I relaunch this really important discussion about Microsoft Office 365 Reporting Add-on for Splunk that must upgrade to Modern Authentication, as Microsoft company has announced that Basic Authentication will be deprecated. Indeed in the last post of Microsoft on that topic Published on Feb 04 2021 : https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-september-2021-update/ba-p/2772210 They announced : "Today, we are announcing that, effective October 1, 2022, we will begin to permanently disable Basic Auth in all tenants, regardless of usage, with the exception of SMTP Auth." So, within few months this Add-On will be out of service because It only uses Basic Authentication to connect and to retrieve Message Trace logs from MS Exchange Online. I agree we have the Splunk Add-on for Microsoft Office 365 that retrieve some useful audit data, but unfortunately It cannot collect Message Trace data as the Microsoft Office 365 Reporting Add-on does. We already have 2 Splunk Ideas on that subjet : https://ideas.splunk.com/ideas/APPSID-I-70 https://ideas.splunk.com/ideas/APPSID-I-27 Those evolution are planned, but they should be on going because the evolution to Modern Authentication is today necessary. I am asking to Splunk corporation and to the developers of these Add-Ons, what is the situation on that subject ? Do you have a solution to provide to Splunk customers that would like to continue to get Mesage Trace logs for security monitoring ? @abalogh_splunk @jconger @lukenetto
... View more
