New features to highlight in this version

☁️ Microsoft 365 (M365) support in Prowler App

You can now onboard and assess Microsoft 365 environments, both in Prowler App and CLI.

This release includes 33 new checks for Teams, Defender, Purview and Exchange — helping security teams strengthen identity governance and reduce risk exposure across Microsoft 365.

Check the new M365 checks with prowler m365 --services teams defender purview exchange --list-checks

Thanks to the new UI team members @sumit-tft and @alejandrobailo for the effort put on this 🥇

📖 Compliance Exports

You can now download individual compliance frameworks directly from the Compliance page in the Prowler App, making it easier to share specific audit results with internal teams or external auditors.

In addition, the overall scan report now bundles all supported compliance frameworks, giving you a complete view of your organization's posture in a single export.

This feature is available starting with this release; previous scans will not include Compliance Frameworks.

🧩 Explore Prowler Hub – Your Source for Checks and Compliance Frameworks

We’ve launched Prowler Hub — Knowledge is p(r)ow(l)er.

Prowler Hub is our growing public library of versioned checks, cloud service artifacts, and compliance frameworks with its mappings. It’s searchable, explainable, and built to serve the community. It helps answer the question every engineer has asked at some point: What does this check actually do?

Prowler Hub also provides a fully documented public API that you can integrate into your internal tools, dashboards, or automation workflows.

📚 Explore the API docs at: https://hub.prowler.com/api/docs

Whether you’re customizing policies, managing compliance, or enhancing visibility, Prowler Hub is built to support your security operations.

Thanks to @miguelaeh and @cesararroba for their work to make this happen 👏

❗ Delta indicator for findings

We’ve introduced a delta dot (•) next to findings that are new or have changed since the previous scan. This makes it easier for security teams to focus on what’s new, track changes over time, and prioritize triage and remediation efforts more efficiently.

✅ Prowler ThreatScore Compliance Framework

The new Prowler ThreatScore compliance framework is now available for AWS, Azure, and GCP. Built on Prowler ThreatScore, it provides a unified way to assess cloud security posture across providers. ThreatScore evaluates your environment across four critical areas: Identity and Access Management, Attack Surface, Forensic Readiness, and Encryption — helping teams monitor, prioritize, and remediate risks more effectively in multi-cloud environments.

Try it out for your favourite provider with prowler <provider> --compliance prowler_threatscore_<provider>

📄 SOC2 for Azure

You can now assess your Azure environment against the SOC2 framework. This brings Azure in line with our existing SOC2 support for AWS and GCP, expanding your ability to meet compliance requirements across cloud platforms.

Try it out now with prowler azure --compliance soc2_azure

🛡️ New Google Cloud Platform check - Unused Service Accounts

A new check has been added to detect unused service accounts in Google Cloud Platform (GCP). This helps identify dormant identities that may pose a risk if left unmanaged, enabling security teams to reduce attack surface by pruning unnecessary access credentials.

Try it out now with prowler gcp --check iam_service_account_unused

Thanks to @bgdanix 🏅

🤖 Prowler Studio

Security isn’t one-size-fits-all, and neither are your risks. Prowler Studio lets your team define exactly what “secure” means in your environment. Write custom checks, build fixers, and map them to your compliance requirements—visually or through code.

We're excited to announce major updates to Prowler Studio, including a new package management system using uv and a modular structure with separated sub-packages:

• prowler-studio (includes Core + CLI by default)
• prowler-studio-core
• prowler-studio-cli
• prowler-studio-api
• prowler-studio-mcp-server

This release also introduces seamless integration with AI Code assists via MCP Server and comprehensive improved documentation for each component.

🎨 UI

🚀 Features

• Support for the M365 Cloud Provider. (#7590)
• Added option to customize the number of items displayed per table page. (#7634)
• Add delta attribute in findings detail view. (#7654)
• Add delta indicator in new findings table. (#7676)
• Add a button to download the CSV report in compliance card. (#7665)
• Show loading state while checking provider connection. (#7669)

🔄 Changed

• Finding URLs now include the ID, allowing them to be shared within the organization. (#7654)
• Show Add/Update credentials depending on whether a secret is already set or not. (#7669)

🐞 Fixes

• Set a default session duration when configuring an AWS Cloud Provider using a role. (#7639)
• Error about page number persistence when filters change. (#7655)

💻 API

🚀 Features

• Added M365 as a new provider (#7563).
• Added a compliance/ folder and ZIP‐export functionality for all compliance reports.(#7653).
• Added a new API endpoint to fetch and download any specific compliance file by name (#7653).

🔧 SDK

🚀 Features

• Add SOC2 compliance framework to Azure (#7489).
• Add check for unused Service Accounts in GCP (#7419).
• Add Powershell to Microsoft365 (#7331).
• Add service Defender to Microsoft365 with one check for Common Attachments filter enabled in Malware Policies (#7425).
• Add check for Outbound Antispam Policy well configured in service Defender for M365 (#7480).
• Add check for Antiphishing Policy well configured in service Defender in M365 (#7453).
• Add check for Notifications for Internal users enabled in Malware Policies from service Defender in M365 (#7435).
• Support CLOUDSDK_AUTH_ACCESS_TOKEN in GCP (#7495).
• Add service Exchange to Microsoft365 with one check for Organizations Mailbox Auditing enabled (#7408)
• Add check for Bypass Disable in every Mailbox for service Defender in M365 (#7418)
• Add new check teams_external_domains_restricted (#7557)
• Add new check teams_email_sending_to_channel_disabled (#7533)
• Add new check for External Mails Tagged for service Exchange in M365 (#7580)
• Add new check for WhiteList not used in Transport Rules for service Defender in M365 (#7569)
• Add check for Inbound Antispam Policy with no allowed domains from service Defender in M365 (#7500)
• Add new check teams_meeting_anonymous_user_join_disabled (#7565)
• Add new check teams_unmanaged_communication_disabled (#7561)
• Add new check teams_external_users_cannot_start_conversations (#7562)
• Add new check for AllowList not used in the Connection Filter Policy from service Defender in M365 (#7492)
• Add new check for SafeList not enabled in the Connection Filter Policy from service Defender in M365 (#7492)
• Add new check for DKIM enabled for service Defender in M365 (#7485)
• Add new check teams_meeting_anonymous_user_start_disabled (#7567)
• Add new check teams_meeting_external_lobby_bypass_disabled (#7568)
• Add new check teams_meeting_dial_in_lobby_bypass_disabled (#7571)
• Add new check teams_meeting_external_control_disabled (#7604)
• Add new check teams_meeting_external_chat_disabled (#7605)
• Add new check teams_meeting_recording_disabled (#7607)
• Add new check teams_meeting_presenters_restricted (#7613)
• Add new check teams_security_reporting_enabled (#7614)
• Add new check defender_chat_report_policy_configured (#7614)
• Add new check teams_meeting_chat_anonymous_users_disabled (#7579)
• Add Prowler Threat Score Compliance Framework (#7603)
• Add documentation for M365 provider (#7622)
• Add support for m365 provider in Prowler Dashboard (#7633)
• Add new check for Modern Authentication enabled for Exchange Online in M365 (#7636)
• Add new check sharepoint_onedrive_sync_restricted_unmanaged_devices (#7589)
• Add new check for Additional Storage restricted for Exchange in M365 (#7638)
• Add new check for Roles Assignment Policy with no AddIns for Exchange in M365 (#7644)
• Add new check for Auditing Mailbox on E3 users is enabled for Exchange in M365 (#7642)
• Add new check for SMTP Auth disabled for Exchange in M365 (#7640)
• Add new check for MailTips full enabled for Exchange in M365 (#7637)
• Add new check for Comprehensive Attachments Filter Applied for Defender in M365 (#7661)
• Modified check exchange_mailbox_properties_auditing_enabled to make it configurable (#7662)
• Add snapshots to m365 documentation (#7673)
• Add support for static credentials for sending findings to Amazon S3 and AWS Security Hub (#7322)

🐞 Fixes

• Fix package name location in pyproject.toml while replicating for prowler-cloud (#7531).
• Remove cache in PyPI release action (#7532).
• Add the correct values for logger.info inside iam service (#7526).
• Update S3 bucket naming validation to accept dots (#7545).
• Handle new FlowLog model properties in Azure (#7546).
• Improve compliance and dashboard (#7596)
• Remove invalid parameter create_file_descriptor (#7600)
• Remove first empty line in HTML output (#7606)
• Remove empty files in Prowler (#7627)
• Ensure that ContentType in upload_file matches the uploaded file’s format (#7635)
• Fix incorrect check inside 4.4.1 requirement for Azure CIS 2.0 (#7656).
• Remove muted findings on compliance page from Prowler Dashboard (#7683).
• Remove duplicated findings on compliance page from Prowler Dashboard (#7686).
• Fix incorrect values for Prowler Threatscore compliance LevelOfRisk inside requirements (#7667).

Full Changelog: 5.5.1...5.6.0