All Apps and Add-ons

Office 365 Reporting Mail Add-on Permissions

cswansonvt
New Member

I am attempting to configure the TA-MS_O365_Reporting app but can't seem to get the permissions correct. I've configured a user account in Azure AD called "splunk" and from the Exchange Admin console assigned it to a custom role with the four required permissions:

  • Message Tracking
  • View-Only Audit Logs
  • View-Only Configuration
  • View-Only Recipients

But when I enable the input and then check Splunk's internal logs I see the following error:

401 Client Error: Unauthorized for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...

Is there something I am missing with regards to setting up the permissions?

Thank you.

Labels (1)
Tags (2)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...