All Apps and Add-ons

Microsoft Azure Add-on: issues with not consuming all of our user objects with the AAD user input

tobiasboone1
Explorer

We operate a rather large M$ Tenant and I am running into issues with this add on not consuming all of our user objects with the AAD user input.  It dies around 550,000 users; I am assuming due to the bearer token coming from the graph API timing out at the 1 hour mark; all of the ingestion appears to start and stop at the 1 hour mark.

Anyone have any ideas how to get around this?  I really want to use splunk to version control and audit my user configurations offline and leverage this data for lookups coming from the azure related logs.  I can't however unless I get all of the user objects.

Second, I would love to see group memberships supported in this add on!!  This would be super helpful to target reports and audits against accounts.


Labels (2)
Tags (3)
0 Karma
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...