We installed the Splunk Add-on for Microsoft Cloud Services and connected it with our Office 365 instance. We are successfully getting logs but our certificate status is is still "Auto-generated but not yet verified".
Per the instructions in the documentation troubleshooting section we have rinsed and repeated 3 times, and finally just decided we would wait to see if the process took some time. It has now been 24 hours and our certificate is not verified.
Does anyone know exactly how the certificate process works, including but not necessarily limited to protocol and direction? The documentation leaves something to be desired with regards to firewall exceptions.
What version of Splunk are you using? If you haven't done so already try updating to 6.4 as this process seems to work more smoothly in the latest version. You may initially see a message in the troubleshooting dashboard that the certificate is invalid, but restarting Splunk should take care of that.