_objects_client_error(
+        self,
+        mock_sentry_capture,
+        mock_get_s3_client,
+        authenticated_client,
+        scans_fixture,
+    ):
+        scan = scans_fixture[0]
+        scan.output_location = "s3://test-bucket/path/to/scan.zip"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        fake_client = MagicMock()
+        fake_client.list_objects_v2.side_effect = ClientError(
+            {"Error": {"Code": "InternalError"}}, "ListObjectsV2"
+        )
+        mock_get_s3_client.return_value = fake_client
+
+        framework = get_compliance_frameworks(scan.provider.provider)[0]
+        url = reverse("scan-compliance", kwargs={"pk": scan.id, "name": framework})
+        response = authenticated_client.get(url)
+
+        assert response.status_code == status.HTTP_502_BAD_GATEWAY
+        assert (
+            response.json()["errors"]["detail"]
+            == "Unable to list compliance files in S3: encountered an AWS error."
+        )
+        mock_sentry_capture.assert_called()
+
+    @patch("api.v1.views.get_s3_client")
+    def test_report_s3_nosuchkey(
+        self, mock_get_s3_client, authenticated_client, scans_fixture
+    ):
+        scan = scans_fixture[0]
+        scan.output_location = "s3://test-bucket/report.zip"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        fake_client = MagicMock()
+        fake_client.get_object.side_effect = ClientError(
+            {"Error": {"Code": "NoSuchKey"}}, "GetObject"
+        )
+        mock_get_s3_client.return_value = fake_client
+
+        url = reverse("scan-report", kwargs={"pk": scan.id})
+        response = authenticated_client.get(url)
+
+        assert response.status_code == status.HTTP_404_NOT_FOUND
+        assert response.json()["errors"]["detail"] == "The scan has no reports."
+
+    @patch("api.v1.views.get_s3_client")
+    def test_report_s3_client_error_other(
+        self, mock_get_s3_client, authenticated_client, scans_fixture
+    ):
+        scan = scans_fixture[0]
+        scan.output_location = "s3://test-bucket/report.zip"
+        scan.state = StateChoices.COMPLETED
+        scan.save()
+
+        fake_client = MagicMock()
+        fake_client.get_object.side_effect = ClientError(
+            {"Error": {"Code": "AccessDenied"}}, "GetObject"
+        )
+        mock_get_s3_client.return_value = fake_client
+
+        url = reverse("scan-report", kwargs={"pk": scan.id})
+        response = authenticated_client.get(url)
+
+        assert response.status_code == status.HTTP_403_FORBIDDEN
+        assert (
+            response.json()["errors"]["detail"]
+            == "There is a problem with credentials."
+        )
+

@pytest.mark.django_db
 class TestTaskViewSet:
@@ -11,6 +11,7 @@ from prowler.providers.azure.azure_provider import AzureProvider
 from prowler.providers.common.models import Connection
 from prowler.providers.gcp.gcp_provider import GcpProvider
 from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider
+from prowler.providers.m365.m365_provider import M365Provider


 class CustomOAuth2Client(OAuth2Client):
@@ -51,14 +52,14 @@ def merge_dicts(default_dict: dict, replacement_dict: dict) -> dict:

 def return_prowler_provider(
    provider: Provider,
-) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider]:
+) -> [AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider]:
    """Return the Prowler provider class based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: The corresponding provider class.
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: The corresponding provider class.

    Raises:
        ValueError: If the provider type specified in `provider.provider` is not supported.
@@ -72,6 +73,8 @@ def return_prowler_provider(
            prowler_provider = AzureProvider
        case Provider.ProviderChoices.KUBERNETES.value:
            prowler_provider = KubernetesProvider
+        case Provider.ProviderChoices.M365.value:
+            prowler_provider = M365Provider
        case _:
            raise ValueError(f"Provider type {provider.provider} not supported")
    return prowler_provider
@@ -104,15 +107,15 @@ def get_prowler_provider_kwargs(provider: Provider) -> dict:

 def initialize_prowler_provider(
    provider: Provider,
-) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider:
+) -> AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider:
    """Initialize a Prowler provider instance based on the given provider type.

    Args:
        provider (Provider): The provider object containing the provider type and associated secrets.

    Returns:
-        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider: An instance of the corresponding provider class
-            (`AwsProvider`, `AzureProvider`, `GcpProvider`, or `KubernetesProvider`) initialized with the
+        AwsProvider | AzureProvider | GcpProvider | KubernetesProvider | M365Provider: An instance of the corresponding provider class
+            (`AwsProvider`, `AzureProvider`, `GcpProvider`, `KubernetesProvider` or `M365Provider`) initialized with the
            provider's secrets.
    """
    prowler_provider = return_prowler_provider(provider)
@@ -130,10 +133,12 @@ def prowler_provider_connection_test(provider: Provider) -> Connection:
        Connection: A connection object representing the result of the connection test for the specified provider.
    """
    prowler_provider = return_prowler_provider(provider)
+
    try:
        prowler_provider_kwargs = provider.secret.secret
    except Provider.secret.RelatedObjectDoesNotExist as secret_error:
        return Connection(is_connected=False, error=secret_error)
+
    return prowler_provider.test_connection(
        **prowler_provider_kwargs, provider_id=provider.uid, raise_on_exception=False
    )
@@ -0,0 +1,172 @@
+from drf_spectacular.utils import extend_schema_field
+from rest_framework_json_api import serializers
+
+
+@extend_schema_field(
+    {
+        "oneOf": [
+            {
+                "type": "object",
+                "title": "AWS Static Credentials",
+                "properties": {
+                    "aws_access_key_id": {
+                        "type": "string",
+                        "description": "The AWS access key ID. Required for environments where no IAM role is being "
+                        "assumed and direct AWS access is needed.",
+                    },
+                    "aws_secret_access_key": {
+                        "type": "string",
+                        "description": "The AWS secret access key. Must accompany 'aws_access_key_id' to authorize "
+                        "access to AWS resources.",
+                    },
+                    "aws_session_token": {
+                        "type": "string",
+                        "description": "The session token associated with temporary credentials. Only needed for "
+                        "session-based or temporary AWS access.",
+                    },
+                },
+                "required": ["aws_access_key_id", "aws_secret_access_key"],
+            },
+            {
+                "type": "object",
+                "title": "AWS Assume Role",
+                "properties": {
+                    "role_arn": {
+                        "type": "string",
+                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
+                        "assumption.",
+                    },
+                    "external_id": {
+                        "type": "string",
+                        "description": "An identifier to enhance security for role assumption.",
+                    },
+                    "aws_access_key_id": {
+                        "type": "string",
+                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
+                        "AWS credentials.",
+                    },
+                    "aws_secret_access_key": {
+                        "type": "string",
+                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
+                        "no AWS credentials are pre-configured.",
+                    },
+                    "aws_session_token": {
+                        "type": "string",
+                        "description": "The session token for temporary credentials, if applicable.",
+                    },
+                    "session_duration": {
+                        "type": "integer",
+                        "minimum": 900,
+                        "maximum": 43200,
+                        "default": 3600,
+                        "description": "The duration (in seconds) for the role session.",
+                    },
+                    "role_session_name": {
+                        "type": "string",
+                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
+                        "The regex used to validate this parameter is a string of characters consisting of "
+                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
+                        "underscores or any of the following characters: =,.@-\n\n"
+                        "Examples:\n"
+                        "- MySession123\n"
+                        "- User_Session-1\n"
+                        "- Test.Session@2",
+                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
+                    },
+                },
+                "required": ["role_arn", "external_id"],
+            },
+            {
+                "type": "object",
+                "title": "Azure Static Credentials",
+                "properties": {
+                    "client_id": {
+                        "type": "string",
+                        "description": "The Azure application (client) ID for authentication in Azure AD.",
+                    },
+                    "client_secret": {
+                        "type": "string",
+                        "description": "The client secret associated with the application (client) ID, providing "
+                        "secure access.",
+                    },
+                    "tenant_id": {
+                        "type": "string",
+                        "description": "The Azure tenant ID, representing the directory where the application is "
+                        "registered.",
+                    },
+                },
+                "required": ["client_id", "client_secret", "tenant_id"],
+            },
+            {
+                "type": "object",
+                "title": "M365 Static Credentials",
+                "properties": {
+                    "client_id": {
+                        "type": "string",
+                        "description": "The Azure application (client) ID for authentication in Azure AD.",
+                    },
+                    "client_secret": {
+                        "type": "string",
+                        "description": "The client secret associated with the application (client) ID, providing "
+                        "secure access.",
+                    },
+                    "tenant_id": {
+                        "type": "string",
+                        "description": "The Azure tenant ID, representing the directory where the application is "
+                        "registered.",
+                    },
+                    "user": {
+                        "type": "email",
+                        "description": "User microsoft email address.",
+                    },
+                    "encrypted_password": {
+                        "type": "string",
+                        "description": "User encrypted password.",
+                    },
+                },
+                "required": [
+                    "client_id",
+                    "client_secret",
+                    "tenant_id",
+                    "user",
+                    "encrypted_password",
+                ],
+            },
+            {
+                "type": "object",
+                "title": "GCP Static Credentials",
+                "properties": {
+                    "client_id": {
+                        "type": "string",
+                        "description": "The client ID from Google Cloud, used to identify the application for GCP "
+                        "access.",
+                    },
+                    "client_secret": {
+                        "type": "string",
+                        "description": "The client secret associated with the GCP client ID, required for secure "
+                        "access.",
+                    },
+                    "refresh_token": {
+                        "type": "string",
+                        "description": "A refresh token that allows the application to obtain new access tokens for "
+                        "extended use.",
+                    },
+                },
+                "required": ["client_id", "client_secret", "refresh_token"],
+            },
+            {
+                "type": "object",
+                "title": "Kubernetes Static Credentials",
+                "properties": {
+                    "kubeconfig_content": {
+                        "type": "string",
+                        "description": "The content of the Kubernetes kubeconfig file, encoded as a string.",
+                    }
+                },
+                "required": ["kubeconfig_content"],
+            },
+        ]
+    }
+)
+class ProviderSecretField(serializers.JSONField):
+    pass
@@ -42,6 +42,7 @@ from api.v1.serializer_utils.integrations import (
    IntegrationCredentialField,
    S3ConfigSerializer,
 )
+from api.v1.serializer_utils.providers import ProviderSecretField

 # Tokens

@@ -959,6 +960,15 @@ class ScanReportSerializer(serializers.Serializer):
        fields = ["id"]


+class ScanComplianceReportSerializer(serializers.Serializer):
+    id = serializers.CharField(source="scan")
+    name = serializers.CharField()
+
+    class Meta:
+        resource_name = "scan-reports"
+        fields = ["id", "name"]
+
+
 class ResourceTagSerializer(RLSSerializer):
    """
    Serializer for the ResourceTag model
@@ -1141,6 +1151,8 @@ class BaseWriteProviderSecretSerializer(BaseWriteSerializer):
                serializer = GCPProviderSecret(data=secret)
            elif provider_type == Provider.ProviderChoices.KUBERNETES.value:
                serializer = KubernetesProviderSecret(data=secret)
+            elif provider_type == Provider.ProviderChoices.M365.value:
+                serializer = M365ProviderSecret(data=secret)
            else:
                raise serializers.ValidationError(
                    {"provider": f"Provider type not supported {provider_type}"}
@@ -1180,6 +1192,17 @@ class AzureProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


+class M365ProviderSecret(serializers.Serializer):
+    client_id = serializers.CharField()
+    client_secret = serializers.CharField()
+    tenant_id = serializers.CharField()
+    user = serializers.EmailField()
+    encrypted_password = serializers.CharField()
+
+    class Meta:
+        resource_name = "provider-secrets"
+
+
 class GCPProviderSecret(serializers.Serializer):
    client_id = serializers.CharField()
    client_secret = serializers.CharField()
@@ -1211,141 +1234,6 @@ class AWSRoleAssumptionProviderSecret(serializers.Serializer):
        resource_name = "provider-secrets"


-@extend_schema_field(
-    {
-        "oneOf": [
-            {
-                "type": "object",
-                "title": "AWS Static Credentials",
-                "properties": {
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Required for environments where no IAM role is being "
-                        "assumed and direct AWS access is needed.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Must accompany 'aws_access_key_id' to authorize "
-                        "access to AWS resources.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token associated with temporary credentials. Only needed for "
-                        "session-based or temporary AWS access.",
-                    },
-                },
-                "required": ["aws_access_key_id", "aws_secret_access_key"],
-            },
-            {
-                "type": "object",
-                "title": "AWS Assume Role",
-                "properties": {
-                    "role_arn": {
-                        "type": "string",
-                        "description": "The Amazon Resource Name (ARN) of the role to assume. Required for AWS role "
-                        "assumption.",
-                    },
-                    "external_id": {
-                        "type": "string",
-                        "description": "An identifier to enhance security for role assumption.",
-                    },
-                    "aws_access_key_id": {
-                        "type": "string",
-                        "description": "The AWS access key ID. Only required if the environment lacks pre-configured "
-                        "AWS credentials.",
-                    },
-                    "aws_secret_access_key": {
-                        "type": "string",
-                        "description": "The AWS secret access key. Required if 'aws_access_key_id' is provided or if "
-                        "no AWS credentials are pre-configured.",
-                    },
-                    "aws_session_token": {
-                        "type": "string",
-                        "description": "The session token for temporary credentials, if applicable.",
-                    },
-                    "session_duration": {
-                        "type": "integer",
-                        "minimum": 900,
-                        "maximum": 43200,
-                        "default": 3600,
-                        "description": "The duration (in seconds) for the role session.",
-                    },
-                    "role_session_name": {
-                        "type": "string",
-                        "description": "An identifier for the role session, useful for tracking sessions in AWS logs. "
-                        "The regex used to validate this parameter is a string of characters consisting of "
-                        "upper- and lower-case alphanumeric characters with no spaces. You can also include "
-                        "underscores or any of the following characters: =,.@-\n\n"
-                        "Examples:\n"
-                        "- MySession123\n"
-                        "- User_Session-1\n"
-                        "- Test.Session@2",
-                        "pattern": "^[a-zA-Z0-9=,.@_-]+$",
-                    },
-                },
-                "required": ["role_arn", "external_id"],
-            },
-            {
-                "type": "object",
-                "title": "Azure Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The Azure application (client) ID for authentication in Azure AD.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the application (client) ID, providing "
-                        "secure access.",
-                    },
-                    "tenant_id": {
-                        "type": "string",
-                        "description": "The Azure tenant ID, representing the directory where the application is "
-                        "registered.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "tenant_id"],
-            },
-            {
-                "type": "object",
-                "title": "GCP Static Credentials",
-                "properties": {
-                    "client_id": {
-                        "type": "string",
-                        "description": "The client ID from Google Cloud, used to identify the application for GCP "
-                        "access.",
-                    },
-                    "client_secret": {
-                        "type": "string",
-                        "description": "The client secret associated with the GCP client ID, required for secure "
-                        "access.",
-                    },
-                    "refresh_token": {
-                        "type": "string",
-                        "description": "A refresh token that allows the application to obtain new access tokens for "
-                        "extended use.",
-                    },
-                },
-                "required": ["client_id", "client_secret", "refresh_token"],
-            },
-            {
-                "type": "object",
-                "title": "Kubernetes Static Credentials",
-                "properties": {
-                    "kubeconfig_content": {
-                        "type": "string",
-                        "description": "The content of the Kubernetes kubeconfig file, encoded as a string.",
-                    }
-                },
-                "required": ["kubeconfig_content"],
-            },
-        ]
-    }
-)
-class ProviderSecretField(serializers.JSONField):
-    pass
-
-
 class ProviderSecretSerializer(RLSSerializer):
    """
    Serializer for the ProviderSecret model.
@@ -55,6 +55,7 @@ from tasks.tasks import (
 )

 from api.base_views import BaseRLSViewSet, BaseTenantViewset, BaseUserViewset
+from api.compliance import get_compliance_frameworks
 from api.db_router import MainRouter
 from api.filters import (
    ComplianceOverviewFilter,
@@ -134,6 +135,7 @@ from api.v1.serializers import (
    RoleProviderGroupRelationshipSerializer,
    RoleSerializer,
    RoleUpdateSerializer,
+    ScanComplianceReportSerializer,
    ScanCreateSerializer,
    ScanReportSerializer,
    ScanSerializer,
@@ -247,7 +249,7 @@ class SchemaView(SpectacularAPIView):

    def get(self, request, *args, **kwargs):
        spectacular_settings.TITLE = "Prowler API"
-        spectacular_settings.VERSION = "1.6.0"
+        spectacular_settings.VERSION = "1.7.0"
        spectacular_settings.DESCRIPTION = (
            "Prowler API specification.\n\nThis file is auto-generated."
        )
@@ -1150,6 +1152,27 @@ class ProviderViewSet(BaseRLSViewSet):
            404: OpenApiResponse(description="The scan has no reports"),
        },
    ),
+    compliance=extend_schema(
+        tags=["Scan"],
+        summary="Retrieve compliance report as CSV",
+        description="Download a specific compliance report (e.g., 'cis_1.4_aws') as a CSV file.",
+        parameters=[
+            OpenApiParameter(
+                name="name",
+                type=str,
+                location=OpenApiParameter.PATH,
+                required=True,
+                description="The compliance report name, like 'cis_1.4_aws'",
+            ),
+        ],
+        responses={
+            200: OpenApiResponse(
+                description="CSV file containing the compliance report"
+            ),
+            404: OpenApiResponse(description="Compliance report not found"),
+        },
+        request=None,
+    ),
 )
@method_decorator(CACHE_DECORATOR, name="list")
@method_decorator(CACHE_DECORATOR, name="retrieve")
@@ -1202,6 +1225,10 @@ class ScanViewSet(BaseRLSViewSet):
            if hasattr(self, "response_serializer_class"):
                return self.response_serializer_class
            return ScanReportSerializer
+        elif self.action == "compliance":
+            if hasattr(self, "response_serializer_class"):
+                return self.response_serializer_class
+            return ScanComplianceReportSerializer
        return super().get_serializer_class()

    def partial_update(self, request, *args, **kwargs):
@@ -1219,70 +1246,111 @@ class ScanViewSet(BaseRLSViewSet):
        )
        return Response(data=read_serializer.data, status=status.HTTP_200_OK)

-    @action(detail=True, methods=["get"], url_name="report")
-    def report(self, request, pk=None):
-        scan_instance = self.get_object()
+    def _get_task_status(self, scan_instance):
+        """
+        Returns task status if the scan or its associated report-generation task is still executing.

-        if scan_instance.state == StateChoices.EXECUTING:
-            # If the scan is still running, return the task
-            prowler_task = Task.objects.get(id=scan_instance.task.id)
-            self.response_serializer_class = TaskSerializer
-            output_serializer = self.get_serializer(prowler_task)
-            return Response(
-                data=output_serializer.data,
-                status=status.HTTP_202_ACCEPTED,
-                headers={
-                    "Content-Location": reverse(
-                        "task-detail", kwargs={"pk": output_serializer.data["id"]}
-                    )
-                },
-            )
+        If the scan is in an EXECUTING state or if a background task related to report generation
+        is found and also executing, this method returns a 202 Accepted response with the task
+        metadata and a `Content-Location` header pointing to the task detail endpoint.

-        try:
-            output_celery_task = Task.objects.get(
-                task_runner_task__task_name="scan-report",
-                task_runner_task__task_args__contains=pk,
-            )
-            self.response_serializer_class = TaskSerializer
-            output_serializer = self.get_serializer(output_celery_task)
-            if output_serializer.data["state"] == StateChoices.EXECUTING:
-                # If the task is still running, return the task
-                return Response(
-                    data=output_serializer.data,
-                    status=status.HTTP_202_ACCEPTED,
-                    headers={
-                        "Content-Location": reverse(
-                            "task-detail", kwargs={"pk": output_serializer.data["id"]}
-                        )
-                    },
-                )
-        except Task.DoesNotExist:
-            # If the task does not exist, it means that the task is removed from the database
-            pass
+        Args:
+            scan_instance (Scan): The scan instance for which the task status is being checked.

-        output_location = scan_instance.output_location
-        if not output_location:
-            return Response(
-                {"detail": "The scan has no reports."},
-                status=status.HTTP_404_NOT_FOUND,
-            )
+        Returns:
+            Response or None:
+                - A `Response` with HTTP 202 status and serialized task data if the task is executing.
+                - `None` if no running task is found or if the task has already completed.
+        """
+        task = None

-        if scan_instance.output_location.startswith("s3://"):
+        if scan_instance.state == StateChoices.EXECUTING and scan_instance.task:
+            task = scan_instance.task
+        else:
            try:
-                s3_client = get_s3_client()
+                task = Task.objects.get(
+                    task_runner_task__task_name="scan-report",
+                    task_runner_task__task_args__contains=str(scan_instance.id),
+                )
+            except Task.DoesNotExist:
+                return None
+
+        self.response_serializer_class = TaskSerializer
+        serializer = self.get_serializer(task)
+
+        if serializer.data.get("state") != StateChoices.EXECUTING:
+            return None
+
+        return Response(
+            data=serializer.data,
+            status=status.HTTP_202_ACCEPTED,
+            headers={
+                "Content-Location": reverse(
+                    "task-detail", kwargs={"pk": serializer.data["id"]}
+                )
+            },
+        )
+
+    def _load_file(self, path_pattern, s3=False, bucket=None, list_objects=False):
+        """
+        Loads a binary file (e.g., ZIP or CSV) and returns its content and filename.
+
+        Depending on the input parameters, this method supports loading:
+        - From S3 using a direct key.
+        - From S3 by listing objects under a prefix and matching suffix.
+        - From the local filesystem using glob pattern matching.
+
+        Args:
+            path_pattern (str): The key or glob pattern representing the file location.
+            s3 (bool, optional): Whether the file is stored in S3. Defaults to False.
+            bucket (str, optional): The name of the S3 bucket, required if `s3=True`. Defaults to None.
+            list_objects (bool, optional): If True and `s3=True`, list objects by prefix to find the file. Defaults to False.
+
+        Returns:
+            tuple[bytes, str]: A tuple containing the file content as bytes and the filename if successful.
+            Response: A DRF `Response` object with an appropriate status and error detail if an error occurs.
+        """
+        if s3:
+            try:
+                client = get_s3_client()
            except (ClientError, NoCredentialsError, ParamValidationError):
                return Response(
                    {"detail": "There is a problem with credentials."},
                    status=status.HTTP_403_FORBIDDEN,
                )
-
-            bucket_name = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET")
-            key = output_location[len(f"s3://{bucket_name}/") :]
+            if list_objects:
+                # list keys under prefix then match suffix
+                prefix = os.path.dirname(path_pattern)
+                suffix = os.path.basename(path_pattern)
+                try:
+                    resp = client.list_objects_v2(Bucket=bucket, Prefix=prefix)
+                except ClientError as e:
+                    sentry_sdk.capture_exception(e)
+                    return Response(
+                        {
+                            "detail": "Unable to list compliance files in S3: encountered an AWS error."
+                        },
+                        status=status.HTTP_502_BAD_GATEWAY,
+                    )
+                contents = resp.get("Contents", [])
+                keys = [obj["Key"] for obj in contents if obj["Key"].endswith(suffix)]
+                if not keys:
+                    return Response(
+                        {
+                            "detail": f"No compliance file found for name '{os.path.splitext(suffix)[0]}'."
+                        },
+                        status=status.HTTP_404_NOT_FOUND,
+                    )
+                # path_pattern here is prefix, but in compliance we build correct suffix check before
+                key = keys[0]
+            else:
+                # path_pattern is exact key
+                key = path_pattern
            try:
-                s3_object = s3_client.get_object(Bucket=bucket_name, Key=key)
+                s3_obj = client.get_object(Bucket=bucket, Key=key)
            except ClientError as e:
-                error_code = e.response.get("Error", {}).get("Code")
-                if error_code == "NoSuchKey":
+                code = e.response.get("Error", {}).get("Code")
+                if code == "NoSuchKey":
                    return Response(
                        {"detail": "The scan has no reports."},
                        status=status.HTTP_404_NOT_FOUND,
@@ -1291,28 +1359,97 @@ class ScanViewSet(BaseRLSViewSet):
                    {"detail": "There is a problem with credentials."},
                    status=status.HTTP_403_FORBIDDEN,
                )
-            file_content = s3_object["Body"].read()
-            filename = os.path.basename(output_location.split("/")[-1])
+            content = s3_obj["Body"].read()
+            filename = os.path.basename(key)
        else:
-            zip_files = glob.glob(output_location)
-            try:
-                file_path = zip_files[0]
-            except IndexError as e:
-                sentry_sdk.capture_exception(e)
+            files = glob.glob(path_pattern)
+            if not files:
                return Response(
                    {"detail": "The scan has no reports."},
                    status=status.HTTP_404_NOT_FOUND,
                )
-            with open(file_path, "rb") as f:
-                file_content = f.read()
-            filename = os.path.basename(file_path)
+            filepath = files[0]
+            with open(filepath, "rb") as f:
+                content = f.read()
+            filename = os.path.basename(filepath)

-        response = HttpResponse(
-            file_content, content_type="application/x-zip-compressed"
-        )
+        return content, filename
+
+    def _serve_file(self, content, filename, content_type):
+        response = HttpResponse(content, content_type=content_type)
        response["Content-Disposition"] = f'attachment; filename="{filename}"'
+
        return response

+    @action(detail=True, methods=["get"], url_name="report")
+    def report(self, request, pk=None):
+        scan = self.get_object()
+        # Check for executing tasks
+        running_resp = self._get_task_status(scan)
+        if running_resp:
+            return running_resp
+
+        if not scan.output_location:
+            return Response(
+                {"detail": "The scan has no reports."}, status=status.HTTP_404_NOT_FOUND
+            )
+
+        if scan.output_location.startswith("s3://"):
+            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
+            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
+            loader = self._load_file(
+                key_prefix, s3=True, bucket=bucket, list_objects=False
+            )
+        else:
+            loader = self._load_file(scan.output_location, s3=False)
+
+        if isinstance(loader, Response):
+            return loader
+
+        content, filename = loader
+        return self._serve_file(content, filename, "application/x-zip-compressed")
+
+    @action(
+        detail=True,
+        methods=["get"],
+        url_path="compliance/(?P<name>[^/]+)",
+        url_name="compliance",
+    )
+    def compliance(self, request, pk=None, name=None):
+        scan = self.get_object()
+        if name not in get_compliance_frameworks(scan.provider.provider):
+            return Response(
+                {"detail": f"Compliance '{name}' not found."},
+                status=status.HTTP_404_NOT_FOUND,
+            )
+
+        running_resp = self._get_task_status(scan)
+        if running_resp:
+            return running_resp
+
+        if not scan.output_location:
+            return Response(
+                {"detail": "The scan has no reports."}, status=status.HTTP_404_NOT_FOUND
+            )
+
+        if scan.output_location.startswith("s3://"):
+            bucket = env.str("DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET", "")
+            key_prefix = scan.output_location.removeprefix(f"s3://{bucket}/")
+            prefix = os.path.join(
+                os.path.dirname(key_prefix), "compliance", f"{name}.csv"
+            )
+            loader = self._load_file(prefix, s3=True, bucket=bucket, list_objects=True)
+        else:
+            base = os.path.dirname(scan.output_location)
+            pattern = os.path.join(base, "compliance", f"*_{name}.csv")
+            loader = self._load_file(pattern, s3=False)
+
+        if isinstance(loader, Response):
+            return loader
+
+        content, filename = loader
+        return self._serve_file(content, filename, "text/csv")
+
    def create(self, request, *args, **kwargs):
        input_serializer = self.get_serializer(data=request.data)
        input_serializer.is_valid(raise_exception=True)
@@ -97,4 +97,6 @@ sentry_sdk.init(
        # possible.
        "continuous_profiling_auto_start": True,
    },
+    attach_stacktrace=True,
+    ignore_errors=IGNORED_EXCEPTIONS,
 )
@@ -13,6 +13,38 @@ from prowler.config.config import (
    json_ocsf_file_suffix,
    output_file_timestamp,
 )
+from prowler.lib.outputs.compliance.aws_well_architected.aws_well_architected import (
+    AWSWellArchitected,
+)
+from prowler.lib.outputs.compliance.cis.cis_aws import AWSCIS
+from prowler.lib.outputs.compliance.cis.cis_azure import AzureCIS
+from prowler.lib.outputs.compliance.cis.cis_gcp import GCPCIS
+from prowler.lib.outputs.compliance.cis.cis_kubernetes import KubernetesCIS
+from prowler.lib.outputs.compliance.cis.cis_m365 import M365CIS
+from prowler.lib.outputs.compliance.ens.ens_aws import AWSENS
+from prowler.lib.outputs.compliance.ens.ens_azure import AzureENS
+from prowler.lib.outputs.compliance.ens.ens_gcp import GCPENS
+from prowler.lib.outputs.compliance.iso27001.iso27001_aws import AWSISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_azure import AzureISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_gcp import GCPISO27001
+from prowler.lib.outputs.compliance.iso27001.iso27001_kubernetes import (
+    KubernetesISO27001,
+)
+from prowler.lib.outputs.compliance.kisa_ismsp.kisa_ismsp_aws import AWSKISAISMSP
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_aws import AWSMitreAttack
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_azure import (
+    AzureMitreAttack,
+)
+from prowler.lib.outputs.compliance.mitre_attack.mitre_attack_gcp import GCPMitreAttack
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_aws import (
+    ProwlerThreatScoreAWS,
+)
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_azure import (
+    ProwlerThreatScoreAzure,
+)
+from prowler.lib.outputs.compliance.prowler_threatscore.prowler_threatscore_gcp import (
+    ProwlerThreatScoreGCP,
+)
 from prowler.lib.outputs.csv.csv import CSV
 from prowler.lib.outputs.html.html import HTML
 from prowler.lib.outputs.ocsf.ocsf import OCSF
@@ -20,6 +52,43 @@ from prowler.lib.outputs.ocsf.ocsf import OCSF
 logger = get_task_logger(__name__)


+COMPLIANCE_CLASS_MAP = {
+    "aws": [
+        (lambda name: name.startswith("cis_"), AWSCIS),
+        (lambda name: name == "mitre_attack_aws", AWSMitreAttack),
+        (lambda name: name.startswith("ens_"), AWSENS),
+        (
+            lambda name: name.startswith("aws_well_architected_framework"),
+            AWSWellArchitected,
+        ),
+        (lambda name: name.startswith("iso27001_"), AWSISO27001),
+        (lambda name: name.startswith("kisa"), AWSKISAISMSP),
+        (lambda name: name == "prowler_threatscore_aws", ProwlerThreatScoreAWS),
+    ],
+    "azure": [
+        (lambda name: name.startswith("cis_"), AzureCIS),
+        (lambda name: name == "mitre_attack_azure", AzureMitreAttack),
+        (lambda name: name.startswith("ens_"), AzureENS),
+        (lambda name: name.startswith("iso27001_"), AzureISO27001),
+        (lambda name: name == "prowler_threatscore_azure", ProwlerThreatScoreAzure),
+    ],
+    "gcp": [
+        (lambda name: name.startswith("cis_"), GCPCIS),
+        (lambda name: name == "mitre_attack_gcp", GCPMitreAttack),
+        (lambda name: name.startswith("ens_"), GCPENS),
+        (lambda name: name.startswith("iso27001_"), GCPISO27001),
+        (lambda name: name == "prowler_threatscore_gcp", ProwlerThreatScoreGCP),
+    ],
+    "kubernetes": [
+        (lambda name: name.startswith("cis_"), KubernetesCIS),
+        (lambda name: name.startswith("iso27001_"), KubernetesISO27001),
+    ],
+    "m365": [
+        (lambda name: name.startswith("cis_"), M365CIS),
+    ],
+}
+
+
 # Predefined mapping for output formats and their configurations
 OUTPUT_FORMATS_MAPPING = {
    "csv": {
@@ -43,13 +112,17 @@ def _compress_output_files(output_directory: str) -> str:
        str: The full path to the newly created ZIP archive.
    """
    zip_path = f"{output_directory}.zip"
+    parent_dir = os.path.dirname(output_directory)
+    zip_path_abs = os.path.abspath(zip_path)

    with zipfile.ZipFile(zip_path, "w", zipfile.ZIP_DEFLATED) as zipf:
-        for suffix in [config["suffix"] for config in OUTPUT_FORMATS_MAPPING.values()]:
-            zipf.write(
-                f"{output_directory}{suffix}",
-                f"output/{output_directory.split('/')[-1]}{suffix}",
-            )
+        for foldername, _, filenames in os.walk(parent_dir):
+            for filename in filenames:
+                file_path = os.path.join(foldername, filename)
+                if os.path.abspath(file_path) == zip_path_abs:
+                    continue
+                arcname = os.path.relpath(file_path, start=parent_dir)
+                zipf.write(file_path, arcname)

    return zip_path

@@ -102,25 +175,38 @@ def _upload_to_s3(tenant_id: str, zip_path: str, scan_id: str) -> str:
    Raises:
        botocore.exceptions.ClientError: If the upload attempt to S3 fails for any reason.
    """
-    if not base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET:
-        return
+    bucket = base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET
+    if not bucket:
+        return None

    try:
        s3 = get_s3_client()
-        s3_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
+
+        # Upload the ZIP file (outputs) to the S3 bucket
+        zip_key = f"{tenant_id}/{scan_id}/{os.path.basename(zip_path)}"
        s3.upload_file(
            Filename=zip_path,
-            Bucket=base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET,
-            Key=s3_key,
+            Bucket=bucket,
+            Key=zip_key,
        )
-        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{s3_key}"
+
+        # Upload the compliance directory to the S3 bucket
+        compliance_dir = os.path.join(os.path.dirname(zip_path), "compliance")
+        for filename in os.listdir(compliance_dir):
+            local_path = os.path.join(compliance_dir, filename)
+            if not os.path.isfile(local_path):
+                continue
+            file_key = f"{tenant_id}/{scan_id}/compliance/{filename}"
+            s3.upload_file(Filename=local_path, Bucket=bucket, Key=file_key)
+
+        return f"s3://{base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET}/{zip_key}"
    except (ClientError, NoCredentialsError, ParamValidationError, ValueError) as e:
        logger.error(f"S3 upload failed: {str(e)}")


 def _generate_output_directory(
    output_directory, prowler_provider: object, tenant_id: str, scan_id: str
-) -> str:
+) -> tuple[str, str]:
    """
    Generate a file system path for the output directory of a prowler scan.

@@ -145,7 +231,8 @@ def _generate_output_directory(

    Example:
        >>> _generate_output_directory("/tmp", "aws", "tenant-1234", "scan-5678")
-        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56'
+        '/tmp/tenant-1234/aws/scan-5678/prowler-output-2023-02-15T12:34:56',
+        '/tmp/tenant-1234/aws/scan-5678/compliance/prowler-output-2023-02-15T12:34:56'
    """
    path = (
        f"{output_directory}/{tenant_id}/{scan_id}/prowler-output-"
@@ -153,4 +240,10 @@ def _generate_output_directory(
    )
    os.makedirs("/".join(path.split("/")[:-1]), exist_ok=True)

-    return path
+    compliance_path = (
+        f"{output_directory}/{tenant_id}/{scan_id}/compliance/prowler-output-"
+        f"{prowler_provider}-{output_file_timestamp}"
+    )
+    os.makedirs("/".join(compliance_path.split("/")[:-1]), exist_ok=True)
+
+    return path, compliance_path
@@ -10,6 +10,7 @@ from django_celery_beat.models import PeriodicTask
 from tasks.jobs.connection import check_provider_connection
 from tasks.jobs.deletion import delete_provider, delete_tenant
 from tasks.jobs.export import (
+    COMPLIANCE_CLASS_MAP,
    OUTPUT_FORMATS_MAPPING,
    _compress_output_files,
    _generate_output_directory,
@@ -18,11 +19,14 @@ from tasks.jobs.export import (
 from tasks.jobs.scan import aggregate_findings, perform_prowler_scan
 from tasks.utils import batched, get_next_execution_datetime

+from api.compliance import get_compliance_frameworks
 from api.db_utils import rls_transaction
 from api.decorators import set_tenant
 from api.models import Finding, Provider, Scan, ScanSummary, StateChoices
 from api.utils import initialize_prowler_provider
 from api.v1.serializers import ScanTaskSerializer
+from prowler.lib.check.compliance_models import Compliance
+from prowler.lib.outputs.compliance.generic.generic import GenericCompliance
 from prowler.lib.outputs.finding import Finding as FindingOutput

 logger = get_task_logger(__name__)
@@ -251,84 +255,106 @@ def generate_outputs(scan_id: str, provider_id: str, tenant_id: str):
        logger.info(f"No findings found for scan {scan_id}")
        return {"upload": False}

-    # Initialize the prowler provider
-    prowler_provider = initialize_prowler_provider(Provider.objects.get(id=provider_id))
+    provider_obj = Provider.objects.get(id=provider_id)
+    prowler_provider = initialize_prowler_provider(provider_obj)
+    provider_uid = provider_obj.uid
+    provider_type = provider_obj.provider

-    # Get the provider UID
-    provider_uid = Provider.objects.get(id=provider_id).uid
-
-    # Generate and ensure the output directory exists
-    output_directory = _generate_output_directory(
+    frameworks_bulk = Compliance.get_bulk(provider_type)
+    frameworks_avail = get_compliance_frameworks(provider_type)
+    out_dir, comp_dir = _generate_output_directory(
        DJANGO_TMP_OUTPUT_DIRECTORY, provider_uid, tenant_id, scan_id
    )

-    # Define auxiliary variables
+    def get_writer(writer_map, name, factory, is_last):
+        """
+        Return existing writer_map[name] or create via factory().
+        In both cases set `.close_file = is_last`.
+        """
+        initialization = False
+        if name not in writer_map:
+            writer_map[name] = factory()
+            initialization = True
+        w = writer_map[name]
+        w.close_file = is_last
+
+        return w, initialization
+
    output_writers = {}
+    compliance_writers = {}
+
    scan_summary = FindingOutput._transform_findings_stats(
        ScanSummary.objects.filter(scan_id=scan_id)
    )

-    # Retrieve findings queryset
-    findings_qs = Finding.all_objects.filter(scan_id=scan_id).order_by("uid")
+    qs = Finding.all_objects.filter(scan_id=scan_id).order_by("uid").iterator()
+    for batch, is_last in batched(qs, DJANGO_FINDINGS_BATCH_SIZE):
+        fos = [FindingOutput.transform_api_finding(f, prowler_provider) for f in batch]

-    # Process findings in batches
-    for batch, is_last_batch in batched(
-        findings_qs.iterator(), DJANGO_FINDINGS_BATCH_SIZE
-    ):
-        finding_outputs = [
-            FindingOutput.transform_api_finding(finding, prowler_provider)
-            for finding in batch
-        ]
-
-        # Generate output files
-        for mode, config in OUTPUT_FORMATS_MAPPING.items():
-            kwargs = dict(config.get("kwargs", {}))
+        # Outputs
+        for mode, cfg in OUTPUT_FORMATS_MAPPING.items():
+            cls = cfg["class"]
+            suffix = cfg["suffix"]
+            extra = cfg.get("kwargs", {}).copy()
            if mode == "html":
-                kwargs["provider"] = prowler_provider
-                kwargs["stats"] = scan_summary
+                extra.update(provider=prowler_provider, stats=scan_summary)

-            writer_class = config["class"]
-            if writer_class in output_writers:
-                writer = output_writers[writer_class]
-                writer.transform(finding_outputs)
-                writer.close_file = is_last_batch
-            else:
-                writer = writer_class(
-                    findings=finding_outputs,
-                    file_path=output_directory,
-                    file_extension=config["suffix"],
+            writer, initialization = get_writer(
+                output_writers,
+                cls,
+                lambda cls=cls, fos=fos, suffix=suffix: cls(
+                    findings=fos,
+                    file_path=out_dir,
+                    file_extension=suffix,
                    from_cli=False,
-                )
-                writer.close_file = is_last_batch
-                output_writers[writer_class] = writer
+                ),
+                is_last,
+            )
+            if not initialization:
+                writer.transform(fos)
+            writer.batch_write_data_to_file(**extra)
+            writer._data.clear()

-            # Write the current batch using the writer
-            writer.batch_write_data_to_file(**kwargs)
+        # Compliance CSVs
+        for name in frameworks_avail:
+            compliance_obj = frameworks_bulk[name]

-            # TODO: Refactor the output classes to avoid this manual reset
-            writer._data = []
+            klass = GenericCompliance
+            for condition, cls in COMPLIANCE_CLASS_MAP.get(provider_type, []):
+                if condition(name):
+                    klass = cls
+                    break

-    # Compress output files
-    output_directory = _compress_output_files(output_directory)
+            filename = f"{comp_dir}_{name}.csv"

-    # Save to configured storage
-    uploaded = _upload_to_s3(tenant_id, output_directory, scan_id)
+            writer, initialization = get_writer(
+                compliance_writers,
+                name,
+                lambda klass=klass, fos=fos: klass(
+                    findings=fos,
+                    compliance=compliance_obj,
+                    file_path=filename,
+                    from_cli=False,
+                ),
+                is_last,
+            )
+            if not initialization:
+                writer.transform(fos, compliance_obj, name)
+            writer.batch_write_data_to_file()
+            writer._data.clear()

-    if uploaded:
-        # Remove the local files after upload
+    compressed = _compress_output_files(out_dir)
+    upload_uri = _upload_to_s3(tenant_id, compressed, scan_id)
+
+    if upload_uri:
        try:
-            rmtree(Path(output_directory).parent, ignore_errors=True)
-        except FileNotFoundError as e:
+            rmtree(Path(compressed).parent, ignore_errors=True)
+        except Exception as e:
            logger.error(f"Error deleting output files: {e}")
-
-        output_directory = uploaded
-        uploaded = True
+        final_location, did_upload = upload_uri, True
    else:
-        uploaded = False
+        final_location, did_upload = compressed, False

-    # Update the scan instance with the output path
-    Scan.all_objects.filter(id=scan_id).update(output_location=output_directory)
-
-    logger.info(f"Scan output files generated, output location: {output_directory}")
-
-    return {"upload": uploaded}
+    Scan.all_objects.filter(id=scan_id).update(output_location=final_location)
+    logger.info(f"Scan outputs at {final_location}")
+    return {"upload": did_upload}
@@ -0,0 +1,142 @@
+import os
+import zipfile
+from unittest.mock import MagicMock, patch
+
+import pytest
+from botocore.exceptions import ClientError
+from tasks.jobs.export import (
+    _compress_output_files,
+    _generate_output_directory,
+    _upload_to_s3,
+    get_s3_client,
+)
+
+
+@pytest.mark.django_db
+class TestOutputs:
+    def test_compress_output_files_creates_zip(self, tmp_path):
+        output_dir = tmp_path / "output"
+        output_dir.mkdir()
+        file_path = output_dir / "result.csv"
+        file_path.write_text("data")
+
+        zip_path = _compress_output_files(str(output_dir))
+
+        assert zip_path.endswith(".zip")
+        assert os.path.exists(zip_path)
+        with zipfile.ZipFile(zip_path, "r") as zipf:
+            assert "output/result.csv" in zipf.namelist()
+
+    @patch("tasks.jobs.export.boto3.client")
+    @patch("tasks.jobs.export.settings")
+    def test_get_s3_client_success(self, mock_settings, mock_boto_client):
+        mock_settings.DJANGO_OUTPUT_S3_AWS_ACCESS_KEY_ID = "test"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_SECRET_ACCESS_KEY = "test"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_SESSION_TOKEN = "token"
+        mock_settings.DJANGO_OUTPUT_S3_AWS_DEFAULT_REGION = "eu-west-1"
+
+        client_mock = MagicMock()
+        mock_boto_client.return_value = client_mock
+
+        client = get_s3_client()
+        assert client is not None
+        client_mock.list_buckets.assert_called()
+
+    @patch("tasks.jobs.export.boto3.client")
+    @patch("tasks.jobs.export.settings")
+    def test_get_s3_client_fallback(self, mock_settings, mock_boto_client):
+        mock_boto_client.side_effect = [
+            ClientError({"Error": {"Code": "403"}}, "ListBuckets"),
+            MagicMock(),
+        ]
+        client = get_s3_client()
+        assert client is not None
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_success(self, mock_base, mock_get_client, tmp_path):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "test-bucket"
+
+        zip_path = tmp_path / "outputs.zip"
+        zip_path.write_bytes(b"dummy")
+
+        compliance_dir = tmp_path / "compliance"
+        compliance_dir.mkdir()
+        compliance_file = compliance_dir / "report.csv"
+        compliance_file.write_text("ok")
+
+        client_mock = MagicMock()
+        mock_get_client.return_value = client_mock
+
+        result = _upload_to_s3("tenant-id", str(zip_path), "scan-id")
+
+        expected_uri = "s3://test-bucket/tenant-id/scan-id/outputs.zip"
+        assert result == expected_uri
+
+        assert client_mock.upload_file.call_count == 2
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_missing_bucket(self, mock_base, mock_get_client):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = ""
+        result = _upload_to_s3("tenant", "/tmp/fake.zip", "scan")
+        assert result is None
+
+    @patch("tasks.jobs.export.get_s3_client")
+    @patch("tasks.jobs.export.base")
+    def test_upload_to_s3_skips_non_files(self, mock_base, mock_get_client, tmp_path):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "test-bucket"
+        zip_path = tmp_path / "results.zip"
+        zip_path.write_bytes(b"zip")
+
+        compliance_dir = tmp_path / "compliance"
+        compliance_dir.mkdir()
+        (compliance_dir / "subdir").mkdir()
+
+        client_mock = MagicMock()
+        mock_get_client.return_value = client_mock
+
+        result = _upload_to_s3("tenant", str(zip_path), "scan")
+
+        expected_uri = "s3://test-bucket/tenant/scan/results.zip"
+        assert result == expected_uri
+
+        client_mock.upload_file.assert_called_once()
+
+    @patch(
+        "tasks.jobs.export.get_s3_client",
+        side_effect=ClientError({"Error": {}}, "Upload"),
+    )
+    @patch("tasks.jobs.export.base")
+    @patch("tasks.jobs.export.logger.error")
+    def test_upload_to_s3_failure_logs_error(
+        self, mock_logger, mock_base, mock_get_client, tmp_path
+    ):
+        mock_base.DJANGO_OUTPUT_S3_AWS_OUTPUT_BUCKET = "bucket"
+        zip_path = tmp_path / "zipfile.zip"
+        zip_path.write_bytes(b"zip")
+
+        compliance_dir = tmp_path / "compliance"
+        compliance_dir.mkdir()
+        (compliance_dir / "report.csv").write_text("csv")
+
+        _upload_to_s3("tenant", str(zip_path), "scan")
+        mock_logger.assert_called()
+
+    def test_generate_output_directory_creates_paths(self, tmp_path):
+        from prowler.config.config import output_file_timestamp
+
+        base_dir = str(tmp_path)
+        tenant_id = "t1"
+        scan_id = "s1"
+        provider = "aws"
+
+        path, compliance = _generate_output_directory(
+            base_dir, provider, tenant_id, scan_id
+        )
+
+        assert os.path.isdir(os.path.dirname(path))
+        assert os.path.isdir(os.path.dirname(compliance))
+
+        assert path.endswith(f"{provider}-{output_file_timestamp}")
+        assert compliance.endswith(f"{provider}-{output_file_timestamp}")
@@ -0,0 +1,415 @@
+import uuid
+from pathlib import Path
+from unittest.mock import MagicMock, patch
+
+import pytest
+from tasks.tasks import generate_outputs
+
+
+@pytest.mark.django_db
+class TestGenerateOutputs:
+    def setup_method(self):
+        self.scan_id = str(uuid.uuid4())
+        self.provider_id = str(uuid.uuid4())
+        self.tenant_id = str(uuid.uuid4())
+
+    def test_no_findings_returns_early(self):
+        with patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter:
+            mock_filter.return_value.exists.return_value = False
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": False}
+            mock_filter.assert_called_once_with(scan_id=self.scan_id)
+
+    @patch("tasks.tasks.rmtree")
+    @patch("tasks.tasks._upload_to_s3")
+    @patch("tasks.tasks._compress_output_files")
+    @patch("tasks.tasks.get_compliance_frameworks")
+    @patch("tasks.tasks.Compliance.get_bulk")
+    @patch("tasks.tasks.initialize_prowler_provider")
+    @patch("tasks.tasks.Provider.objects.get")
+    @patch("tasks.tasks.ScanSummary.objects.filter")
+    @patch("tasks.tasks.Finding.all_objects.filter")
+    def test_generate_outputs_happy_path(
+        self,
+        mock_finding_filter,
+        mock_scan_summary_filter,
+        mock_provider_get,
+        mock_initialize_provider,
+        mock_compliance_get_bulk,
+        mock_get_available_frameworks,
+        mock_compress,
+        mock_upload,
+        mock_rmtree,
+    ):
+        mock_scan_summary_filter.return_value.exists.return_value = True
+
+        mock_provider = MagicMock()
+        mock_provider.uid = "provider-uid"
+        mock_provider.provider = "aws"
+        mock_provider_get.return_value = mock_provider
+
+        prowler_provider = MagicMock()
+        mock_initialize_provider.return_value = prowler_provider
+
+        mock_compliance_get_bulk.return_value = {"cis": MagicMock()}
+        mock_get_available_frameworks.return_value = ["cis"]
+
+        dummy_finding = MagicMock(uid="f1")
+        mock_finding_filter.return_value.order_by.return_value.iterator.return_value = [
+            [dummy_finding],
+            True,
+        ]
+
+        mock_transformed_stats = {"some": "stats"}
+        with (
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value=mock_transformed_stats,
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value={"transformed": "f1"},
+            ),
+            patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": MagicMock(name="JSONWriter"),
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda x: True, MagicMock(name="CSVCompliance"))]},
+            ),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("out-dir", "comp-dir"),
+            ),
+            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
+        ):
+            mock_compress.return_value = "/tmp/zipped.zip"
+            mock_upload.return_value = "s3://bucket/zipped.zip"
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": True}
+            mock_scan_update.return_value.update.assert_called_once_with(
+                output_location="s3://bucket/zipped.zip"
+            )
+            mock_rmtree.assert_called_once_with(
+                Path("/tmp/zipped.zip").parent, ignore_errors=True
+            )
+
+    def test_generate_outputs_fails_upload(self):
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk"),
+            patch("tasks.tasks.get_compliance_frameworks"),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch("tasks.tasks.FindingOutput.transform_api_finding"),
+            patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": MagicMock(name="Writer"),
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda x: True, MagicMock())]},
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value=None),
+            patch("tasks.tasks.Scan.all_objects.filter") as mock_scan_update,
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            result = generate_outputs(
+                scan_id="scan",
+                provider_id="provider",
+                tenant_id=self.tenant_id,
+            )
+
+            assert result == {"upload": False}
+            mock_scan_update.return_value.update.assert_called_once()
+
+    def test_generate_outputs_triggers_html_extra_update(self):
+        mock_finding_output = MagicMock()
+        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value={"some": "stats"},
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value=mock_finding_output,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/f.zip"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            html_writer_mock = MagicMock()
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "html": {
+                            "class": lambda *args, **kwargs: html_writer_mock,
+                            "suffix": ".html",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                generate_outputs(
+                    scan_id=self.scan_id,
+                    provider_id=self.provider_id,
+                    tenant_id=self.tenant_id,
+                )
+                html_writer_mock.batch_write_data_to_file.assert_called_once()
+
+    def test_transform_called_only_on_second_batch(self):
+        raw1 = MagicMock()
+        raw2 = MagicMock()
+
+        tf1 = MagicMock()
+        tf1.compliance = {}
+        tf2 = MagicMock()
+        tf2.compliance = {}
+
+        writer_instances = []
+
+        class TrackingWriter:
+            def __init__(self, findings, file_path, file_extension, from_cli):
+                self.transform_called = 0
+                self.batch_write_data_to_file = MagicMock()
+                self._data = []
+                self.close_file = False
+                writer_instances.append(self)
+
+            def transform(self, fos):
+                self.transform_called += 1
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk"),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=[]),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                side_effect=[tf1, tf2],
+            ),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("outdir", "compdir"),
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+            patch(
+                "tasks.tasks.batched",
+                return_value=[
+                    ([raw1], False),
+                    ([raw2], True),
+                ],
+            ),
+        ):
+            mock_summary.return_value.exists.return_value = True
+
+            with patch(
+                "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                {
+                    "json": {
+                        "class": TrackingWriter,
+                        "suffix": ".json",
+                        "kwargs": {},
+                    }
+                },
+            ):
+                result = generate_outputs(
+                    scan_id=self.scan_id,
+                    provider_id=self.provider_id,
+                    tenant_id=self.tenant_id,
+                )
+
+        assert result == {"upload": True}
+        assert len(writer_instances) == 1
+        writer = writer_instances[0]
+        assert writer.transform_called == 1
+
+    def test_compliance_transform_called_on_second_batch(self):
+        raw1 = MagicMock()
+        raw2 = MagicMock()
+        compliance_obj = MagicMock()
+        writer_instances = []
+
+        class TrackingComplianceWriter:
+            def __init__(self, *args, **kwargs):
+                self.transform_calls = []
+                self._data = []
+                writer_instances.append(self)
+
+            def transform(self, fos, comp_obj, name):
+                self.transform_calls.append((fos, comp_obj, name))
+
+            def batch_write_data_to_file(self):
+                pass
+
+        two_batches = [
+            ([raw1], False),
+            ([raw2], True),
+        ]
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_summary,
+            patch(
+                "tasks.tasks.Provider.objects.get",
+                return_value=MagicMock(uid="UID", provider="aws"),
+            ),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch(
+                "tasks.tasks.Compliance.get_bulk", return_value={"cis": compliance_obj}
+            ),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch(
+                "tasks.tasks._generate_output_directory",
+                return_value=("outdir", "compdir"),
+            ),
+            patch("tasks.tasks.FindingOutput._transform_findings_stats"),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                side_effect=lambda f, prov: f,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="outdir.zip"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/outdir.zip"),
+            patch("tasks.tasks.rmtree"),
+            patch(
+                "tasks.tasks.Scan.all_objects.filter",
+                return_value=MagicMock(update=lambda **kw: None),
+            ),
+            patch("tasks.tasks.batched", return_value=two_batches),
+            patch("tasks.tasks.OUTPUT_FORMATS_MAPPING", {}),
+            patch(
+                "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                {"aws": [(lambda name: True, TrackingComplianceWriter)]},
+            ),
+        ):
+            mock_summary.return_value.exists.return_value = True
+
+            result = generate_outputs(
+                scan_id=self.scan_id,
+                provider_id=self.provider_id,
+                tenant_id=self.tenant_id,
+            )
+
+        assert len(writer_instances) == 1
+        writer = writer_instances[0]
+        assert writer.transform_calls == [([raw2], compliance_obj, "cis")]
+        assert result == {"upload": True}
+
+    def test_generate_outputs_logs_rmtree_exception(self, caplog):
+        mock_finding_output = MagicMock()
+        mock_finding_output.compliance = {"cis": ["requirement-1", "requirement-2"]}
+
+        with (
+            patch("tasks.tasks.ScanSummary.objects.filter") as mock_filter,
+            patch("tasks.tasks.Provider.objects.get"),
+            patch("tasks.tasks.initialize_prowler_provider"),
+            patch("tasks.tasks.Compliance.get_bulk", return_value={"cis": MagicMock()}),
+            patch("tasks.tasks.get_compliance_frameworks", return_value=["cis"]),
+            patch("tasks.tasks.Finding.all_objects.filter") as mock_findings,
+            patch(
+                "tasks.tasks._generate_output_directory", return_value=("out", "comp")
+            ),
+            patch(
+                "tasks.tasks.FindingOutput._transform_findings_stats",
+                return_value={"some": "stats"},
+            ),
+            patch(
+                "tasks.tasks.FindingOutput.transform_api_finding",
+                return_value=mock_finding_output,
+            ),
+            patch("tasks.tasks._compress_output_files", return_value="/tmp/compressed"),
+            patch("tasks.tasks._upload_to_s3", return_value="s3://bucket/file.zip"),
+            patch("tasks.tasks.Scan.all_objects.filter"),
+            patch("tasks.tasks.rmtree", side_effect=Exception("Test deletion error")),
+        ):
+            mock_filter.return_value.exists.return_value = True
+            mock_findings.return_value.order_by.return_value.iterator.return_value = [
+                [MagicMock()],
+                True,
+            ]
+
+            with (
+                patch(
+                    "tasks.tasks.OUTPUT_FORMATS_MAPPING",
+                    {
+                        "json": {
+                            "class": lambda *args, **kwargs: MagicMock(),
+                            "suffix": ".json",
+                            "kwargs": {},
+                        }
+                    },
+                ),
+                patch(
+                    "tasks.tasks.COMPLIANCE_CLASS_MAP",
+                    {"aws": [(lambda x: True, MagicMock())]},
+                ),
+            ):
+                with caplog.at_level("ERROR"):
+                    generate_outputs(
+                        scan_id=self.scan_id,
+                        provider_id=self.provider_id,
+                        tenant_id=self.tenant_id,
+                    )
+                    assert "Error deleting output files" in caplog.text
@@ -0,0 +1,156 @@
+#!/usr/bin/env python3
+import argparse
+import re
+import subprocess
+import sys
+from pathlib import Path
+
+import matplotlib.pyplot as plt
+import pandas as pd
+
+plt.style.use("ggplot")
+
+
+def run_locust(
+    locust_file: str,
+    host: str,
+    users: int,
+    hatch_rate: int,
+    run_time: str,
+    csv_prefix: Path,
+) -> Path:
+    artifacts_dir = Path("artifacts")
+    artifacts_dir.mkdir(parents=True, exist_ok=True)
+
+    cmd = [
+        "locust",
+        "-f",
+        f"scenarios/{locust_file}",
+        "--headless",
+        "-u",
+        str(users),
+        "-r",
+        str(hatch_rate),
+        "-t",
+        run_time,
+        "--host",
+        host,
+        "--csv",
+        str(artifacts_dir / csv_prefix.name),
+    ]
+    print(f"Running Locust: {' '.join(cmd)}")
+    process = subprocess.run(cmd)
+    if process.returncode:
+        sys.exit("Locust execution failed")
+
+    stats_file = artifacts_dir / f"{csv_prefix.stem}_stats.csv"
+    if not stats_file.exists():
+        sys.exit(f"Stats CSV not found: {stats_file}")
+    return stats_file
+
+
+def load_percentiles(csv_path: Path) -> pd.DataFrame:
+    df = pd.read_csv(csv_path)
+    mapping = {"50%": "p50", "75%": "p75", "90%": "p90", "95%": "p95"}
+    available = [col for col in mapping if col in df.columns]
+    renamed = {col: mapping[col] for col in available}
+    df = df.rename(columns=renamed).set_index("Name")[renamed.values()]
+    return df.drop(index=["Aggregated"], errors="ignore")
+
+
+def sanitize_label(label: str) -> str:
+    text = re.sub(r"[^\w]+", "_", label.strip().lower())
+    return text.strip("_")
+
+
+def plot_multi_comparison(metrics: dict[str, pd.DataFrame]) -> None:
+    common = sorted(set.intersection(*(set(df.index) for df in metrics.values())))
+    percentiles = list(next(iter(metrics.values())).columns)
+    groups = len(metrics)
+    width = 0.8 / groups
+
+    for endpoint in common:
+        fig, ax = plt.subplots(figsize=(10, 5), dpi=100)
+        for idx, (label, df) in enumerate(metrics.items()):
+            series = df.loc[endpoint]
+            positions = [
+                i + (idx - groups / 2) * width + width / 2
+                for i in range(len(percentiles))
+            ]
+            bars = ax.bar(positions, series.values, width, label=label)
+            for bar in bars:
+                height = bar.get_height()
+                ax.annotate(
+                    f"{int(height)}",
+                    xy=(bar.get_x() + bar.get_width() / 2, height),
+                    xytext=(0, 3),
+                    textcoords="offset points",
+                    ha="center",
+                    va="bottom",
+                    fontsize=8,
+                )
+
+        ax.set_xticks(range(len(percentiles)))
+        ax.set_xticklabels(percentiles)
+        ax.set_ylabel("Latency (ms)")
+        ax.set_title(endpoint, fontsize=12)
+        ax.grid(True, axis="y", linestyle="--", alpha=0.7)
+
+        fig.tight_layout()
+        fig.subplots_adjust(right=0.75)
+        ax.legend(loc="center left", bbox_to_anchor=(1, 0.5), framealpha=0.9)
+
+        output = Path("artifacts") / f"comparison_{sanitize_label(endpoint)}.png"
+        plt.savefig(output)
+        plt.close(fig)
+        print(f"Saved chart: {output}")
+
+
+def main() -> None:
+    parser = argparse.ArgumentParser(description="Run Locust and compare metrics")
+    parser.add_argument("--locustfile", required=True, help="Locust file in scenarios/")
+    parser.add_argument("--host", required=True, help="Target host URL")
+    parser.add_argument(
+        "--users", type=int, default=10, help="Number of simulated users"
+    )
+    parser.add_argument("--rate", type=int, default=1, help="Hatch rate per second")
+    parser.add_argument("--time", default="1m", help="Test duration (e.g. 30s, 1m)")
+    parser.add_argument(
+        "--metrics-dir", default="baselines", help="Directory with CSV baselines"
+    )
+    parser.add_argument("--version", default="current", help="Test version")
+    args = parser.parse_args()
+
+    metrics_dir = Path(args.metrics_dir)
+    if not metrics_dir.is_dir():
+        sys.exit(f"Metrics directory not found: {metrics_dir}")
+
+    metrics_data: dict[str, pd.DataFrame] = {}
+    for csv_file in sorted(metrics_dir.glob("*.csv")):
+        metrics_data[csv_file.stem] = load_percentiles(csv_file)
+
+    current_prefix = Path(args.version)
+    current_csv = run_locust(
+        locust_file=args.locustfile,
+        host=args.host,
+        users=args.users,
+        hatch_rate=args.rate,
+        run_time=args.time,
+        csv_prefix=current_prefix,
+    )
+    metrics_data[args.version] = load_percentiles(current_csv)
+
+    for endpoint in sorted(
+        set.intersection(*(set(df.index) for df in metrics_data.values()))
+    ):
+        parts = [endpoint]
+        for label, df in metrics_data.items():
+            s = df.loc[endpoint]
+            parts.append(f"{label}: p50 {s.p50}, p75 {s.p75}, p90 {s.p90}, p95 {s.p95}")
+        print(" | ".join(parts))
+
+    plot_multi_comparison(metrics_data)
+
+
+if __name__ == "__main__":
+    main()
@@ -0,0 +1,2 @@
+locust==2.34.1
+matplotlib==3.10.1
@@ -0,0 +1,202 @@
+from locust import events, task
+from utils.config import (
+    FINDINGS_UI_SORT_VALUES,
+    L_PROVIDER_NAME,
+    M_PROVIDER_NAME,
+    S_PROVIDER_NAME,
+    TARGET_INSERTED_AT,
+)
+from utils.helpers import (
+    APIUserBase,
+    get_api_token,
+    get_auth_headers,
+    get_next_resource_filter,
+    get_resource_filters_pairs,
+    get_scan_id_from_provider_name,
+    get_sort_value,
+)
+
+GLOBAL = {
+    "token": None,
+    "scan_ids": {},
+    "resource_filters": None,
+    "large_resource_filters": None,
+}
+
+
+@events.test_start.add_listener
+def on_test_start(environment, **kwargs):
+    GLOBAL["token"] = get_api_token(environment.host)
+
+    GLOBAL["scan_ids"]["small"] = get_scan_id_from_provider_name(
+        environment.host, GLOBAL["token"], S_PROVIDER_NAME
+    )
+    GLOBAL["scan_ids"]["medium"] = get_scan_id_from_provider_name(
+        environment.host, GLOBAL["token"], M_PROVIDER_NAME
+    )
+    GLOBAL["scan_ids"]["large"] = get_scan_id_from_provider_name(
+        environment.host, GLOBAL["token"], L_PROVIDER_NAME
+    )
+
+    GLOBAL["resource_filters"] = get_resource_filters_pairs(
+        environment.host, GLOBAL["token"]
+    )
+    GLOBAL["large_resource_filters"] = get_resource_filters_pairs(
+        environment.host, GLOBAL["token"], GLOBAL["scan_ids"]["large"]
+    )
+
+
+class APIUser(APIUserBase):
+    def on_start(self):
+        self.token = GLOBAL["token"]
+        self.s_scan_id = GLOBAL["scan_ids"]["small"]
+        self.m_scan_id = GLOBAL["scan_ids"]["medium"]
+        self.l_scan_id = GLOBAL["scan_ids"]["large"]
+        self.available_resource_filters = GLOBAL["resource_filters"]
+        self.available_resource_filters_large_scan = GLOBAL["large_resource_filters"]
+
+    @task
+    def findings_default(self):
+        name = "/findings"
+        page_number = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page_number}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[inserted_at]={TARGET_INSERTED_AT}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task(3)
+    def findings_default_include(self):
+        name = "/findings?include"
+        page = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[inserted_at]={TARGET_INSERTED_AT}"
+            f"&include=scan.provider,resources"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task(3)
+    def findings_metadata(self):
+        endpoint = f"/findings/metadata?" f"filter[inserted_at]={TARGET_INSERTED_AT}"
+        self.client.get(
+            endpoint, headers=get_auth_headers(self.token), name="/findings/metadata"
+        )
+
+    @task
+    def findings_scan_small(self):
+        name = "/findings?filter[scan_id] - 50k"
+        page_number = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page_number}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[scan]={self.s_scan_id}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task
+    def findings_metadata_scan_small(self):
+        endpoint = f"/findings/metadata?" f"&filter[scan]={self.s_scan_id}"
+        self.client.get(
+            endpoint,
+            headers=get_auth_headers(self.token),
+            name="/findings/metadata?filter[scan_id] - 50k",
+        )
+
+    @task(2)
+    def findings_scan_medium(self):
+        name = "/findings?filter[scan_id] - 250k"
+        page_number = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page_number}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[scan]={self.m_scan_id}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task
+    def findings_metadata_scan_medium(self):
+        endpoint = f"/findings/metadata?" f"&filter[scan]={self.m_scan_id}"
+        self.client.get(
+            endpoint,
+            headers=get_auth_headers(self.token),
+            name="/findings/metadata?filter[scan_id] - 250k",
+        )
+
+    @task
+    def findings_scan_large(self):
+        name = "/findings?filter[scan_id] - 500k"
+        page_number = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page_number}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[scan]={self.l_scan_id}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task
+    def findings_scan_large_include(self):
+        name = "/findings?filter[scan_id]&include - 500k"
+        page_number = self._next_page(name)
+        endpoint = (
+            f"/findings?page[number]={page_number}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[scan]={self.l_scan_id}"
+            f"&include=scan.provider,resources"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task
+    def findings_metadata_scan_large(self):
+        endpoint = f"/findings/metadata?" f"&filter[scan]={self.l_scan_id}"
+        self.client.get(
+            endpoint,
+            headers=get_auth_headers(self.token),
+            name="/findings/metadata?filter[scan_id] - 500k",
+        )
+
+    @task(2)
+    def findings_resource_filter(self):
+        name = "/findings?filter[resource_filter]&include"
+        filter_name, filter_value = get_next_resource_filter(
+            self.available_resource_filters
+        )
+
+        endpoint = (
+            f"/findings?filter[{filter_name}]={filter_value}"
+            f"&filter[inserted_at]={TARGET_INSERTED_AT}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&include=scan.provider,resources"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task(3)
+    def findings_metadata_resource_filter(self):
+        name = "/findings/metadata?filter[resource_filter]"
+        filter_name, filter_value = get_next_resource_filter(
+            self.available_resource_filters
+        )
+
+        endpoint = (
+            f"/findings?filter[{filter_name}]={filter_value}"
+            f"&filter[inserted_at]={TARGET_INSERTED_AT}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
+
+    @task
+    def findings_resource_filter_large_scan_include(self):
+        name = "/findings?filter[resource_filter][scan]&include - 500k"
+        filter_name, filter_value = get_next_resource_filter(
+            self.available_resource_filters
+        )
+
+        endpoint = (
+            f"/findings?filter[{filter_name}]={filter_value}"
+            f"&{get_sort_value(FINDINGS_UI_SORT_VALUES)}"
+            f"&filter[scan]={self.l_scan_id}"
+            f"&include=scan.provider,resources"
+        )
+        self.client.get(endpoint, headers=get_auth_headers(self.token), name=name)
@@ -0,0 +1,19 @@
+import os
+
+USER_EMAIL = os.environ.get("USER_EMAIL")
+USER_PASSWORD = os.environ.get("USER_PASSWORD")
+
+BASE_HEADERS = {"Content-Type": "application/vnd.api+json"}
+
+FINDINGS_UI_SORT_VALUES = ["severity", "status", "-inserted_at"]
+TARGET_INSERTED_AT = os.environ.get("TARGET_INSERTED_AT", "2025-04-22")
+
+FINDINGS_RESOURCE_METADATA = {
+    "regions": "region",
+    "resource_types": "resource_type",
+    "services": "service",
+}
+
+S_PROVIDER_NAME = "provider-50k"
+M_PROVIDER_NAME = "provider-250k"
+L_PROVIDER_NAME = "provider-500k"
@@ -0,0 +1,168 @@
+import random
+from collections import defaultdict
+from threading import Lock
+
+import requests
+from locust import HttpUser, between
+from utils.config import (
+    BASE_HEADERS,
+    FINDINGS_RESOURCE_METADATA,
+    TARGET_INSERTED_AT,
+    USER_EMAIL,
+    USER_PASSWORD,
+)
+
+_global_page_counters = defaultdict(int)
+_page_lock = Lock()
+
+
+class APIUserBase(HttpUser):
+    """
+    Base class for API user simulation in Locust performance tests.
+
+    Attributes:
+        abstract (bool): Indicates this is an abstract user class.
+        wait_time: Time between task executions, randomized between 1 and 5 seconds.
+    """
+
+    abstract = True
+    wait_time = between(1, 5)
+
+    def _next_page(self, endpoint_name: str) -> int:
+        """
+        Returns the next page number for a given endpoint. Thread-safe.
+
+        Args:
+            endpoint_name (str): Name of the API endpoint being paginated.
+
+        Returns:
+            int: The next page number for the given endpoint.
+        """
+        with _page_lock:
+            _global_page_counters[endpoint_name] += 1
+            return _global_page_counters[endpoint_name]
+
+
+def get_next_resource_filter(available_values: dict) -> tuple:
+    """
+    Randomly selects a filter type and value from available options.
+
+    Args:
+        available_values (dict): Dictionary with filter types as keys and list of possible values.
+
+    Returns:
+        tuple: A (filter_type, filter_value) pair randomly selected.
+    """
+    filter_type = random.choice(list(available_values.keys()))
+    filter_value = random.choice(available_values[filter_type])
+    return filter_type, filter_value
+
+
+def get_auth_headers(token: str) -> dict:
+    """
+    Returns the headers for the API requests.
+
+    Args:
+        token (str): The token to be included in the headers.
+
+    Returns:
+        dict: The headers for the API requests.
+    """
+    return {
+        "Authorization": f"Bearer {token}",
+        **BASE_HEADERS,
+    }
+
+
+def get_api_token(host: str) -> str:
+    """
+    Authenticates with the API and retrieves a bearer token.
+
+    Args:
+        host (str): The host URL of the API.
+
+    Returns:
+        str: The access token for authenticated requests.
+
+    Raises:
+        AssertionError: If the request fails or does not return a 200 status code.
+    """
+    login_payload = {
+        "data": {
+            "type": "tokens",
+            "attributes": {"email": USER_EMAIL, "password": USER_PASSWORD},
+        }
+    }
+    response = requests.post(f"{host}/tokens", json=login_payload, headers=BASE_HEADERS)
+    assert response.status_code == 200, f"Failed to get token: {response.text}"
+    return response.json()["data"]["attributes"]["access"]
+
+
+def get_scan_id_from_provider_name(host: str, token: str, provider_name: str) -> str:
+    """
+    Retrieves the scan ID associated with a specific provider name.
+
+    Args:
+        host (str): The host URL of the API.
+        token (str): Bearer token for authentication.
+        provider_name (str): Name of the provider to filter scans by.
+
+    Returns:
+        str: The ID of the scan.
+
+    Raises:
+        AssertionError: If the request fails or does not return a 200 status code.
+    """
+    response = requests.get(
+        f"{host}/scans?fields[scans]=id&filter[provider_alias]={provider_name}",
+        headers=get_auth_headers(token),
+    )
+    assert response.status_code == 200, f"Failed to get scan: {response.text}"
+    return response.json()["data"][0]["id"]
+
+
+def get_resource_filters_pairs(host: str, token: str, scan_id: str = "") -> dict:
+    """
+    Retrieves and maps resource metadata filter values from the findings endpoint.
+
+    Args:
+        host (str): The host URL of the API.
+        token (str): Bearer token for authentication.
+        scan_id (str, optional): Optional scan ID to filter metadata. Defaults to using inserted_at timestamp.
+
+    Returns:
+        dict: A dictionary of resource filter metadata.
+
+    Raises:
+        AssertionError: If the request fails or does not return a 200 status code.
+    """
+    metadata_filters = (
+        f"filter[scan]={scan_id}"
+        if scan_id
+        else f"filter[inserted_at]={TARGET_INSERTED_AT}"
+    )
+    response = requests.get(
+        f"{host}/findings/metadata?{metadata_filters}", headers=get_auth_headers(token)
+    )
+    assert (
+        response.status_code == 200
+    ), f"Failed to get resource filters values: {response.text}"
+    attributes = response.json()["data"]["attributes"]
+    return {
+        FINDINGS_RESOURCE_METADATA[key]: values
+        for key, values in attributes.items()
+        if key in FINDINGS_RESOURCE_METADATA.keys()
+    }
+
+
+def get_sort_value(sort_values: list) -> str:
+    """
+    Constructs a sort query string from a list of sort keys.
+
+    Args:
+        sort_values (list): The list of sort values to include in the query.
+
+    Returns:
+        str: A formatted sort query string (e.g., "sort=created_at,-severity").
+    """
+    return f"sort={','.join(sort_values)}"
@@ -1361,6 +1361,9 @@ video {
  .lg\:grid-cols-4 {
    grid-template-columns: repeat(4, minmax(0, 1fr));
  }
+  .lg\:grid-cols-5 {
+    grid-template-columns: repeat(5, minmax(0, 1fr));
+  }

  .lg\:justify-normal {
    justify-content: normal;
@@ -1403,4 +1406,4 @@ video {
  .\32xl\:w-\[9\%\] {
    width: 9%;
  }
-}
+}
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -0,0 +1,24 @@
+import warnings
+
+from dashboard.common_methods import get_section_containers_cis
+
+warnings.filterwarnings("ignore")
+
+
+def get_table(data):
+    aux = data[
+        [
+            "REQUIREMENTS_ID",
+            "REQUIREMENTS_DESCRIPTION",
+            "REQUIREMENTS_ATTRIBUTES_SECTION",
+            "CHECKID",
+            "STATUS",
+            "REGION",
+            "ACCOUNTID",
+            "RESOURCEID",
+        ]
+    ].copy()
+
+    return get_section_containers_cis(
+        aux, "REQUIREMENTS_ID", "REQUIREMENTS_ATTRIBUTES_SECTION"
+    )
@@ -57,8 +57,9 @@ def create_layout_overview(
                    html.Div(className="flex", id="azure_card", n_clicks=0),
                    html.Div(className="flex", id="gcp_card", n_clicks=0),
                    html.Div(className="flex", id="k8s_card", n_clicks=0),
+                    html.Div(className="flex", id="m365_card", n_clicks=0),
                ],
-                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-4",
+                className="grid gap-x-4 mb-[30px] sm:grid-cols-2 lg:grid-cols-5",
            ),
            html.H4(
                "Count of Findings by severity",
@@ -76,6 +76,8 @@ def load_csv_files(csv_files):
                result = result.replace("_AZURE", " - AZURE")
            if "KUBERNETES" in result:
                result = result.replace("_KUBERNETES", " - KUBERNETES")
+            if "M65" in result:
+                result = result.replace("_M65", " - M65")
            results.append(result)

    unique_results = set(results)
@@ -267,6 +269,15 @@ def display_data(
            data["REQUIREMENTS_ATTRIBUTES_PROFILE"] = data[
                "REQUIREMENTS_ATTRIBUTES_PROFILE"
            ].apply(lambda x: x.split(" - ")[0])
+
+    # Add the column ACCOUNTID to the data if the provider is m65
+    if "m365" in analytics_input:
+        data.rename(columns={"TENANTID": "ACCOUNTID"}, inplace=True)
+        data.rename(columns={"LOCATION": "REGION"}, inplace=True)
+        if "REQUIREMENTS_ATTRIBUTES_PROFILE" in data.columns:
+            data["REQUIREMENTS_ATTRIBUTES_PROFILE"] = data[
+                "REQUIREMENTS_ATTRIBUTES_PROFILE"
+            ].apply(lambda x: x.split(" - ")[0])
    # Filter the chosen level of the CIS
    if is_level_1:
        data = data[data["REQUIREMENTS_ATTRIBUTES_PROFILE"] == "Level 1"]
@@ -397,7 +408,13 @@ def display_data(
            compliance_module = importlib.import_module(
                f"dashboard.compliance.{current}"
            )
-            data.drop_duplicates(keep="first", inplace=True)
+            data = data.drop_duplicates(
+                subset=["CHECKID", "STATUS", "MUTED", "RESOURCEID", "STATUSEXTENDED"]
+            )
+
+            if "threatscore" in analytics_input:
+                data = get_threatscore_mean_by_pillar(data)
+
            table = compliance_module.get_table(data)
        except ModuleNotFoundError:
            table = html.Div(
@@ -416,6 +433,9 @@ def display_data(
            )

        df = data.copy()
+        # Remove Muted rows
+        if "MUTED" in df.columns:
+            df = df[df["MUTED"] == "False"]
        df = df.groupby(["STATUS"]).size().reset_index(name="counts")
        df = df.sort_values(by=["counts"], ascending=False)

@@ -430,6 +450,9 @@ def display_data(
        if "pci" in analytics_input:
            pie_2 = get_bar_graph(df, "REQUIREMENTS_ID")
            current_filter = "req_id"
+        elif "threatscore" in analytics_input:
+            pie_2 = get_table_prowler_threatscore(df)
+            current_filter = "threatscore"
        elif (
            "REQUIREMENTS_ATTRIBUTES_SECTION" in df.columns
            and not df["REQUIREMENTS_ATTRIBUTES_SECTION"].isnull().values.any()
@@ -488,6 +511,13 @@ def display_data(
        pie_2, f"Top 5 failed {current_filter} by requirements"
    )

+    if "threatscore" in analytics_input:
+        security_level_graph = get_graph(
+            pie_2,
+            "Pillar Score by requirements (1 = Lowest Risk, 5 = Highest Risk)",
+            margin_top=0,
+        )
+
    return (
        table_output,
        overall_status_result_graph,
@@ -501,7 +531,7 @@ def display_data(
    )


-def get_graph(pie, title):
+def get_graph(pie, title, margin_top=7):
    return [
        html.Span(
            title,
@@ -514,7 +544,7 @@ def get_graph(pie, title):
                "display": "flex",
                "justify-content": "center",
                "align-items": "center",
-                "margin-top": "7%",
+                "margin-top": f"{margin_top}%",
            },
        ),
    ]
@@ -618,3 +648,87 @@ def get_table(current_compliance, table):
            className="relative flex flex-col bg-white shadow-provider rounded-xl px-4 py-3 flex-wrap w-full",
        ),
    ]
+
+
+def get_threatscore_mean_by_pillar(df):
+    modified_df = df[df["STATUS"] == "FAIL"]
+
+    modified_df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"] = pd.to_numeric(
+        modified_df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
+    )
+
+    pillar_means = (
+        modified_df.groupby("REQUIREMENTS_ATTRIBUTES_SECTION")[
+            "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"
+        ]
+        .mean()
+        .round(2)
+    )
+
+    output = []
+    for pillar, mean in pillar_means.items():
+        output.append(f"{pillar} - [{mean}]")
+
+    for value in output:
+        if value.split(" - ")[0] in df["REQUIREMENTS_ATTRIBUTES_SECTION"].values:
+            df.loc[
+                df["REQUIREMENTS_ATTRIBUTES_SECTION"] == value.split(" - ")[0],
+                "REQUIREMENTS_ATTRIBUTES_SECTION",
+            ] = value
+    return df
+
+
+def get_table_prowler_threatscore(df):
+    df = df[df["STATUS"] == "FAIL"]
+
+    # Delete " - " from the column REQUIREMENTS_ATTRIBUTES_SECTION
+    df["REQUIREMENTS_ATTRIBUTES_SECTION"] = (
+        df["REQUIREMENTS_ATTRIBUTES_SECTION"].str.split(" - ").str[0]
+    )
+
+    df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"] = pd.to_numeric(
+        df["REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"], errors="coerce"
+    )
+
+    score_df = (
+        df.groupby("REQUIREMENTS_ATTRIBUTES_SECTION")[
+            "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK"
+        ]
+        .mean()
+        .reset_index()
+        .rename(
+            columns={
+                "REQUIREMENTS_ATTRIBUTES_SECTION": "Pillar",
+                "REQUIREMENTS_ATTRIBUTES_LEVELOFRISK": "Score",
+            }
+        )
+    )
+
+    fig = px.bar(
+        score_df,
+        x="Pillar",
+        y="Score",
+        color="Score",
+        color_continuous_scale=[
+            "#45cc6e",
+            "#f4d44d",
+            "#e77676",
+        ],  # verde → amarillo → rojo
+        hover_data={"Score": True, "Pillar": True},
+        labels={"Score": "Average Risk Score", "Pillar": "Section"},
+        height=400,
+    )
+
+    fig.update_layout(
+        xaxis_title="Pillar",
+        yaxis_title="Level of Risk",
+        margin=dict(l=20, r=20, t=30, b=20),
+        plot_bgcolor="rgba(0,0,0,0)",
+        paper_bgcolor="rgba(0,0,0,0)",
+        coloraxis_colorbar=dict(title="Risk"),
+    )
+
+    return dcc.Graph(
+        figure=fig,
+        style={"height": "25rem", "width": "40rem"},
+    )
@@ -74,6 +74,9 @@ gcp_provider_logo = html.Img(
 ks8_provider_logo = html.Img(
    src="assets/images/providers/k8s_provider.png", alt="k8s provider"
 )
+m365_provider_logo = html.Img(
+    src="assets/images/providers/m365_provider.png", alt="m365 provider"
+)


 def load_csv_files(csv_files):
@@ -223,6 +226,8 @@ else:
                accounts.append(account + " - AZURE")
            if "gcp" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
                accounts.append(account + " - GCP")
+            if "m365" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
+                accounts.append(account + " - M365")

    if "ACCOUNT_UID" in data.columns:
        for account in data["ACCOUNT_UID"].unique():
@@ -273,6 +278,8 @@ else:
            services.append(service + " - AZURE")
        if "gcp" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
            services.append(service + " - GCP")
+        if "m365" in list(data[data["SERVICE_NAME"] == service]["PROVIDER"]):
+            services.append(service + " - M365")

    services = ["All"] + services
    services = [
@@ -485,6 +492,7 @@ else:
        Output("azure_card", "children"),
        Output("gcp_card", "children"),
        Output("k8s_card", "children"),
+        Output("m365_card", "children"),
        Output("subscribe_card", "children"),
        Output("info-file-over", "title"),
        Output("severity-filter", "value"),
@@ -499,6 +507,7 @@ else:
        Output("azure_card", "n_clicks"),
        Output("gcp_card", "n_clicks"),
        Output("k8s_card", "n_clicks"),
+        Output("m365_card", "n_clicks"),
    ],
    Input("cloud-account-filter", "value"),
    Input("region-filter", "value"),
@@ -513,6 +522,7 @@ else:
    Input("azure_card", "n_clicks"),
    Input("gcp_card", "n_clicks"),
    Input("k8s_card", "n_clicks"),
+    Input("m365_card", "n_clicks"),
    Input("sort_button_check_name", "n_clicks"),
    Input("sort_button_severity", "n_clicks"),
    Input("sort_button_status", "n_clicks"),
@@ -534,6 +544,7 @@ def filter_data(
    azure_clicks,
    gcp_clicks,
    k8s_clicks,
+    m365_clicks,
    sort_button_check_name,
    sort_button_severity,
    sort_button_status,
@@ -554,6 +565,7 @@ def filter_data(
            azure_clicks = 0
            gcp_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if azure_clicks > 0:
        filtered_data = data.copy()
        if azure_clicks % 2 != 0 and "azure" in list(data["PROVIDER"]):
@@ -561,6 +573,7 @@ def filter_data(
            aws_clicks = 0
            gcp_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if gcp_clicks > 0:
        filtered_data = data.copy()
        if gcp_clicks % 2 != 0 and "gcp" in list(data["PROVIDER"]):
@@ -568,6 +581,7 @@ def filter_data(
            aws_clicks = 0
            azure_clicks = 0
            k8s_clicks = 0
+            m365_clicks = 0
    if k8s_clicks > 0:
        filtered_data = data.copy()
        if k8s_clicks % 2 != 0 and "kubernetes" in list(data["PROVIDER"]):
@@ -575,6 +589,15 @@ def filter_data(
            aws_clicks = 0
            azure_clicks = 0
            gcp_clicks = 0
+            m365_clicks = 0
+    if m365_clicks > 0:
+        filtered_data = data.copy()
+        if m365_clicks % 2 != 0 and "m365" in list(data["PROVIDER"]):
+            filtered_data = filtered_data[filtered_data["PROVIDER"] == "m365"]
+            aws_clicks = 0
+            azure_clicks = 0
+            gcp_clicks = 0
+            k8s_clicks = 0

    # For all the data, we will add to the status column the value 'MUTED (FAIL)' and 'MUTED (PASS)' depending on the value of the column 'STATUS' and 'MUTED'
    if "MUTED" in filtered_data.columns:
@@ -675,6 +698,8 @@ def filter_data(
                all_account_names.append(account)
            if "gcp" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
                all_account_names.append(account)
+            if "m365" in list(data[data["ACCOUNT_NAME"] == account]["PROVIDER"]):
+                all_account_names.append(account)

    all_items = all_account_ids + all_account_names + ["All"]

@@ -692,6 +717,8 @@ def filter_data(
                    cloud_accounts_options.append(item + " - AZURE")
                if "gcp" in list(data[data["ACCOUNT_NAME"] == item]["PROVIDER"]):
                    cloud_accounts_options.append(item + " - GCP")
+                if "m365" in list(data[data["ACCOUNT_NAME"] == item]["PROVIDER"]):
+                    cloud_accounts_options.append(item + " - M365")

    # Filter ACCOUNT
    if cloud_account_values == ["All"]:
@@ -790,6 +817,7 @@ def filter_data(
    service_filter_options = ["All"]

    all_items = filtered_data["SERVICE_NAME"].unique()
+
    for item in all_items:
        if item not in service_filter_options and item.__class__.__name__ == "str":
            if "aws" in list(
@@ -808,6 +836,10 @@ def filter_data(
                filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
            ):
                service_filter_options.append(item + " - GCP")
+            if "m365" in list(
+                filtered_data[filtered_data["SERVICE_NAME"] == item]["PROVIDER"]
+            ):
+                service_filter_options.append(item + " - M365")

    # Filter Service
    if service_values == ["All"]:
@@ -1235,6 +1267,10 @@ def filter_data(
                    filtered_data.loc[
                        filtered_data["ACCOUNT_UID"] == account, "ACCOUNT_UID"
                    ] = (account + " - GCP")
+                if "m365" in list(data[data["ACCOUNT_UID"] == account]["PROVIDER"]):
+                    filtered_data.loc[
+                        filtered_data["ACCOUNT_UID"] == account, "ACCOUNT_UID"
+                    ] = (account + " - M365")

        table_collapsible = []
        for item in filtered_data.to_dict("records"):
@@ -1302,6 +1338,9 @@ def filter_data(
    k8s_card = create_provider_card(
        "kubernetes", ks8_provider_logo, "Clusters", full_filtered_data
    )
+    m365_card = create_provider_card(
+        "m365", m365_provider_logo, "Accounts", full_filtered_data
+    )

    # Subscribe to prowler SaaS card
    subscribe_card = [
@@ -1346,6 +1385,7 @@ def filter_data(
            azure_card,
            gcp_card,
            k8s_card,
+            m365_card,
            subscribe_card,
            list_files,
            severity_values,
@@ -1360,6 +1400,7 @@ def filter_data(
            azure_clicks,
            gcp_clicks,
            k8s_clicks,
+            m365_clicks,
        )
    else:
        return (
@@ -1377,6 +1418,7 @@ def filter_data(
            azure_card,
            gcp_card,
            k8s_card,
+            m365_card,
            subscribe_card,
            list_files,
            severity_values,
@@ -1391,6 +1433,7 @@ def filter_data(
            azure_clicks,
            gcp_clicks,
            k8s_clicks,
+            m365_clicks,
        )


@@ -175,7 +175,7 @@ Due to the complexity and differences of each provider use the rest of the provi
 - [GCP](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/gcp/gcp_provider.py)
 - [Azure](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/azure/azure_provider.py)
 - [Kubernetes](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/kubernetes/kubernetes_provider.py)
- [Microsoft365](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/microsoft365/microsoft365_provider.py)
+- [M365](https://github.com/prowler-cloud/prowler/blob/master/prowler/providers/m365/m365_provider.py)

 To facilitate understanding here is a pseudocode of how the most basic provider could be with examples.

@@ -237,4 +237,4 @@ It is really important to check if the current Prowler's permissions for each pr
 - AWS: https://docs.prowler.cloud/en/latest/getting-started/requirements/#aws-authentication
 - Azure: https://docs.prowler.cloud/en/latest/getting-started/requirements/#permissions
 - GCP: https://docs.prowler.cloud/en/latest/getting-started/requirements/#gcp-authentication
- Microsoft365: https://docs.prowler.cloud/en/latest/getting-started/requirements/#microsoft365-authentication
+- M365: https://docs.prowler.cloud/en/latest/getting-started/requirements/#m365-authentication
@@ -40,8 +40,8 @@ If your IAM entity enforces MFA you can use `--mfa` and Prowler will ask you to

 Prowler for Azure supports the following authentication types. To use each one you need to pass the proper flag to the execution:

- [Service principal application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object) (recommended).
- Current az cli credentials stored.
+- [Service Principal Application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object) (recommended).
+- Current AZ CLI credentials stored.
 - Interactive browser authentication.
 - [Managed identity](https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview) authentication.

@@ -98,25 +98,44 @@ Prowler will follow the same credentials search as [Google authentication librar
 2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
 3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)

-Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
+### Needed permissions
+
+Prowler for Google Cloud needs the following permissions to be set:
+
+- **Viewer (`roles/viewer`) IAM role**: granted at the project / folder / org level in order to scan the target projects
+
+- **Project level settings**: you need to have at least one project with the below settings:
+    - Identity and Access Management (IAM) API (`iam.googleapis.com`) enabled by either using the
+    [Google Cloud API UI](https://console.cloud.google.com/apis/api/iam.googleapis.com/metrics) or
+    by using the gcloud CLI `gcloud services enable iam.googleapis.com --project <your-project-id>` command
+    - Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) IAM role
+    - Set the quota project to be this project by either running `gcloud auth application-default set-quota-project <project-id>` or by setting an environment variable:
+    `export GOOGLE_CLOUD_QUOTA_PROJECT=<project-id>`
+
+
+The above settings must be associated to a user or service account.
+

 ???+ note
    By default, `prowler` will scan all accessible GCP Projects, use flag `--project-ids` to specify the projects to be scanned.

-## Microsoft365
+## Microsoft 365

-Prowler for Microsoft365 currently supports the following authentication types:
+Prowler for M365 currently supports the following authentication types:

- [Service principal application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object) (recommended).
- Current az cli credentials stored.
+- [Service Principal Application](https://learn.microsoft.com/en-us/entra/identity-platform/app-objects-and-service-principals?tabs=browser#service-principal-object).
+- Service Principal Application and Microsoft User Credentials (**recommended**).
+- Current AZ CLI credentials stored.
 - Interactive browser authentication.


 ???+ warning
-    For Prowler App only the Service Principal with an application authentication method is supported.
+    For Prowler App only the Service Principal with User Credentials authentication method is supported.

 ### Service Principal authentication

+Authentication flag: `--sp-env-auth`
+
 To allow Prowler assume the service principal identity to start the scan it is needed to configure the following environment variables:

 ```console
@@ -126,8 +145,324 @@ export AZURE_TENANT_ID="XXXXXXXXX"
 ```

 If you try to execute Prowler with the `--sp-env-auth` flag and those variables are empty or not exported, the execution is going to fail.
-Follow the instructions in the [Create Prowler Service Principal](../tutorials/azure/create-prowler-service-principal.md) section to create a service principal.
+Follow the instructions in the [Create Prowler Service Principal](../tutorials/microsoft365/getting-started-m365.md#create-the-service-principal-app) section to create a service principal.
+
+With this credentials you will only be able to run the checks that work through MS Graph, this means that you won't run all the provider. If you want to scan all the checks from M365 you will need to use the recommended authentication method.
+
+### Service Principal and User Credentials authentication (recommended)
+
+Authentication flag: `--env-auth`
+
+This authentication method follows the same approach as the service principal method but introduces two additional environment variables for user credentials:  `M365_USER` and `M365_ENCRYPTED_PASSWORD`.
+
+```console
+export AZURE_CLIENT_ID="XXXXXXXXX"
+export AZURE_CLIENT_SECRET="XXXXXXXXX"
+export AZURE_TENANT_ID="XXXXXXXXX"
+export M365_USER="your_email@example.com"
+export M365_ENCRYPTED_PASSWORD="6500780061006d0070006c006500700061007300730077006f0072006400" # replace this to yours
+```
+
+These two new environment variables are **required** to execute the PowerShell modules needed to retrieve information from M365 services. Prowler uses Service Principal authentication to access Microsoft Graph and user credentials to authenticate to Microsoft PowerShell modules.
+
+- `M365_USER` should be your Microsoft account email using the default domain. This means it must look like `example@YourCompany.onmicrosoft.com`.
+
+    To ensure that you are using the default domain you can see how to verify it [here](../tutorials/microsoft365/getting-started-m365.md#step-1-obtain-your-domain).
+
+    If you don't have a user created with that domain, Prowler will not work as it will not be able to ensure both app an user belong to the same tenant. To proceed, you can either create a new user with that domain or modify the domain of an existing user.
+
+    ![User Domains](../tutorials/microsoft365/img/user-domains.png)
+
+- `M365_ENCRYPTED_PASSWORD` must be an encrypted SecureString. To convert your password into a valid encrypted string, you need to use PowerShell.
+
+    ???+ warning
+        Passwords encrypted using ConvertTo-SecureString can only be decrypted on the same OS/user context. If you generate an encrypted password on macOS or Linux (both UNIX), it should fail on Windows and vice versa. As Prowler Cloud runs on UNIX if you generate your password using Windows it won't work so you'll need to generate a new password using any UNIX distro (example above)
+
+    If you are working from Windows and you will use your encrypted password in a different system (like for example executing Prowler in macOS or adding your password to Prowler Cloud), you will need to generate a "UNIX compatible" version of your encrypted password. This can be done using WSL which is so easy to install on Windows.
+
+    === "UNIX"
+
+        Open a PowerShell cmd with a [supported version](requirements.md#supported-powershell-versions) and then run the following command:
+
+        ```console
+        $securePassword = ConvertTo-SecureString "examplepassword" -AsPlainText -Force
+        $encryptedPassword = $securePassword | ConvertFrom-SecureString
+        Write-Output $encryptedPassword
+        6500780061006d0070006c006500700061007300730077006f0072006400
+        ```
+
+        If everything is done correctly, you will see the encrypted string that you need to set as the `M365_ENCRYPTED_PASSWORD` environment variable.
+
+    === "Windows"
+
+
+        How to install WSL and PowerShell on it to generate that password (you can use a different distro but this one will work for sure):
+
+        ```console
+        wsl --install -d Ubuntu-22.04
+        ```
+
+        Then, open the Ubuntu terminal and run the following commands:
+
+        ```console
+        sudo apt update && sudo apt install -y wget apt-transport-https software-properties-common
+        wget -q "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb"
+        sudo dpkg -i packages-microsoft-prod.deb
+        sudo apt update
+        sudo apt install -y powershell
+        pwsh
+        ```
+
+        With this done you will see now that a prompt running PowerShell with the latest version is open so here you will be able to generate your encrypted password:
+
+        ```console
+        $securePassword = ConvertTo-SecureString "examplepassword" -AsPlainText -Force
+        $encryptedPassword = $securePassword | ConvertFrom-SecureString
+        Write-Output $encryptedPassword
+        6500780061006d0070006c006500700061007300730077006f0072006400
+        ```
+
+        If everything is done correctly, you will see the encrypted string that you need to set as the `M365_ENCRYPTED_PASSWORD` environment variable.
+
+

 ### Interactive Browser authentication

-To use `--browser-auth`  the user needs to authenticate against Azure using the default browser to start the scan, also `--tenant-id` flag is required.
+Authentication flag: `--browser-auth`
+
+This authentication method requires the user to authenticate against Azure using the default browser to start the scan, also `--tenant-id` flag is required.
+
+With this credentials you will only be able to run the checks that work through MS Graph, this means that you won't run all the provider. If you want to scan all the checks from M365 you will need to use the recommended authentication method.
+
+Since this is a delegated permission authentication method, necessary permissions should be given to the user, not the app.
+
+
+### Needed permissions
+
+Prowler for M365 requires two types of permission scopes to be set (if you want to run the full provider including PowerShell checks). Both must be configured using Microsoft Entra ID:
+
+- **Service Principal Application Permissions**: These are set at the **application** level and are used to retrieve data from the identity being assessed:
+    - `Directory.Read.All`: Required for all services.
+    - `Policy.Read.All`: Required for all services.
+    - `User.Read` (IMPORTANT: this must be set as **delegated**): Required for the sign-in.
+    - `Sites.Read.All`: Required for SharePoint service.
+    - `SharePointTenantSettings.Read.All`: Required for SharePoint service.
+
+- **Powershell Modules Permissions**: These are set at the `M365_USER` level, so the user used to run Prowler must have one of the following roles:
+    - `Global Reader` (recommended): this allows you to read all roles needed.
+    - `Exchange Administrator` and `Teams Administrator`: user needs both roles but with this [roles](https://learn.microsoft.com/en-us/exchange/permissions-exo/permissions-exo#microsoft-365-permissions-in-exchange-online) you can access to the same information as a Global Reader (since only read access is needed, Global Reader is recommended).
+
+In order to know how to assign those permissions and roles follow the instructions in the Microsoft Entra ID [permissions](../tutorials/microsoft365/getting-started-m365.md#grant-required-api-permissions) and [roles](../tutorials/microsoft365/getting-started-m365.md#assign-required-roles-to-your-user) section.
+
+
+### Supported PowerShell versions
+
+You must have PowerShell installed to run certain M365 checks.
+Currently, we support **PowerShell version 7.4 or higher** (7.5 is recommended).
+
+This requirement exists because **PowerShell 5.1** (the version that comes by default on some Windows systems) does not support several cmdlets needed to run the checks properly.
+Additionally, earlier [PowerShell Cross-Platform versions](https://learn.microsoft.com/en-us/powershell/scripting/install/powershell-support-lifecycle?view=powershell-7.5) are no longer under technical support, which may cause unexpected errors.
+
+
+???+ note
+    Installing powershell will be only needed if you install prowler from pip or other sources, these means that the SDK and API containers contain PowerShell installed by default.
+
+Installing PowerShell is different depending on your OS.
+
+- [Windows](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.5#install-powershell-using-winget-recommended): you will need to update PowerShell to +7.4 to be able to run prowler, if not some checks will not show findings and the provider could not work as expected. This version of PowerShell is [supported](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-windows?view=powershell-7.4#supported-versions-of-windows) on Windows 10, Windows 11, Windows Server 2016 and higher versions.
+
+```console
+winget install --id Microsoft.PowerShell --source winget
+```
+
+
+- [MacOS](https://learn.microsoft.com/es-es/powershell/scripting/install/installing-powershell-on-macos?view=powershell-7.5#install-the-latest-stable-release-of-powershell): installing PowerShell on MacOS needs to have installed [brew](https://brew.sh/), once you have it is just running the command above, Pwsh is only supported in macOS 15 (Sequoia) x64 and Arm64, macOS 14 (Sonoma) x64 and Arm64, macOS 13 (Ventura) x64 and Arm64
+
+```console
+brew install powershell/tap/powershell
+```
+
+Once it's installed run `pwsh` on your terminal to verify it's working.
+
+- Linux: installing PowerShell on Linux depends on the distro you are using:
+
+    - [Ubuntu](https://learn.microsoft.com/es-es/powershell/scripting/install/install-ubuntu?view=powershell-7.5#installation-via-package-repository-the-package-repository): The required version for installing PowerShell +7.4 on Ubuntu are Ubuntu 22.04 and Ubuntu 24.04. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Update the list of packages
+    sudo apt-get update
+
+    # Install pre-requisite packages.
+    sudo apt-get install -y wget apt-transport-https software-properties-common
+
+    # Get the version of Ubuntu
+    source /etc/os-release
+
+    # Download the Microsoft repository keys
+    wget -q https://packages.microsoft.com/config/ubuntu/$VERSION_ID/packages-microsoft-prod.deb
+
+    # Register the Microsoft repository keys
+    sudo dpkg -i packages-microsoft-prod.deb
+
+    # Delete the Microsoft repository keys file
+    rm packages-microsoft-prod.deb
+
+    # Update the list of packages after we added packages.microsoft.com
+    sudo apt-get update
+
+    ###################################
+    # Install PowerShell
+    sudo apt-get install -y powershell
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Alpine](https://learn.microsoft.com/es-es/powershell/scripting/install/install-alpine?view=powershell-7.5#installation-steps): The only supported version for installing PowerShell +7.4 on Alpine is Alpine 3.20. The unique way to install it is downloading the tar.gz package available on [PowerShell github](https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell-7.5.0-linux-musl-x64.tar.gz). You just need to follow the following steps:
+
+    ```console
+    # Install the requirements
+    sudo apk add --no-cache \
+        ca-certificates \
+        less \
+        ncurses-terminfo-base \
+        krb5-libs \
+        libgcc \
+        libintl \
+        libssl3 \
+        libstdc++ \
+        tzdata \
+        userspace-rcu \
+        zlib \
+        icu-libs \
+        curl
+
+    apk -X https://dl-cdn.alpinelinux.org/alpine/edge/main add --no-cache \
+        lttng-ust \
+        openssh-client \
+
+    # Download the powershell '.tar.gz' archive
+    curl -L https://github.com/PowerShell/PowerShell/releases/download/v7.5.0/powershell-7.5.0-linux-musl-x64.tar.gz -o /tmp/powershell.tar.gz
+
+    # Create the target folder where powershell will be placed
+    sudo mkdir -p /opt/microsoft/powershell/7
+
+    # Expand powershell to the target folder
+    sudo tar zxf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7
+
+    # Set execute permissions
+    sudo chmod +x /opt/microsoft/powershell/7/pwsh
+
+    # Create the symbolic link that points to pwsh
+    sudo ln -s /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Debian](https://learn.microsoft.com/es-es/powershell/scripting/install/install-debian?view=powershell-7.5#installation-on-debian-11-or-12-via-the-package-repository): The required version for installing PowerShell +7.4 on Debian are Debian 11 and Debian 12. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Update the list of packages
+    sudo apt-get update
+
+    # Install pre-requisite packages.
+    sudo apt-get install -y wget
+
+    # Get the version of Debian
+    source /etc/os-release
+
+    # Download the Microsoft repository GPG keys
+    wget -q https://packages.microsoft.com/config/debian/$VERSION_ID/packages-microsoft-prod.deb
+
+    # Register the Microsoft repository GPG keys
+    sudo dpkg -i packages-microsoft-prod.deb
+
+    # Delete the Microsoft repository GPG keys file
+    rm packages-microsoft-prod.deb
+
+    # Update the list of packages after we added packages.microsoft.com
+    sudo apt-get update
+
+    ###################################
+    # Install PowerShell
+    sudo apt-get install -y powershell
+
+    # Start PowerShell
+    pwsh
+    ```
+
+    - [Rhel](https://learn.microsoft.com/es-es/powershell/scripting/install/install-rhel?view=powershell-7.5#installation-via-the-package-repository): The required version for installing PowerShell +7.4 on Red Hat are RHEL 8 and RHEL 9. The recommended way to install it is downloading the package available on PMC. You just need to follow the following steps:
+
+    ```console
+    ###################################
+    # Prerequisites
+
+    # Get version of RHEL
+    source /etc/os-release
+    if [ ${VERSION_ID%.*} -lt 8 ]
+    then majorver=7
+    elif [ ${VERSION_ID%.*} -lt 9 ]
+    then majorver=8
+    else majorver=9
+    fi
+
+    # Download the Microsoft RedHat repository package
+    curl -sSL -O https://packages.microsoft.com/config/rhel/$majorver/packages-microsoft-prod.rpm
+
+    # Register the Microsoft RedHat repository
+    sudo rpm -i packages-microsoft-prod.rpm
+
+    # Delete the downloaded package after installing
+    rm packages-microsoft-prod.rpm
+
+    # Update package index files
+    sudo dnf update
+    # Install PowerShell
+    sudo dnf install powershell -y
+    ```
+
+- [Docker](https://learn.microsoft.com/es-es/powershell/scripting/install/powershell-in-docker?view=powershell-7.5#use-powershell-in-a-container): The following command download the latest stable versions of PowerShell:
+
+    ```console
+    docker pull mcr.microsoft.com/dotnet/sdk:9.0
+    ```
+
+    To start an interactive shell of Pwsh you just need to run:
+
+    ```console
+    docker run -it mcr.microsoft.com/dotnet/sdk:9.0 pwsh
+    ```
+
+
+### Needed PowerShell modules
+
+To obtain the required data for this provider, we use several PowerShell cmdlets.
+These cmdlets come from different modules that must be installed.
+
+The installation of these modules will be performed automatically if you run Prowler with the flag `--init-modules`. This an example way of running Prowler and installing the modules:
+
+```console
+python3 prowler-cli.py m365 --verbose --log-level ERROR --env-auth --init-modules
+```
+
+If you already have them installed, there is no problem even if you use the flag because it will automatically check if the needed modules are already installed.
+
+???+ note
+    Prowler installs the modules using `-Scope CurrentUser`.
+    If you encounter any issues with services not working after the automatic installation, try installing the modules manually using `-Scope AllUsers` (administrator permissions are required for this).
+    The command needed to install a module manually is:
+    ```powershell
+    Install-Module -Name "ModuleName" -Scope AllUsers -Force
+    ```
+
+The required modules are:
+
+- [ExchangeOnlineManagement](https://www.powershellgallery.com/packages/ExchangeOnlineManagement/3.6.0): Minimum version 3.6.0. Required for several checks across Exchange, Defender, and Purview.
+- [MicrosoftTeams](https://www.powershellgallery.com/packages/MicrosoftTeams/6.6.0): Minimum version 6.6.0. Required for all Teams checks.
@@ -53,7 +53,7 @@ Prowler App can be installed in different ways, depending on your environment:
        You can change the environment variables in the `.env` file. Note that it is not recommended to use the default values in production environments.

    ???+ note
-        There is a development mode available, you can use the file https://github.com/prowler-cloud/prowler/blob/master/docker-compose.dev.yml to run the app in development mode.
+        There is a development mode available, you can use the file https://github.com/prowler-cloud/prowler/blob/master/docker-compose-dev.yml to run the app in development mode.

    ???+ warning
        Google and GitHub authentication is only available in [Prowler Cloud](https://prowler.com).
@@ -170,7 +170,7 @@ Prowler is available as a project in [PyPI](https://pypi.org/project/prowler/),

    * `Python >= 3.9, <= 3.12`
    * `Python pip >= 21.0.0`
-    * AWS, GCP, Azure, Microsoft365 and/or Kubernetes credentials
+    * AWS, GCP, Azure, M365 and/or Kubernetes credentials

    _Commands_:

@@ -423,7 +423,7 @@ While the scan is running, start exploring the findings in these sections:

 ### Prowler CLI

-To run Prowler, you will need to specify the provider (e.g `aws`, `gcp`, `azure`, `microsoft365` or `kubernetes`):
+To run Prowler, you will need to specify the provider (e.g `aws`, `gcp`, `azure`, `m365` or `kubernetes`):

 ???+ note
    If no provider specified, AWS will be used for backward compatibility with most of v2 options.
@@ -565,23 +565,27 @@ kubectl logs prowler-XXXXX --namespace prowler-ns
 ???+ note
    By default, `prowler` will scan all namespaces in your active Kubernetes context. Use the flag `--context` to specify the context to be scanned and `--namespaces` to specify the namespaces to be scanned.

-#### Microsoft365
+#### Microsoft 365

-With Microsoft365 you need to specify which auth method is going to be used:
+With M365 you need to specify which auth method is going to be used:

 ```console
+
+# To use both service principal (for MSGraph) and user credentials (for PowerShell modules)
+prowler m365 --env-auth
+
 # To use service principal authentication
-prowler microsoft365 --sp-env-auth
+prowler m365 --sp-env-auth

 # To use az cli authentication
-prowler microsoft365 --az-cli-auth
+prowler m365 --az-cli-auth

 # To use browser authentication
-prowler microsoft365 --browser-auth --tenant-id "XXXXXXXX"
+prowler m365 --browser-auth --tenant-id "XXXXXXXX"

 ```

-See more details about Microsoft365 Authentication in [Requirements](getting-started/requirements.md#microsoft365)
+See more details about M365 Authentication in [Requirements](getting-started/requirements.md#microsoft-365)

 ## Prowler v2 Documentation
 For **Prowler v2 Documentation**, please check it out [here](https://github.com/prowler-cloud/prowler/blob/8818f47333a0c1c1a457453c87af0ea5b89a385f/README.md).
@@ -1,14 +1,14 @@
-# Getting Started with AWS on Prowler Cloud
+# Getting Started with AWS on Prowler Cloud/App

 <iframe width="560" height="380" src="https://www.youtube-nocookie.com/embed/RPgIWOCERzY" title="Prowler Cloud Onboarding AWS" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>

-Set up your AWS account to enable security scanning using Prowler Cloud.
+Set up your AWS account to enable security scanning using Prowler Cloud/App.

 ## Requirements

 To configure your AWS account, you’ll need:

-1. Access to Prowler Cloud
+1. Access to Prowler Cloud/App
 2. Properly configured AWS credentials (either static or via an assumed IAM role)

 ---
@@ -22,9 +22,9 @@ To configure your AWS account, you’ll need:

 ---

-## Step 2: Access Prowler Cloud
+## Step 2: Access Prowler Cloud/App

-1. Navigate to [Prowler Cloud](https://cloud.prowler.com/)
+1. Navigate to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
 2. Go to `Configuration` > `Cloud Providers`

    ![Cloud Providers Page](../img/cloud-providers-page.png)
@@ -117,7 +117,7 @@ This method grants permanent access and is the recommended setup for production
        terraform apply
        ```

-    2. During `plan` and `apply`, you will be prompted for the **External ID**, which is available in the Prowler Cloud UI:
+    2. During `plan` and `apply`, you will be prompted for the **External ID**, which is available in the Prowler Cloud/App UI:

        ![Get External ID](./img/get-external-id-prowler-cloud.png)

@@ -135,7 +135,7 @@ This method grants permanent access and is the recommended setup for production

    ![New Role Info](./img/get-role-arn.png)

-10. Paste the ARN into the corresponding field in Prowler Cloud
+10. Paste the ARN into the corresponding field in Prowler Cloud/App

    ![Input the Role ARN](./img/paste-role-arn-prowler.png)

@@ -171,7 +171,7 @@ You can also configure your AWS account using static credentials (not recommende

        ![CloudShell Output](./img/cloudshell-output.png)

-    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud setup screen.
+    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud/App setup screen.

 === "Short term credentials (Recommended)"

@@ -203,9 +203,9 @@ You can also configure your AWS account using static credentials (not recommende
            }
            ```

-    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud setup screen.
+    > ⚠️ Save these credentials securely and paste them into the Prowler Cloud/App setup screen.

-Complete the form in Prowler Cloud and click `Next`
+Complete the form in Prowler Cloud/App and click `Next`

 ![Filled credentials page](./img/prowler-cloud-credentials-next.png)

@@ -1,15 +1,15 @@
-# Getting Started with Azure on Prowler Cloud
+# Getting Started with Azure on Prowler Cloud/App

 <iframe width="560" height="380" src="https://www.youtube-nocookie.com/embed/v1as8vTFlMg" title="Prowler Cloud Onboarding Azure" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>

-Set up your Azure subscription to enable security scanning using Prowler Cloud.
+Set up your Azure subscription to enable security scanning using Prowler Cloud/App.

 ## Requirements

 To configure your Azure subscription, you’ll need:

 1. Get the `Subscription ID`
-2. Access to Prowler Cloud
+2. Access to Prowler Cloud/App
 3. Configure authentication in Azure:

    3.1 Create a Service Principal
@@ -18,7 +18,7 @@ To configure your Azure subscription, you’ll need:

    3.3 Assign permissions at the subscription level

-4. Add the credentials to Prowler Cloud
+4. Add the credentials to Prowler Cloud/App

 ---

@@ -32,9 +32,9 @@ To configure your Azure subscription, you’ll need:

 ---

-## Step 2: Access Prowler Cloud
+## Step 2: Access Prowler Cloud/App

-1. Go to [Prowler Cloud](https://cloud.prowler.com/)
+1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
 2. Navigate to `Configuration` > `Cloud Providers`

    ![Cloud Providers Page](../img/cloud-providers-page.png)
@@ -148,13 +148,13 @@ Assign the following Microsoft Graph permissions:

 ---

-## Step 4: Add Credentials to Prowler Cloud
+## Step 4: Add Credentials to Prowler Cloud/App

 1. Go to your App Registration overview and copy the `Client ID` and `Tenant ID`

    ![App Overview](./img/app-overview.png)

-2. Go to Prowler Cloud and paste:
+2. Go to Prowler Cloud/App and paste:

    - `Client ID`
    - `Tenant ID`
@@ -97,14 +97,16 @@ The following list includes all the Kubernetes checks with configurable variable
 | `kubelet_strong_ciphers_only`                                 | `kubelet_strong_ciphers`                         | String          |


-## Microsoft365
+## M365

 ### Configurable Checks
-The following list includes all the Microsoft365 checks with configurable variables that can be changed in the configuration yaml file:
+The following list includes all the Microsoft 365 checks with configurable variables that can be changed in the configuration yaml file:

 | Check Name                                                    | Value                                            | Type            |
 |---------------------------------------------------------------|--------------------------------------------------|-----------------|
 | `entra_admin_users_sign_in_frequency_enabled`                 | `sign_in_frequency`                              | Integer         |
+| `teams_external_file_sharing_restricted`                      | `allowed_cloud_storage_services`                 | List of Strings |
+| `exchange_organization_mailtips_enabled`                      | `recommended_mailtips_large_audience_threshold`  | Integer         |


 ## Config YAML File Structure
@@ -504,10 +506,24 @@ kubernetes:
      "TLS_RSA_WITH_AES_128_GCM_SHA256",
    ]

-# Microsoft365 Configuration
-microsoft365:
-  # Conditional Access Policy
-  # policy.session_controls.sign_in_frequency.frequency in hours
-  sign_in_frequency: 4
+# M365 Configuration
+m365:
+  # Entra Conditional Access Policy
+  # m365.entra_admin_users_sign_in_frequency_enabled
+  sign_in_frequency: 4 # 4 hours
+  # Teams Settings
+  # m365.teams_external_file_sharing_restricted
+  allowed_cloud_storage_services:
+    [
+      #"allow_box",
+      #"allow_drop_box",
+      #"allow_egnyte",
+      #"allow_google_drive",
+      #"allow_share_file",
+    ]
+  # Exchange Organization Settings
+  # m365.exchange_organization_mailtips_enabled
+  recommended_mailtips_large_audience_threshold: 25 # maximum number of recipients
+

 ```
@@ -4,8 +4,13 @@ Prowler will use by default your User Account credentials, you can configure it

 - `gcloud init` to use a new account
 - `gcloud config set account <account>` to use an existing account
+- `gcloud auth application-default login`

-Then, obtain your access credentials using: `gcloud auth application-default login`
+This will generate Application Default Credentials (ADC) that Prowler will use automatically.
+
+---
+
+## Using a Service Account key file

 Otherwise, you can generate and download Service Account keys in JSON format (refer to https://cloud.google.com/iam/docs/creating-managing-service-account-keys) and provide the location of the file with the following argument:

@@ -16,14 +21,60 @@ prowler gcp --credentials-file path
 ???+ note
    `prowler` will scan the GCP project associated with the credentials.

+---

-Prowler will follow the same credentials search as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):
+## Using an access token

-1. [GOOGLE_APPLICATION_CREDENTIALS environment variable](https://cloud.google.com/docs/authentication/application-default-credentials#GAC)
-2. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
-3. [The attached service account, returned by the metadata server](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)
+If you already have an access token (e.g., generated with `gcloud auth print-access-token`), you can run Prowler with:

-Those credentials must be associated to a user or service account with proper permissions to do all checks. To make sure, add the `Viewer` role to the member associated with the credentials.
+```bash
+export CLOUDSDK_AUTH_ACCESS_TOKEN=$(gcloud auth print-access-token)
+prowler gcp --project-ids <project-id>
+```
+
+???+ note
+    If using this method, it's recommended to also set the default project explicitly:
+    ```bash
+    export GOOGLE_CLOUD_PROJECT=<project-id>
+    ```
+
+---
+
+## Credentials lookup order
+
+Prowler follows the same search order as [Google authentication libraries](https://cloud.google.com/docs/authentication/application-default-credentials#search_order):
+
+1. [`GOOGLE_APPLICATION_CREDENTIALS` environment variable](https://cloud.google.com/docs/authentication/application-default-credentials#GAC)
+2. [`CLOUDSDK_AUTH_ACCESS_TOKEN` + optional `GOOGLE_CLOUD_PROJECT`](https://cloud.google.com/sdk/gcloud/reference/auth/print-access-token)
+3. [User credentials set up by using the Google Cloud CLI](https://cloud.google.com/docs/authentication/application-default-credentials#personal)
+4. [Attached service account (e.g., Cloud Run, GCE, Cloud Functions)](https://cloud.google.com/docs/authentication/application-default-credentials#attached-sa)
+
+???+ note
+    The credentials must belong to a user or service account with the necessary permissions.
+    To ensure full access, assign the roles/viewer IAM role to the identity being used.
+
+???+ note
+    Prowler will use the enabled Google Cloud APIs to get the information needed to perform the checks.
+
+---
+
+
+## Needed permissions
+
+Prowler for Google Cloud needs the following permissions to be set:
+
+- **Viewer (`roles/viewer`) IAM role**: granted at the project / folder / org level in order to scan the target projects
+
+- **Project level settings**: you need to have at least one project with the below settings:
+    - Identity and Access Management (IAM) API (`iam.googleapis.com`) enabled by either using the
+    [Google Cloud API UI](https://console.cloud.google.com/apis/api/iam.googleapis.com/metrics) or
+    by using the gcloud CLI `gcloud services enable iam.googleapis.com --project <your-project-id>` command
+    - Service Usage Consumer (`roles/serviceusage.serviceUsageConsumer`) IAM role
+    - Set the quota project to be this project by either running `gcloud auth application-default set-quota-project <project-id>` or by setting an environment variable:
+    `export GOOGLE_CLOUD_QUOTA_PROJECT=<project-id>`
+
+
+The above settings must be associated to a user or service account.

 ???+ note
    Prowler will use the enabled Google Cloud APIs to get the information needed to perform the checks.
@@ -1,20 +1,20 @@
-# Getting Started with GCP on Prowler Cloud
+# Getting Started with GCP on Prowler Cloud/App

 <iframe width="560" height="380" src="https://www.youtube-nocookie.com/embed/v1as8vTFlMg" title="Prowler Cloud Onboarding GCP" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="1"></iframe>

-Set up your GCP project to enable security scanning using Prowler Cloud.
+Set up your GCP project to enable security scanning using Prowler Cloud/App.

 ## Requirements

 To configure your GCP project, you’ll need:

 1. Get the `Project ID`
-2. Access to Prowler Cloud
+2. Access to Prowler Cloud/App
 3. Configure authentication in GCP:

    3.1 Retrieve credentials from Google Cloud

-4. Add the credentials to Prowler Cloud
+4. Add the credentials to Prowler Cloud/App

 ---

@@ -27,9 +27,9 @@ To configure your GCP project, you’ll need:

 ---

-## Step 2: Access Prowler Cloud
+## Step 2: Access Prowler Cloud/App

-1. Go to [Prowler Cloud](https://cloud.prowler.com/)
+1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
 2. Navigate to `Configuration` > `Cloud Providers`

    ![Cloud Providers Page](../img/cloud-providers-page.png)
@@ -86,7 +86,7 @@ To configure your GCP project, you’ll need:

    ![Get the FileName](./img/get-temp-file-credentials.png)

-8. Extract the following values for Prowler Cloud:
+8. Extract the following values for Prowler Cloud/App:

    - `client_id`
    - `client_secret`
@@ -96,9 +96,9 @@ To configure your GCP project, you’ll need:

 ---

-## Step 4: Add Credentials to Prowler Cloud
+## Step 4: Add Credentials to Prowler Cloud/App

-1. Go back to Prowler Cloud and enter the required credentials, then click `Next`
+1. Go back to Prowler Cloud/App and enter the required credentials, then click `Next`

    ![Enter the Credentials](./img/enter-credentials-prowler-cloud.png)

@@ -1,23 +1,28 @@
-# Microsoft365 authentication
+# Microsoft 365 authentication

 By default Prowler uses MsGraph Python SDK identity package authentication methods using the class `ClientSecretCredential`.
-This allows Prowler to authenticate against microsoft365 using the following methods:
+This allows Prowler to authenticate against Microsoft 365 using the following methods:

 - Service principal authentication by environment variables (Enterprise Application)
+- Service principal and Microsoft user credentials by environment variabled (using PowerShell requires this authentication method)
 - Current CLI credentials stored
 - Interactive browser authentication

+
 To launch the tool first you need to specify which method is used through the following flags:

 ```console
+# To use service principal (app) authentication and Microsoft user credentials (to use PowerShell)
+prowler m365 --env-auth
+
 # To use service principal authentication
-prowler microsoft365 --sp-env-auth
+prowler m365 --sp-env-auth

 # To use cli authentication
-prowler microsoft365 --az-cli-auth
+prowler m365 --az-cli-auth

 # To use browser authentication
-prowler microsoft365 --browser-auth --tenant-id "XXXXXXXX"
+prowler m365 --browser-auth --tenant-id "XXXXXXXX"
 ```

-To use Prowler you need to set up also the permissions required to access your resources in your Microsoft365 account, to more details refer to [Requirements](../../getting-started/requirements.md)
+To use Prowler you need to set up also the permissions required to access your resources in your Microsoft 365 account, to more details refer to [Requirements](../../getting-started/requirements.md#microsoft-365)
@@ -0,0 +1,205 @@
+# Getting Started with M365 on Prowler Cloud/App
+
+Set up your M365 account to enable security scanning using Prowler Cloud/App.
+
+## Requirements
+
+To configure your M365 account, you’ll need:
+
+1. Obtain your `Default Domain` from the Entra ID portal.
+
+2. Access Prowler Cloud/App and add a new cloud provider `Microsoft 365`.
+
+3. Configure your M365 account:
+
+    3.1 Create the Service Principal app.
+
+    3.2 Grant the required API permissions.
+
+    3.3 Assign the required roles to your user.
+
+    3.4 Retrieve your encrypted password.
+
+4. Add the credentials to Prowler Cloud/App.
+
+## Step 1: Obtain your Domain
+
+Go to the Entra ID portal, then you can search for `Domain` or go to Identity > Settings > Domain Names.
+
+![Search Domain Names](./img/search-domain-names.png)
+
+<br>
+
+![Custom Domain Names](./img/custom-domain-names.png)
+
+Once you are there just look for the `Default Domain` this should be something similar to `YourCompany.onmicrosoft.com`. To ensure that you are picking the correct domain just click on it and verify that the type is `Initial` and you can't delete it.
+
+![Search Default Domain](./img/search-default-domain.png)
+
+---
+
+## Step 2: Access Prowler Cloud/App
+
+1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](../prowler-app.md)
+2. Navigate to `Configuration` > `Cloud Providers`
+
+    ![Cloud Providers Page](../img/cloud-providers-page.png)
+
+3. Click on `Add Cloud Provider`
+
+    ![Add a Cloud Provider](../img/add-cloud-provider.png)
+
+4. Select `Microsoft 365`
+
+    ![Select Microsoft 365](./img/select-m365-prowler-cloud.png)
+
+5. Add the Domain ID and an optional alias, then click `Next`
+
+    ![Add Domain ID](./img/add-domain-id.png)
+
+---
+
+## Step 3: Configure your M365 account
+
+
+### Create the Service Principal app
+
+A Service Principal is required to grant Prowler the necessary privileges.
+
+1. Access **Microsoft Entra ID**
+
+    ![Overview of Microsoft Entra ID](./img/microsoft-entra-id.png)
+
+2. Navigate to `Applications` > `App registrations`
+
+    ![App Registration nav](./img/app-registration-menu.png)
+
+3. Click `+ New registration`, complete the form, and click `Register`
+
+    ![New Registration](./img/new-registration.png)
+
+4. Go to `Certificates & secrets` > `+ New client secret`
+
+    ![Certificate & Secrets nav](./img/certificates-and-secrets.png)
+
+5. Fill in the required fields and click `Add`, then copy the generated value (that value will be `AZURE_CLIENT_SECRET`)
+
+    ![New Client Secret](./img/new-client-secret.png)
+
+With this done you will have all the needed keys, summarized in the following table
+
+| Value | Description |
+|-------|-------------|
+| Client ID | Application (client) ID |
+| Client Secret | AZURE_CLIENT_SECRET |
+| Tenant ID | Directory (tenant) ID |
+
+---
+
+### Grant required API permissions
+
+Assign the following Microsoft Graph permissions:
+
+- `Directory.Read.All`: Required for all services.
+- `Policy.Read.All`: Required for all services.
+- `User.Read` (IMPORTANT: this is set as **delegated**): Required for the sign-in.
+- `Sites.Read.All`: Required for SharePoint service.
+- `SharePointTenantSettings.Read.All`: Required for SharePoint service.
+
+Follow these steps to assign the permissions:
+
+1. Go to your App Registration > Select your Prowler App created before > click on `API permissions`
+
+    ![API Permission Page](./img/api-permissions-page.png)
+
+2. Click `+ Add a permission` > `Microsoft Graph` > `Application permissions`
+
+    ![Add API Permission](./img/add-app-api-permission.png)
+
+3. Search and select every permission below and once all are selected click on `Add permissions`:
+
+    - `Directory.Read.All`
+    - `Policy.Read.All`
+    - `Sites.Read.All`
+    - `SharePointTenantSettings.Read.All`
+
+    ![Permission Screenshots](./img/directory-permission.png)
+
+4. Click `Add permissions`, then grant admin consent
+
+    ![Grant Admin Consent](./img/grant-admin-consent.png)
+
+5. Click `+ Add a permission` > `Microsoft Graph` > `Delegated permissions`
+
+    ![Add API Permission](./img/add-delegated-api-permission.png)
+
+6. Search and select:
+
+    - `User.Read`
+
+    ![Permission Screenshots](./img/directory-permission-delegated.png)
+
+7. Click `Add permissions`, then grant admin consent
+
+    ![Grant Admin Consent](./img/grant-admin-consent-delegated.png)
+
+---
+
+### Assign required roles to your user
+
+Assign one of the following roles to your User:
+
+- `Global Reader` (recommended): this allows you to read all roles needed.
+- `Exchange Administrator` and `Teams Administrator`: user needs both roles but with this [roles](https://learn.microsoft.com/en-us/exchange/permissions-exo/permissions-exo#microsoft-365-permissions-in-exchange-online) you can access to the same information as a Global Reader (here you only read so that's why we recomend that role).
+
+Follow these steps to assign the role:
+
+1. Go to Users > All Users > Click on the email for the user you will use
+
+    ![User Overview](./img/user-info-page.png)
+
+2. Click `Assigned Roles`
+
+    ![User Roles](./img/user-role-page.png)
+
+3. Click on `Add assignments`, then search and select:
+
+    - `Global Reader` This is the recommended, if you want to use the others just search for them
+
+    ![Global Reader Screenshots](./img/global-reader.png)
+
+4. Click on next, then assign the role as `Active`, and click on `Assign` to grant admin consent
+
+    ![Grant Admin Consent for Role](./img/grant-admin-consent-for-role.png)
+
+---
+
+### Get your encrypted password
+
+For this step you will need to use PowerShell, here you will have to create your Encrypted Password based on the password of the User that you are going to use. For more information about how to generate this Password go [here](../../getting-started/requirements.md#service-principal-and-user-credentials-authentication-recommended) and follow the steps needed to obtain `M365_ENCRYPTED_PASSWORD`.
+
+---
+
+## Step 4: Add credentials to Prowler Cloud/App
+
+1. Go to your App Registration overview and copy the `Client ID` and `Tenant ID`
+
+    ![App Overview](./img/app-overview.png)
+
+2. Go to Prowler Cloud/App and paste:
+
+    - `Client ID`
+    - `Tenant ID`
+    - `AZURE_CLIENT_SECRET` from earlier
+    - `M365_USER` your user using the default domain, more info [here](../../getting-started/requirements.md#service-principal-and-user-credentials-authentication-recommended)
+    - `M365_ENCRYPTED_PASSWORD` generated before
+
+    ![Prowler Cloud M365 Credentials](./img/m365-credentials.png)
+
+3. Click `Next`
+
+    ![Next Detail](./img/click-next-m365.png)
+
+4. Click `Launch Scan`
+
+    ![Launch Scan M365](./img/launch-scan.png)
@@ -0,0 +1,12 @@
+PowerShell is required by this provider because it is the only way to retrieve data from certain Microsoft 365 services.
+
+## Installing PowerShell
+
+If you are using Prowler Cloud, you don't need to worry about PowerShell — it is already installed in our infrastructure.
+However, if you want to run Prowler on your own, you must have PowerShell installed to execute the full M365 provider and retrieve all findings.
+To learn more about how to install PowerShell and which versions are supported, click [here](../../getting-started/requirements.md#supported-powershell-versions).
+
+## Required Modules
+
+The necessary modules will not be installed automatically by Prowler. Nevertheless, if you want Prowler to install them for you, you can execute the provider with the flag `--init-modules`, which will run the script to install and import them.
+If you want to learn more about this process or you are running some issues with this, click [here](../../getting-started/requirements.md#needed-powershell-modules).
@@ -150,6 +150,13 @@ By default, the `kubeconfig` file is located at `~/.kube/config`.

 ---

+### **Step 4.5: M365 Credentials**
+For M365, Prowler App uses a service principal application with user and password to authenticate, for more information about the requirements needed for this provider check this [section](../getting-started/requirements.md#microsoft-365). Also, the detailed steps of how to add this provider to Prowler Cloud and start using it are [here](./microsoft365/getting-started-m365.md).
+
+<img src="../../img/m365-credentials.png" alt="Prowler Cloud M365 Credentials" width="700"/>
+
+---
+
 ## **Step 5: Test Connection**
 After adding your credentials of your cloud account, click the `Launch` button to verify that the Prowler App can successfully connect to your provider:

@@ -66,7 +66,7 @@
        "# from prowler.providers.gcp.gcp_provider import GcpProvider\n",
        "# from prowler.providers.azure.azure_provider import AzureProvider\n",
        "# from prowler.providers.kubernetes.kubernetes_provider import KubernetesProvider\n",
-        "# from prowler.providers.microsoft365.microsoft365_provider import Microsoft365Provider"
+        "# from prowler.providers.m365.m365_provider import M365Provider"
      ]
    },
    {
@@ -102,7 +102,9 @@ nav:
          - Non In-Cluster Execution: tutorials/kubernetes/outside-cluster.md
          - Miscellaneous: tutorials/kubernetes/misc.md
      - Microsoft 365:
+          - Getting Started: tutorials/microsoft365/getting-started-m365.md
          - Authentication: tutorials/microsoft365/authentication.md
+          - Use of PowerShell: tutorials/microsoft365/use-of-powershell.md
  - Developer Guide:
      - Introduction: developer-guide/introduction.md
      - Provider: developer-guide/provider.md
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Hugo Pereira Brito	e65dd655c9	chore(m365): accept all tenant domains in authentication (#7746 ) (cherry picked from commit `a18dd76a5a`) # Conflicts: # prowler/providers/m365/m365_provider.py	2025-05-19 08:09:59 +00:00
Prowler Bot	fcc25451d8	chore(ec2): improve severity logic in SG all ports open check (#7769 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-16 16:06:51 +02:00
Prowler Bot	6c04592e7e	fix(check): Add support for condition with restriction on SNS endpoint (#7757 ) Co-authored-by: Ogonna Iwunze <1915636+wunzeco@users.noreply.github.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-15 16:53:12 +02:00
Prowler Bot	73f9811f42	fix(check): add missing `__init__.py` files (#7754 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2025-05-15 15:01:42 +02:00
Prowler Bot	c89673a01e	fix(deps): solve h11 package vulnerability (#7730 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-14 10:21:01 +02:00
Prowler Bot	2c7b10d71a	fix: Added filter to get connected providers only for banner to show (#7726 ) Co-authored-by: sumit-tft <70506234+sumit-tft@users.noreply.github.com>	2025-05-13 13:02:03 +02:00
Prowler Bot	9ea500009b	fix(bump-version): bump for fix also in minors (#7715 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-13 13:35:25 +05:45
Prowler Bot	5f92e33a54	fix(defender): enhance policies checks logic (#7719 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-12 19:12:11 +02:00
Prowler Bot	d6b5d8a919	chore(compliance): update `CIS 4.0` for `M365` (#7716 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-12 13:10:07 +02:00
Prowler Bot	b3d5f7b848	fix(m365): invalid user credentials exception (#7707 ) Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-12 12:46:02 +02:00
Pepe Fagoaga	a96aa9a3f6	chore(release): Bump version to v5.6.1 (#7701 )	2025-05-12 14:41:03 +05:45
Pepe Fagoaga	ff3cd0f51b	fix(sdk): Set v5.6.0 in config	2025-05-08 14:18:51 +02:00
Pepe Fagoaga	c208948521	chore(deps): v5.6.0 (#7689 )	2025-05-08 18:00:44 +05:45
Pepe Fagoaga	f1d5f73d40	chore(changelog): prepare for v5.6.0 (#7688 )	2025-05-08 13:11:22 +02:00
Pedro Martín	1cc09b81f9	fix(prowler_threatscore): fine-tune LevelOfRisk (#7667 )	2025-05-08 11:39:14 +02:00
Pedro Martín	56ef1a4f87	fix(dashboard): drop duplicates for rows (#7686 )	2025-05-08 11:36:25 +02:00
Sergio Garcia	0f75c2a24f	fix(mutelist): properly handle wildcards and regex (#7685 )	2025-05-08 11:36:25 +02:00
Pedro Martín	b7c317bf23	fix(dashboard): remove muted findings on compliance page (#7683 )	2025-05-08 11:36:25 +02:00
Adrián Jesús Peña Rodríguez	54aa1a4507	feat: add compliance to API report files and its endpoint (#7653 ) Co-authored-by: Pepe Fagoaga <pepe@prowler.com>	2025-05-08 11:36:13 +02:00
Hugo Pereira Brito	0d4bd8c0a0	fix(metadata): typo in `defender_chat_report_policy_configured` (#7678 )	2025-05-08 11:33:56 +02:00
Alejandro Bailo	1c040b8e41	feat: add DeltaIndicator in new findings (#7676 )	2025-05-08 11:33:56 +02:00
Daniel Barranquero	c3b36720dc	feat(docs): add snapshots to M365 docs (#7673 )	2025-05-08 11:33:56 +02:00
Hugo Pereira Brito	af6b0833a1	fix(powershell): remove platform-specific execution (#7675 )	2025-05-08 11:33:56 +02:00
Alejandro Bailo	8817d08a92	refactor(finding-detail): remove "Next Scan" field (#7674 )	2025-05-08 11:33:56 +02:00
Pablo Lara	78d9508862	docs: update changelog (#7672 )	2025-05-08 11:33:56 +02:00
Alejandro Bailo	dc543b2c89	feat: diff between providers actions depending on their secrets (#7669 )	2025-05-08 11:33:56 +02:00
Sergio Garcia	0025c99fb9	chore(actions): run tests in dependabot updates (#7671 )	2025-05-08 11:33:56 +02:00
Pedro Martín	d3f12075e9	feat(aws): add static credentials for S3 and SH (#7322 )	2025-05-08 11:33:56 +02:00
Pablo Lara	513bf6bca7	chore: tweaks for m365 provider (#7668 )	2025-05-08 11:33:56 +02:00
Alejandro Bailo	7459fe9556	feat: add delta attribute in findings detail view with and finding id to the url (#7654 )	2025-05-08 11:33:56 +02:00
Pablo Lara	2b06f0115e	feat(compliance): add a button to download the report in compliance card (#7665 )	2025-05-08 11:33:56 +02:00
Andoni Alonso	2e134815d3	feat(teams): add new checks `teams_security_reporting_enabled` and `defender_chat_report_policy_configured` (#7614 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com> Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>	2025-05-08 11:33:56 +02:00
Daniel Barranquero	118a1c1138	feat(defender): add new check `defender_malware_policy_comprehensive_attachments_filter_applied` (#7661 )	2025-05-08 11:33:55 +02:00
Daniel Barranquero	1b35a72915	feat(exchange): make `exchange_user_mailbox_auditing_enabled` check configurable (#7662 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:33:55 +02:00
Hugo Pereira Brito	2d7b110b1b	feat(m365): ensure all forms of mail forwarding are blocked or disabled (#7658 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	7c00c949e6	docs(m365): add documentation for `m365` (#7622 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:33:55 +02:00
Pedro Martín	8fcbcda15c	chore(changelog): update with latest PR (#7628 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:33:55 +02:00
Pedro Martín	fb33506f4a	feat(dashboard): support m365 provider (#7633 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:33:55 +02:00
dependabot[bot]	e43b572d5e	chore(deps): bump docker/build-push-action from 6.15.0 to 6.16.0 (#7650 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Prowler Bot	ff22e13e24	chore(regions_update): Changes in regions for AWS services (#7657 ) Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
dependabot[bot]	c4946a8938	chore(deps): bump github/codeql-action from 3.28.15 to 3.28.16 (#7649 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
dependabot[bot]	0e51ee9c7c	chore(deps): bump trufflesecurity/trufflehog from 3.88.23 to 3.88.26 (#7648 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
dependabot[bot]	22a5776ec0	chore(deps): bump actions/setup-python from 5.5.0 to 5.6.0 (#7647 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
sumit-tft	108983e959	feat(ui): Page size for datatables (#7634 )	2025-05-08 11:33:55 +02:00
Alejandro Bailo	635b3f1978	fix: error about page number persistence when filters change (#7655 )	2025-05-08 11:33:55 +02:00
Andoni Alonso	dc3d5149e9	chore(sentry): attach stacktrace to logging events (#7598 ) Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	cffa560c9d	feat(exchange): add new check `exchange_organization_modern_authentication_enabled` (#7636 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	80c8cb9b6c	feat(exchange): add new check `exchange_roles_assignment_policy_addins_disabled` (#7644 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	dbffcedc49	feat(exchange): add new check `exchange_mailbox_properties_auditing_e3_enabled` (#7642 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	5d4191a7fc	feat(exchange): add new check `exchange_transport_config_smtp_auth_disabled` (#7640 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Daniel Barranquero	ab6d05637d	feat(exchange): add new check `exchange_organization_mailtips_enabled` (#7637 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:55 +02:00
Adrián Jesús Peña Rodríguez	75b3c02811	feat: add m365 to API (#7563 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:33:43 +02:00
Hugo Pereira Brito	e25ff209b3	feat(m365): automate `PowerShell` modules installation (#7618 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com> Co-authored-by: Adrián Jesús Peña Rodríguez <adrianjpr@gmail.com>	2025-05-08 11:30:40 +02:00
Pablo Lara	81cf5303a1	fix: set correct default value for session duration (#7639 )	2025-05-08 11:30:40 +02:00
Víctor Fernández Poyatos	087ac5b53a	test(performance): Add base framework for API performance tests (#7632 )	2025-05-08 11:30:40 +02:00
Daniel Barranquero	fb429c9e23	feat(exchange): add new check `exchange_mailbox_policy_additional_storage_restricted` (#7638 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:30:40 +02:00
Pedro Martín	284cd66ed6	feat(sharepoint): add new check related with OneDrive Sync (#7589 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com>	2025-05-08 11:30:40 +02:00
Pedro Martín	3ae2c4a225	fix(typos): remove unneeded files (#7627 )	2025-05-08 11:30:40 +02:00
Erlend Ekern	2d270ace7f	chore(dockerfile): add image source as docker label (#7617 )	2025-05-08 11:30:40 +02:00
Pedro Martín	aaeb71a563	feat(compliance): add new Prowler Threat Score Compliance Framework (#7603 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
dependabot[bot]	737abe83c8	chore(deps): bump @babel/runtime from 7.24.7 to 7.27.0 in /ui (#7502 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:30:39 +02:00
Andoni Alonso	a78c5499c9	feat(teams): add new check `teams_meeting_presenters_restricted` (#7613 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Andoni Alonso	e50d779e34	feat(teams): add new check `teams_meeting_recording_disabled` (#7607 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Andoni Alonso	be2965d274	feat(teams): add new check `teams_meeting_external_chat_disabled` (#7605 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Andoni Alonso	0bdaeff745	feat(teams): add new check `teams_meeting_external_control_disabled` (#7604 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Hugo Pereira Brito	ad25a8fe82	fix(powershell): handle m365 provider execution and logging (#7602 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Hugo Pereira Brito	aebc89c17c	feat(teams): add new check `teams_meeting_chat_anonymous_users_disabled` (#7579 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:30:39 +02:00
Pablo Lara	8fac7ad44d	feat: add new M365 to the provider overview table (#7615 )	2025-05-08 11:30:39 +02:00
dependabot[bot]	b0f5d6718f	chore(deps): bump h11 from 0.14.0 to 0.16.0 (#7609 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:30:35 +02:00
Hugo Pereira Brito	83dfa8ae45	feat(teams): add new check `teams_meeting_dial_in_lobby_bypass_disabled` (#7571 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	d929e293b5	feat(teams): add new check `teams_meeting_external_lobby_bypass_disabled` (#7568 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Pepe Fagoaga	87c4361559	chore(actions): Bump Prowler version on release (#7560 )	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	de36bddccf	chore(m365): add `test_connection` function (#7541 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	97dac23d39	feat(exchange): add new check `exchange_external_email_tagging_enabled` (#7580 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	64082b5038	feat(exchange): add new check `exchange_transport_rules_whitelist_disabled` (#7569 ) Co-authored-by: Andoni A. <14891798+andoniaf@users.noreply.github.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	2f6e83ad0c	feat(defender): Add new check `defender_antispam_policy_inbound_no_allowed_domains` (#7500 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	24e0a175b5	feat(teams): add new check `teams_meeting_anonymous_user_start_disabled` (#7567 )	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	7c1ae956d5	fix(docs): overview m365 auth (#7588 )	2025-05-08 11:28:19 +02:00
Pablo Lara	896c466889	chore: remove deprecated launch scan page from old 4-step workflow (#7592 )	2025-05-08 11:28:19 +02:00
Pablo Lara	e2fd3f14ed	feat(m365): add the new provider m365 - UI part (#7591 )	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	8239e2cd09	feat(teams): add new check `teams_meeting_anonymous_user_join_disabled` (#7565 ) Co-authored-by: Andoni A <14891798+andoniaf@users.noreply.github.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	9e21348cdd	feat(teams): add new check `teams_external_users_cannot_start_conversations` (#7562 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	62672a98f2	feat(teams): add new check `teams_unmanaged_communication_disabled` (#7561 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	08f52ee668	feat(teams): add new check `teams_external_domains_restricted` (#7557 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Hugo Pereira Brito	253847e3cd	fix(teams): `teams_email_sending_to_channel_disabled` docstrings (#7559 )	2025-05-08 11:28:19 +02:00
Daniel Barranquero	8449728df1	feat(defender): add new check `defender_antispam_connection_filter_policy_safe_list_off` (#7494 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	ba9d0cd9c2	feat(defender): add new check `defender_antispam_connection_filter_policy_empty_ip_allowlist` (#7492 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	1981173e75	feat(defender): add new check `defender_domain_dkim_enabled` (#7485 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Daniel Barranquero	1f250dccb7	feat(defender): add new check `defender_antispam_outbound_policy_configured` (#7480 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:19 +02:00
Prowler Bot	4a8f6070d3	chore(regions_update): Changes in regions for AWS services (#7550 ) Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>	2025-05-08 11:28:19 +02:00
César Arroba	87f89e68eb	chore: pass labels on PR merge trigger (#7558 )	2025-05-08 11:28:19 +02:00
César Arroba	87cb33ba57	chore: revert pass labels (#7556 )	2025-05-08 11:28:19 +02:00
César Arroba	83cb2ed297	chore: pass labels as json is required (#7555 )	2025-05-08 11:28:18 +02:00
César Arroba	57ff41db3e	chore: fix merged PR action, incorrect order on payload (#7554 )	2025-05-08 11:28:18 +02:00
César Arroba	3ad376fe07	chore: pass labels (#7553 )	2025-05-08 11:28:18 +02:00
César Arroba	9f76c47c85	chore: fix json body (#7552 )	2025-05-08 11:28:18 +02:00
César Arroba	c6c46b0f23	chore: fix trigger (#7551 )	2025-05-08 11:28:18 +02:00
César Arroba	acb98372c7	chore(gha): trigger cloud pull-request when a PR is merged (#7212 )	2025-05-08 11:28:18 +02:00
Daniel Barranquero	1998054680	feat(defender): add new check `defender_antiphishing_policy_configured` (#7453 )	2025-05-08 11:28:18 +02:00
Daniel Barranquero	bb94ede69f	feat(defender): add new check `defender_malware_policy_notifications_internal_users_malware_enabled` (#7435 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Daniel Barranquero	676133c14d	feat(defender): add service and new check `defender_malware_policy_common_attachments_filter_enabled` (#7425 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Daniel Barranquero	00e33d39bb	feat(exchange): add new check `exchange_mailbox_audit_bypass_disabled` (#7418 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Daniel Barranquero	311c9a41ff	feat(exchange): add service and new check `exchange_organization_mailbox_auditing_enabled` (#7408 ) Co-authored-by: HugoPBrito <hugopbrit@gmail.com> Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Hugo Pereira Brito	86b6732013	feat(teams): add new check `teams_email_sending_to_channel_disabled` (#7533 ) Co-authored-by: Sergio Garcia <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Sergio Garcia	f851a90cb0	feat(gcp): support CLOUDSDK_AUTH_ACCESS_TOKEN (#7495 )	2025-05-08 11:28:18 +02:00
Sergio Garcia	c8983440f1	chore(regions): change interval to weekly (#7539 )	2025-05-08 11:28:18 +02:00
Prowler Bot	ca21d8ceae	chore(regions_update): Changes in regions for AWS services (#7538 ) Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>	2025-05-08 11:28:18 +02:00
Sergio Garcia	c07a531c3b	chore(dependabot): change settings (#7536 )	2025-05-08 11:28:18 +02:00
Hugo Pereira Brito	b0e3511351	feat: adapt `Microsoft365` provider to use `PowerShell` (#7331 ) Co-authored-by: MrCloudSec <hello@mistercloudsec.com>	2025-05-08 11:28:18 +02:00
Bogdan A	1c3d5b5f69	docs(gcp): update required permissions for GCP (#7488 )	2025-05-08 11:28:18 +02:00
dependabot[bot]	e38a2f47b3	chore(deps): bump python from 3.12.9-alpine3.20 to 3.12.10-alpine3.20 (#7520 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:28:18 +02:00
dependabot[bot]	b4dab02f5a	chore(deps): bump codecov/codecov-action from 5.4.0 to 5.4.2 (#7522 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:28:18 +02:00
dependabot[bot]	a48fafc277	chore(deps): bump actions/setup-node from 4.3.0 to 4.4.0 (#7521 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-08 11:28:18 +02:00
Prowler Bot	109c23ba69	chore(regions_update): Changes in regions for AWS services (#7527 ) Co-authored-by: prowler-bot <179230569+prowler-bot@users.noreply.github.com>	2025-05-08 11:28:18 +02:00
Pepe Fagoaga	2fe98ae6ce	chore(action): Remove cache in PyPI release (#7532 )	2025-05-08 11:28:06 +02:00