Splunk® Supported Add-ons

Splunk Add-on for Microsoft Office 365

Hardware and software requirements for the Splunk Add-on for Microsoft Office 365

Splunk admin requirements

To install and configure the Splunk Add-on for Microsoft Office 365, you must be a member of the admin role.

Network configuration requirements

The Splunk Add-on for Microsoft Office 365 makes REST API calls via HTTPS on port 443.

Secure socket layer (SSL) certification configuration requirements

By default, SSL verification is enabled. To configure secure socket layer (SSL) certifications according to the needs of your deployment, perform the following steps:

  1. Add SSL certificates to the file cacert.pem to the following paths:
    • $SPLUNK_HOME/etc/apps/splunk_ta_o365/lib/certifi/cacert.pem, or $SPLUNK_HOME/etc/apps/splunk_ta_o365/bin/3rdparty/certify/.
    • $SPLUNK_HOME/lib/python3.7/site-packages/certifi/cacert.pem
  2. Open the cacert.pem file with a text editor.
  3. Add the SSL certificates for your deployment.

  4. Use the internal certificate for your client machine. If you use a proxy connection, use the same internal certificate as the one on your client machine. The connection will be inspected by your proxy, and the certificate must match your root certificate when making the connection to your server.
  5. Save your changes.

Microsoft Office 365 requirements

You must have administrator access to the Office 365 Admin Console to configure an application in Azure Active Directory and grant the necessary permissions to send data to the Splunk platform using the Office 365 Management Activity API and Office 365 Service Communication API.

Accessing the optional DLP policy events requires an additional Microsoft Azure Active Directory subscription. Refer to the Microsoft Azure Active Directory documentation for more information.

Azure Government Cloud limitations

The Splunk Add-on for Office 365 has not been tested with Azure Government Cloud. The functionality of the Splunk Add-on for Office 365 responsible for Azure Government Cloud data is not supported and is provided "as is", and should be used at your own risk.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
  • If you plan to run this add-on entirely in Splunk Cloud, there are no additional Splunk platform requirements.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.
Last modified on 09 April, 2024
Release history for the Splunk Add-on for Microsoft Office 365   Installation and configuration overview for the Splunk Add-on for Microsoft Office 365

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this topic useful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters