Re: Microsoft Teams Add-On Internal Certs

jscraig2006 · ‎03-29-2021

Greetings Community,

Does anyone know if internal certs are ok to use for the Microsoft Team add-on Web-hook and Subscription? We have a public accessible IP NATing to our HF for port 4444.

Thanks in advance

~John

@jconger

jconger · ‎03-29-2021

The webhook URL for the subscription input must use a certificate signed by a public CA. A lot of customers use the address of a load balancer or reverse proxy for the webhook URL. Then, network rules are set up to forward that traffic to one or more Splunk Heavy Forwarders running the Teams webhook input. Internal certificates can be used for this part if desired. On a purely technical level, you do not have to use a certificate from the load balancer to the HF.

Example traffic flow:

MSFT == HTTPS ==> Webhook URL (load balancer) == (HTTP|HTTPS) ==> HF running a Teams webhook input

jscraig2006 · ‎04-29-2021

@jconger We have our public cert from Entrust. Where do these reside? Our set up for this is public_host_name and IP ==> Firewall Port Forwarding (Public IP to HF) ===> HF with Teams.

Thanks

jscraig2006 · ‎03-30-2021

Thanks Jason, So if we get a public cert and create a DNS record added to our external DNS servers for that public IP and assign the public cert to the Splunk HF, would that work?

Microsoft Teams Add-On Internal Certs

configuration

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!