Splunk® Supported Add-ons

Splunk Add-on for Microsoft Office 365

Download manual as PDF

Download topic as PDF

Configure an integration application in Azure AD for the Splunk Add-on for Microsoft Office 365

In order to gather data from the Office 365 Management Activity API and the Office 365 Service Communication API using this add-on, you must first create an integration application in Azure AD. This application securely authenticates the Splunk Add-on for Microsoft Office via the OAuth2 protocol, so that it can access and gather the data according to the services and permission levels that you specify.

Prerequisite: In order to create an integration application, you need a Microsoft Azure account with administrator permissions to delegate roles to the application user. Your Microsoft Azure subscription must be associated with your Office 365 subscription.

Create an application in Microsoft Azure AD

  1. Follow the instructions in Get started with Office 365 Management APIs in the Microsoft documentation to create an integration application.
  2. When creating your application, make a note of the following parameters. They will be needed to Configure a Tenant in the Splunk Add-on for Microsoft Office 365.
    • Directory ID (Tenant ID)
    • Application ID (Client ID)
  3. Set the following Application permissions and Delegated permissions in the Enable Access pane of the Azure Active Directory Office 365 Management API configuration. These permissions are required for the Splunk Add-on for Microsoft Office 365.
    • Read service health information for your organization
    • Read activity data for your organization
    • (Optional) Read DLP policy events including detected sensitive data

      Accessing DLP policy events requires an additional Microsoft Azure Active Directory subscription. Refer to the Microsoft Azure Active Directory documentation for more information.

  4. Click Save after you change permissions.
  5. Click Grant permissions.
  6. Generate a password and make a note of the generated key (Client Secret).

    When you exit the password pane the password is permanently hidden. If you have not made a note of the password, you will have to generate a new password for your application.

PREVIOUS
Install the Splunk Add-on for Microsoft Office 365
  NEXT
Configure a Tenant in the Splunk Add-on for Microsoft Office 365

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters