All Apps and Add-ons
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Add-on for MS office 365: Reporting Web Service 2.0.0-403 Client Error, is Exchange Administrator mandatory?

rayar
Contributor
‎08-11-2022 03:11 AM

I have installed the Splunk Add-on for Microsoft Office 365 Reporting Web Service 2.0.0 

I m getting 

requests.exceptions.HTTPError: 403 Client Error: for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...

we are using  Modern Authentication (OAuth)

 

as per the doc we have  Office 365 Exchange Online ->ReportingWebService.Read.All

 

is Exchange Administrator mandatory  ? 

 

Labels (1)
Labels
0 Karma
Reply

mmccul
SplunkTrust
SplunkTrust
‎08-12-2022 10:05 AM

Working with the Exchange administrator, it isn't clear even with the documentation how to assign the Exchange Admin role for Oauth since there isn't a clear username to assign that role.  Any one figure this one out?

 

0 Karma
Reply

mmccul
SplunkTrust
SplunkTrust
‎08-12-2022 10:32 AM

The above referenced procedure was accurate to add Exchange Online.  Note, by default, it queries one week back and only grabs one hour at a time every query interval, meaning it takes a while to catch up to current mail messages.

0 Karma
Reply

pkiselevs
Explorer
‎08-12-2022 07:18 AM

Go to AZDS "roles and administrator"
Find Exchange administrator
enter full name of your app registration example: Splunk_siem
add to role.
This fix error 403, but i did not get any mail log through this method. There is message no mail log returned

Reply

pkiselevs
Explorer
‎08-30-2022 07:42 AM

after adding also Global reader as mention @diogofgm and complete reinstall of addon, logs started to flow. Lets see how stable will be input

0 Karma
Reply

diogofgm
SplunkTrust
SplunkTrust
‎08-11-2022 03:48 AM

Yes. If you look into the app details in splunkbase when using OAuth you need either Global Admin (Not recommended) or Exchange Admin roles assigned.

Here is a list of requirements for all azure and O365 splunk add-ons:

https://docs.google.com/spreadsheets/d/1YJAqNmcXZU-7O9CxVKupOkR6q2S8TXriMeLAUMYmMs4/edit#gid=0

------------
Hope I was able to help you. If so, some karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...

AppDynamics is now part of Splunk Ideas

Hello Splunkers, We have exciting news for you! AppDynamics has been added to the Splunk Ideas Portal. Which ...

Advanced Splunk Data Management Strategies

Join us on Wednesday, May 14, 2025, at 11 AM PDT / 2 PM EDT for an exclusive Tech Talk that delves into ...
Top