prowler-m365

Run Prowler with combined service principal and user credentials

$ prowler m365 --env-auth

$ prowler m365 --sp-env-auth

$ prowler m365 --az-cli-auth

$ prowler m365 --browser-auth --tenant-id "[XXXXXXXX]"

$ prowler m365 [[-c|--checks]] [etcd_enm365_onedrive_sharing_enabledcryption]

$ prowler m365 [[-e|--excluded-checks]] [m365_onedrive_sharing_enabled]

prowler-m365 [--tenant-id <ID>] [--profile <NAME>] [--checks <CATEGORY|ID>] [--output-format <FORMAT>] [--list-checks] [--help]

--tenant-id <ID>
    Specifies the Microsoft 365 tenant ID to be audited. This is typically a GUID identifying your M365 organization.

--profile <NAME>
    Uses a predefined credential profile for authentication. Useful for managing access to multiple M365 tenants or accounts.

--checks <CATEGORY|ID>
    Runs specific security checks or a category of checks. For example, --checks MFA for Multi-Factor Authentication related checks, or --checks EXO-001 for a specific Exchange Online check.

--output-format <FORMAT>
    Defines the format of the output report. Common formats might include json, csv, html, or text.

--report-name <NAME>
    Provides a custom name for the generated security report file.

--list-checks
    Displays a comprehensive list of all available security checks, often categorized by M365 service or security area.

--exclude-checks <CATEGORY|ID>
    Excludes specific checks or categories of checks from the audit run, useful for focusing on particular areas or skipping irrelevant checks.

--config-file <PATH>
    Specifies a path to a configuration file containing settings, credentials, or check exclusions.

--help
    Displays a help message detailing command usage and available options.

The command prowler-m365 refers to a conceptual or specialized tool designed to perform security assessments and best practices checks within Microsoft 365 environments.

While the core Prowler tool (prowler-cloud/prowler) primarily focuses on cloud providers like AWS, Azure (IaaS/PaaS), and GCP, prowler-m365 extends this audit philosophy to the SaaS offerings of Microsoft 365.

Its purpose is to identify misconfigurations, weak security settings, and deviations from recommended best practices across various M365 services such as Entra ID (formerly Azure AD), Exchange Online, SharePoint Online, and Microsoft Teams. It would typically leverage Microsoft Graph API or PowerShell cmdlets to gather configuration data and compare it against a set of predefined security controls, often aligned with industry standards like CIS Benchmarks or NIST guidelines.

Note: This command is not part of the official Prowler Cloud Security tool's distribution and is not a standard, universally available Linux command. It represents a hypothetical or community-driven extension for M365-specific auditing.

The command prowler-m365 is not a standard command distributed with the official Prowler Cloud Security tool. It represents a conceptual or specialized community-driven tool designed to bring Prowler-like security auditing capabilities to Microsoft 365 environments. Its actual existence, features, and usage depend entirely on specific custom implementations or third-party projects. Users should verify the source and security of any such tool before deployment. It would typically require appropriate administrative permissions (e.g., Global Reader, Security Reader, or specific API permissions via an Azure AD app registration) to access M365 configuration data.

For prowler-m365 to function, it would require proper authentication to the Microsoft 365 tenant. This typically involves registering an application in Azure AD (Entra ID) and granting it the necessary API permissions (e.g., Microsoft Graph API permissions like Directory.Read.All, User.Read.All, Exchange.Read.All). Authentication methods could include client credentials (client ID and secret/certificate) or device code flow for interactive logins.

A comprehensive prowler-m365 tool would likely perform checks across various M365 services, including:
Entra ID (Azure AD): User/group configurations, MFA status, external collaboration settings, conditional access policies, privileged roles.
Exchange Online: Mail flow rules, anti-malware/anti-spam policies, mailbox audit logging, public folder settings.
SharePoint Online: External sharing policies, site permissions, anonymous access settings.
Microsoft Teams: Guest access controls, messaging policies, sensitive information protection.
General M365 Tenant Settings: Audit log retention, service health, security defaults, compliance policies.

The concept of auditing cloud environments for security misconfigurations gained significant traction with the rise of cloud adoption. Prowler, initially designed for AWS, emerged as a prominent open-source tool for this purpose. As organizations increasingly adopted Microsoft 365 for productivity and collaboration, the need for similar security auditing capabilities for SaaS environments became apparent.

While the official Prowler tool extends to Azure (PaaS/IaaS), a direct, comprehensive module for Microsoft 365 (SaaS) is not part of its core distribution. This led to the conceptualization or development of tools like prowler-m365 by the community or individual organizations, aiming to bridge this gap by applying Prowler's audit philosophy to the unique aspects of M365 configuration and compliance, driven by demands for stricter governance and security posture management.

prowler(1), az(1), pwsh(1), m365(1)