All Apps and Add-ons

Client Error: Unauthorized for url

jaxjohnny2000
Builder

Below is the log messages once in enable the inputs for TA-MS-AAD -

Microsoft Azure Active Directory Reporting Add-on for Splunk. The application id has the permissions
o Windows Azure Active Directory - Read directory data
o Microsoft Graph - Read all audit log data

03-04-2019 20:55:08.538 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-MS-AAD/bin/MS_AAD_signins.py" ERROR401 Client Error: Unauthorized for url: https://graph.windows.net/mycompany.onmicrosoft.com/activities/signinEvents?api-version=beta&$filter...

0 Karma
1 Solution

jconger
Splunk Employee
Splunk Employee

Your Azure AD application registration will need the following API permissions:

  • Windows Azure Service Management API

    • (Delegated) Access Azure Service Management as organization users
  • Windows Azure Active Directory

    • (Application) Read directory data
    • (Delegated) Read directory data
    • (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

View solution in original post

jconger
Splunk Employee
Splunk Employee

Your Azure AD application registration will need the following API permissions:

  • Windows Azure Service Management API

    • (Delegated) Access Azure Service Management as organization users
  • Windows Azure Active Directory

    • (Application) Read directory data
    • (Delegated) Read directory data
    • (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

View solution in original post