All Apps and Add-ons

Microsoft Office 365 Reporting Add-on for Splunk is affected by stop supporting and retire Basic Authentication for Exchange Online ?

lac_kango
Engager

Hello,

I found a blog about microsoft retiring basic authentication for Exchange Online on October 13, 2020.

https://developer.microsoft.com/en-us/office/blogs/end-of-support-for-basic-authentication-access-to...

If this app uses basic authentication, the request will fail after October 13, 2020.

I think this app uses basic authentication. Is there any way this app can use other authentication methods than basic authentication?


splunk version : 7.3.1
app version : 1.1.0

Thanks!

Raphy
Explorer

I relaunch this really important discussion about Microsoft Office 365 Reporting Add-on for Splunk  that must upgrade to Modern Authentication, as Microsoft company has announced that Basic Authentication will be deprecated.
Indeed in the last post of Microsoft on that topic Published on Feb 04 2021  :

https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-s...

They announced :

"Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth."

So, within few months this Add-On will be out of service because It only uses Basic Authentication to connect and to retrieve Message Trace logs from MS Exchange Online.

I agree we have the Splunk Add-on for Microsoft Office 365 that retrieve some useful audit data, but unfortunately It cannot collect Message Trace data as the Microsoft Office 365 Reporting Add-on does.

We already have 2 Splunk Ideas on that subjet :

https://ideas.splunk.com/ideas/APPSID-I-70
https://ideas.splunk.com/ideas/APPSID-I-27

Those evolution are planned, but they should be on going because the evolution to Modern Authentication is today necessary.

I am asking to Splunk corporation and to the developers of these Add-Ons, what is the situation on that subject ? Do you have a solution to provide to Splunk customers that would like to continue to get Mesage Trace logs for security monitoring ?

@abalogh_splunk 

@jconger 

@lukenetto 

 

 

 

 

 

 

0 Karma

jconger
Splunk Employee
Splunk Employee

TL;DR = we are waiting on an updated API from Microsoft.

Background:

The O365 reporting add-on utilizes a Microsoft API called the Office 365 Reporting web service.  This API only supports basic authentication, so we're stuck with that for the time being.  There currently is no other Microsoft API for O365 message trace data.  That being said, we have worked with Microsoft on some of their preview code that will support modern authentication.  As soon as Microsoft's code becomes publically available, the O365 reporting add-on will be updated on Splunkbase.  Also, there are plans to get this functionality moved over to the Splunk-supported O365 add-on.

mik3y
Explorer

@jconger Hi , are there any further updates on this?

Thanks

North2AK
Engager

Any updates on this?

0 Karma

ozrict
New Member

Any update to this as we are looking to set up this App but as its set to retire im stuggling to gain approval due to uncertainty

0 Karma

pietertruter1
Observer

Any update on getting this fixed?  

0 Karma

adalbor
Builder

Just an FYI all, there are two ideas supporting this requested change.

https://ideas.splunk.com/ideas/APPSID-I-27

https://ideas.splunk.com/ideas/APPSID-I-70

I would recommend voting for at least the first (it has the most hits).

It is also showing in the Planned stage.

gavstead
Observer

Is there an update on this please? Basic Auth is disabled in our company as it is insecure so we cannot use message tracing. 

Please can this be fixed ASAP?

0 Karma

Azeemering
Builder

Any update on this? The end of 2020 is getting nearer and would like to know if Splunk is working on an update? 

0 Karma

scoxspau
Engager

Note that the October 13 2020 deadline has been pushed back by Microsoft due to the COVID-19 situation:

"In response to the unprecedented situation we are in and knowing that priorities have changed for many of our customers we have decided to postpone retiring Basic Authentication in Exchange Online (MC204828) for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.
We will continue to disable Basic Authentication for newly created tenants by default and begin to disable Basic Authentication in tenants that have no recorded usage starting October 2020. And of course you can start blocking legacy authentication today, you don’t need us to do anything if you want to get started (and you should).
We will also continue to complete the roll-out of OAuth support for POP, IMAP, SMTP AUTH and Remote PowerShell and continue to improve our reporting capabilities. We will publish more details on these as we make progress."

0 Karma

hansuleberg
Path Finder

Hi. It indeed use HTTPBasicAuth. Will this app be updated in time?

[root@awpspkhf23h63 TA-MS_O365_Reporting]# vi bin/input_module_ms_o365_message_trace.py

r = requests.get(
    microsoft_trace_url,
    proxies = proxies,
    auth=requests.auth.HTTPBasicAuth(microsoft_office_365_username, microsoft_office_365_password),
    headers={'Accept':'application/json'})
0 Karma

ChrisBell04
Communicator

The underlying problem is the Microsoft API this addon uses, only currently supports basic auth.

Either that API needs to get modern auth or another API utilized to pull down this type of data.

adalbor
Builder

We actually disabled Basic Auth in our org due to the security implications have been waiting for months for this app to be fixed. We have essentially lost Exchange message tracking logs because of this basic auth issue.

0 Karma

lac_kango
Engager

Thank you for your comment.
I don't even know about the update plan.
I hope it will be updated within the deadline.

0 Karma

martinnepolean
Explorer

Any update on this?

0 Karma

siemple99
Observer

All, the new date from Microsoft is Oct 2022.   Any update on the transition or support for Modern authentication?  

Tags (1)
0 Karma

jconger
Splunk Employee
Splunk Employee

We have been in contact with Microsoft about this.  There are near-term and long-term solutions coming.  Neither solution is publicly available as of the date of this writing, but we will update the add-on accordingly when a release does happen.

0 Karma

dschroeter
Explorer

Hi,

do you have any updates on this. The 1st of october is coming and we have the issue for several environments.

The new authentication feature needs to be implemented.

 

Thanks

0 Karma

jconger
Splunk Employee
Splunk Employee


We are in touch with Microsoft, and we are waiting on an updated API.  According to this document, the Reporting Web Services (the service this add-on uses) will have OAuth support by the end of May 2022.  We will update the add-on to work with Modern authentication when it is implemented in the API.

Raphy
Explorer

Have you received feedbacks from Microsoft on OAuth support
Thank you.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...