All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Difference with Splunk Add-on for Microsoft Cloud Services

sylbaea
Communicator
‎06-12-2018 08:58 PM

Hello,

I just saw the release of Splunk Add-on for Microsoft Office 365. What is the difference with Splunk Add-on for Microsoft Cloud Services. I used to have this one in my environment and does not understand the purpose of the new one ?

Reply
1 Solution
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎06-13-2018 08:16 AM

In short, the Office 365 input in the Splunk Add-on for Microsoft Cloud Services has migrated to its own add-on (the Splunk Add-on for Microsoft Office 365):

  • The Splunk Add-on for Microsoft Cloud Services has an Office 365 Management Activity API input.
  • The Splunk Add-on for Microsoft Office 365 supersedes the MSCS O365 input. There are some improvements too. Check out the migration and new feature section in the docs -> http://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes#Migration
  • Both of the above add-ons focus on activity and operation.
  • The Microsoft Office 365 Reporting Add-on gathers email message trace data (sender, receiver, status, subject line, etc.) The add-on uses the MessageTrace report via the O365 reporting web service. There are multiple reports available via this web service (thus the generic name of the add-on) -> https://msdn.microsoft.com/en-us/library/office/jj984325.aspx#Anchor_4

View solution in original post

Reply
Solved! Jump to solution

dbaldwin_splunk
Splunk Employee
Splunk Employee
‎06-13-2018 08:21 AM

Splunk Add-on for Microsoft Office 365 replaces Office 365 modular input within Splunk Add-on for Microsoft Cloud Services. Customers who wish to pull Office 365 management activity events are recommended to disable Office 365 modular input within Splunk Add-on for Microsoft Cloud Services add-on and use Splunk Add-on for Microsoft Office 365 instead.

Note that source types have changed in Splunk Add-on for Microsoft Office 365 and any panels, dashboards, spl, etc will need to be adjusted.

Office 365 modular input is planned to be deprecated in a future release of Splunk Add-on for Microsoft Cloud Services add-on.

Reply
Solved! Jump to solution

sylbaea
Communicator
‎06-13-2018 07:30 PM

Thanks a lot for clarification

0 Karma
Reply
Solved! Jump to solution
Solution

jconger
Splunk Employee
Splunk Employee
‎06-13-2018 08:16 AM

In short, the Office 365 input in the Splunk Add-on for Microsoft Cloud Services has migrated to its own add-on (the Splunk Add-on for Microsoft Office 365):

  • The Splunk Add-on for Microsoft Cloud Services has an Office 365 Management Activity API input.
  • The Splunk Add-on for Microsoft Office 365 supersedes the MSCS O365 input. There are some improvements too. Check out the migration and new feature section in the docs -> http://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes#Migration
  • Both of the above add-ons focus on activity and operation.
  • The Microsoft Office 365 Reporting Add-on gathers email message trace data (sender, receiver, status, subject line, etc.) The add-on uses the MessageTrace report via the O365 reporting web service. There are multiple reports available via this web service (thus the generic name of the add-on) -> https://msdn.microsoft.com/en-us/library/office/jj984325.aspx#Anchor_4
Reply
Solved! Jump to solution

jaxjohnny2000
Builder
‎07-16-2020 07:43 AM

The Splunk Add-on for Microsoft Cloud Services documentation still shows the sourcetype ms:o365:management.  

https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Sourcetypes

0 Karma
Reply
Solved! Jump to solution

kevinmanson
Explorer
‎06-21-2018 07:24 AM

Jason,
Can you also expand on the this new app vs Microsoft Azure Active Directory Reporting Add-on for Splunk https://splunkbase.splunk.com/app/3757/

0 Karma
Reply
Solved! Jump to solution

sylbaea
Communicator
‎06-13-2018 07:30 PM

Thanks a lot for clarification and very detailed answer

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...