TL;DR = the last three parameters (Cloud App Security Token, Tenant Subdomain, and Tenant Data Center) are only used by the Cloud Application Security Input. If you do not plan on using that input in the add-on, you can leave those fields blank. If you do plan on using that input, here is a quick how-to about getting the needed values: Log on to the Cloud App Security portal https://portal.cloudappsecurity.com/ Once logged in, go to Settings > Security extensions Click the Add token button Give the token a name and click Generate The token will be displayed. This is the only time the token will be displayed by the way. Copy the token, tenant subdomain (splunkpartner in my case), and data center (us3 in my case). The first three parameters (Tenant ID, Client ID, and Client Secret) are used by the following inputs: Management Activity Service Status Service Message Graph API The Microsoft 365 App has a good walkthrough about creating the Azure AD application registration and assigning the necessary permissions (it is in the Help > Setup Guide menu in the app). If you are configuring additional Microsoft Cloud add-ons, here is a good reference for the necessary permissions needed along with sourcetypes and APIs used => http://bit.ly/Splunk_Azure_Permissions
... View more