I have managed to resolve this on my OAUTH setup. Error 401 is permissions error, this is from the official add on trouble shooting: The Splunk Add-on for Microsoft Office 365 requires ReportingWebService.Read.All. Verify this permission is selected, saved, and then granted within the Office 365 Management Activity API configuration on Azure Active Directory. So in order to fix: In the Azure Portal, go to App registrations > All applications Select your application Select API Permissions Click Add a permission to display the Request API permission flyout page On the APIs my organization uses tab, select Office 365 Exchange Online On the flyout page, select Application permissions, and then click Add permissions The Reporting Web Service should now appear in the list of applications that your app requires permissions for Select Grant admin consent for "YourTenant" to consent to the permissions given to your app
... View more