Getting Data In

404 Client Error with Microsoft Office 365 Reporting Add-On for Splunk

becksyboy
Communicator

Hi,

we have a the Microsoft Office 365 Reporting Add-On for Splunk configured with an account which is a member of the Service Administrators group. From the logs we are seeing the following error. Is this due to insufficient permissions?

Also when i log in as that account I do not see the ability to run any trace reports from the Admin console under Security & compliance; so that could also be an indicator of the issue? Is there an additional permission that needs to be set?

ERROR pid=15855 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 404 Client Error: Not Found for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'

thanks

0 Karma
1 Solution

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

View solution in original post

pauline5
New Member

The following forum resolved my issue. I have another query. I am getting an issue that whenever I am trying to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune, I am receiving the following error message from ADFS that "There was a problem accessing the site. Try to browse to the site again.".I have contacted the helpdesk support and followed accordingly https://supportprop58.com/office-setup/how-to-login-microsoft-office/.Guide us if anything I have missed out.

,

0 Karma

becksyboy
Communicator

This was resolved by creating a role group for the account and applying these permissions:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

I believe "MessageTracking" is optional.

dkeck
Influencer
0 Karma

becksyboy
Communicator

Saw this, but no the credentials are correct and i can login with the same ones into the Admin console. I've asked the Tenant admin to re-check the account permissions.

0 Karma

kconway35
New Member

Is the role group creation for the group mentioned on the Splunk side or the Azure Application Side? I only support the Azure Application Side. I don't have insight on how the Splunk Side was configured. Are the Role Groups mentioned:

"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"

Set up in the the Azure Tenant Somewhere?

Thanks,

Kevin C.

0 Karma

becksyboy
Communicator

Hi Kevin,

our Tenant Administrator set this up on the Azure side for us. These are management role types.

thanks.

0 Karma
Get Updates on the Splunk Community!

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...