All Apps and Add-ons

Splunk add-on for Microsoft Cloud Services and O365

Path Finder

I am trying to on board data from Azure AD and O365 to Splunk cloud. I have both the Splunk add-on for Microsoft Cloud services and the Splunk add-on for Microsoft Office 365 installed on the IDM.

I am in the process of configuring the Azure portal but looking at the docs (O365 and MS cloud Services) both point to MS docs (MS O365 and MS cloud Services) and the process described over there is not exactly what is described on the Splunk Docs.

More specifically I am not sure if I need a "redirect URL" as stated in the MS docs and also I am not sure where to find that. It looks like it might be needed for O365 and there was a way to get it through the MS cloud Services add-on however this has since been updated and it's no longer there and O365 data should be forwarded from the O365 add-on which doesn't provide it either.

I managed to write down a few steps for both Azure and O365 configuration on the Azure portal but I am looking for some feedback on if I am understanding everything correctly and if this is al that is needed to be done.

Here are the steps:
alt text

0 Karma
Get Updates on the Splunk Community!

Streamline Data Ingestion With Deployment Server Essentials

REGISTER NOW!Every day the list of sources Admins are responsible for gets bigger and bigger, often making the ...

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

REGISTER NOW!Join us for a Tech Talk around our latest release of Splunk Enterprise Security 7.2! We’ll walk ...

Introduction to Splunk AI

WATCH NOWHow are you using AI in Splunk? Whether you see AI as a threat or opportunity, AI is here to stay. ...