Solved: Client Error: Unauthorized for url

jaxjohnny2000 · ‎03-04-2019

Below is the log messages once in enable the inputs for TA-MS-AAD -

Microsoft Azure Active Directory Reporting Add-on for Splunk. The application id has the permissions
o Windows Azure Active Directory - Read directory data
o Microsoft Graph - Read all audit log data

03-04-2019 20:55:08.538 +0000 ERROR ExecProcessor - message from "python /opt/splunk/etc/apps/TA-MS-AAD/bin/MS_AAD_signins.py" ERROR401 Client Error: Unauthorized for url: https://graph.windows.net/mycompany.onmicrosoft.com/activities/signinEvents?api-version=beta&$filter...

jconger · ‎04-01-2019

Your Azure AD application registration will need the following API permissions:

Windows Azure Service Management API
- (Delegated) Access Azure Service Management as organization users
Windows Azure Active Directory
- (Application) Read directory data
- (Delegated) Read directory data
- (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

View solution in original post

jconger · ‎04-01-2019

Your Azure AD application registration will need the following API permissions:

Windows Azure Service Management API
- (Delegated) Access Azure Service Management as organization users
Windows Azure Active Directory
- (Application) Read directory data
- (Delegated) Read directory data
- (Delegated) Sign in and read user profile

The application will also need Reader access to your subscription(s).

Client Error: Unauthorized for url

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation