Solved: Client Error: Unauthorized for url

jaxjohnny2000 · ‎03-04-2019

Below is the log messages once in enable the inputs for TA-MS-AAD -

Microsoft Azure Active Directory Reporting Add-on for Splunk. The application id has the permissions
o Windows Azure Active Directory - Read directory data
o Microsoft Graph - Read all audit log data

03-04-2019 20:55:08.538 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-MS-AAD/bin/MS_AAD_signins.py" ERROR401 Client Error: Unauthorized for url: https://graph.windows.net/mycompany.onmicrosoft.com/activities/signinEvents?api-version=beta&$filter...

jconger · ‎04-01-2019

Your Azure AD application registration will need the following API permissions:

Windows Azure Service Management API
- (Delegated) Access Azure Service Management as organization users
Windows Azure Active Directory
- (Application) Read directory data
- (Delegated) Read directory data
- (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

View solution in original post

jconger · ‎04-01-2019

Your Azure AD application registration will need the following API permissions:

Windows Azure Service Management API
- (Delegated) Access Azure Service Management as organization users
Windows Azure Active Directory
- (Application) Read directory data
- (Delegated) Read directory data
- (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

Client Error: Unauthorized for url

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

Client Error: Unauthorized for url

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers