mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-06 20:21:51 +00:00
9ca1899ebf
Co-authored-by: Daniel Barranquero <danielbo2001@gmail.com> Co-authored-by: Andoni Alonso <14891798+andoniaf@users.noreply.github.com>
30 lines
1.2 KiB
Markdown
30 lines
1.2 KiB
Markdown
# Microsoft 365 Authentication for Prowler
|
|
|
|
By default, Prowler utilizes the MsGraph Python SDK identity package for authentication, leveraging the class `ClientSecretCredential`. This enables authentication against Microsoft 365 using the following approaches:
|
|
|
|
- Service principal authentication by environment variables (Enterprise Application)
|
|
- Service principal and Microsoft user credentials by environment variabled (using PowerShell requires this authentication method)
|
|
- Current CLI credentials stored
|
|
- Interactive browser authentication
|
|
|
|
|
|
To launch the tool first you need to specify which method is used through the following flags:
|
|
|
|
```console
|
|
# To use service principal (app) authentication and Microsoft user credentials
|
|
prowler m365 --env-auth
|
|
|
|
# To use service principal authentication
|
|
prowler m365 --sp-env-auth
|
|
|
|
# To use cli authentication
|
|
prowler m365 --az-cli-auth
|
|
|
|
# To use browser authentication
|
|
prowler m365 --browser-auth --tenant-id "XXXXXXXX"
|
|
```
|
|
|
|
## Permission Configuration
|
|
|
|
To ensure Prowler can access the required resources within your Microsoft 365 account, proper permissions must be configured. Refer to the [Requirements](../../getting-started/requirements.md#needed-permissions_2) section for details on setting up necessary privileges.
|