I received the following error while following the blog post by Ryan Lait, on the step #13. When attempting to click the Add button to assign a role to the Splunk application, this error is shown:
"The resource does not support assignments of users or groups to Azure roles."
As per Microsoft docs on Azure AD RBAC (https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-create-custom-role...), the person creating a new RBAC role must be an “Owner” of the subscription. In other words, anyone whose account was itself provisioned through Office 365 by way of its integration with Azure Active Directory (on-prem AD/LDAP service), cannot by definition create or manage the RBAC feature.
Thanks for the details! I'll update the blog post with this info.