We operate a rather large M$ Tenant and I am running into issues with this add on not consuming all of our user objects with the AAD user input. It dies around 550,000 users; I am assuming due to the bearer token coming from the graph API timing out at the 1 hour mark; all of the ingestion appears to start and stop at the 1 hour mark.
Anyone have any ideas how to get around this? I really want to use splunk to version control and audit my user configurations offline and leverage this data for lookups coming from the azure related logs. I can't however unless I get all of the user objects.
Second, I would love to see group memberships supported in this add on!! This would be super helpful to target reports and audits against accounts.