All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Microsoft Azure Add on for Splunk 3.1.1 - authentication_method

simonsigre
Path Finder
‎06-28-2021 03:57 PM

It looks to be that in version 3.1.1 the defaults for AAD Sign Ins swaps away from BETA --> 1.0 which looks to not be providing authentication_method (MFA/2FA) information.

This default change in behaviour can be seen in this file 'input_module_MS_AAD_signins.py'

BEFORE: 
url = graph_base_url + "/beta/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+%s+and+createdDateTime+le+%s" % (query_date, end_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))

AFTER:
url = graph_base_url + "/%s/auditLogs/signIns?$orderby=createdDateTime&$filter=createdDateTime+ge+%s+and+createdDateTime+le+%s" % (endpoint, query_date, end_date.strftime('%Y-%m-%dT%H:%M:%S.%fZ'))

For anyone who really needs/wants authentication_method information I strongly encourage you to back to your INPUTS and change the dropdown back to BETA.

These seem to have been dropped by MS in v1 . unless BETA is ahead .. in which case they will be and all that is required is to change the INPUT

Screenshot from 2021-06-29 08-53-49.png





Labels (1)
Labels
Tags (3)
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...