All Apps and Add-ons
Highlighted

Difference with Splunk Add-on for Microsoft Cloud Services

Communicator

Hello,

I just saw the release of Splunk Add-on for Microsoft Office 365. What is the difference with Splunk Add-on for Microsoft Cloud Services. I used to have this one in my environment and does not understand the purpose of the new one ?

Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Splunk Employee
Splunk Employee

In short, the Office 365 input in the Splunk Add-on for Microsoft Cloud Services has migrated to its own add-on (the Splunk Add-on for Microsoft Office 365):

  • The Splunk Add-on for Microsoft Cloud Services has an Office 365 Management Activity API input.
  • The Splunk Add-on for Microsoft Office 365 supersedes the MSCS O365 input. There are some improvements too. Check out the migration and new feature section in the docs -> http://docs.splunk.com/Documentation/AddOns/released/MSO365/Releasenotes#Migration
  • Both of the above add-ons focus on activity and operation.
  • The Microsoft Office 365 Reporting Add-on gathers email message trace data (sender, receiver, status, subject line, etc.) The add-on uses the MessageTrace report via the O365 reporting web service. There are multiple reports available via this web service (thus the generic name of the add-on) -> https://msdn.microsoft.com/en-us/library/office/jj984325.aspx#Anchor_4

View solution in original post

Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Communicator

Thanks a lot for clarification and very detailed answer

0 Karma
Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Explorer

Jason,
Can you also expand on the this new app vs Microsoft Azure Active Directory Reporting Add-on for Splunk https://splunkbase.splunk.com/app/3757/

0 Karma
Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Contributor

The Splunk Add-on for Microsoft Cloud Services documentation still shows the sourcetype ms:o365:management.  

https://docs.splunk.com/Documentation/AddOns/released/MSCloudServices/Sourcetypes

0 Karma
Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Splunk Employee
Splunk Employee

Splunk Add-on for Microsoft Office 365 replaces Office 365 modular input within Splunk Add-on for Microsoft Cloud Services. Customers who wish to pull Office 365 management activity events are recommended to disable Office 365 modular input within Splunk Add-on for Microsoft Cloud Services add-on and use Splunk Add-on for Microsoft Office 365 instead.

Note that source types have changed in Splunk Add-on for Microsoft Office 365 and any panels, dashboards, spl, etc will need to be adjusted.

Office 365 modular input is planned to be deprecated in a future release of Splunk Add-on for Microsoft Cloud Services add-on.

Highlighted

Re: Difference with Splunk Add-on for Microsoft Cloud Services

Communicator

Thanks a lot for clarification

0 Karma