Do we know if the Microsoft account you need to setup requires a full Enterprise E3 license or Enterprise mobility EMS or if there are any other licensing issues/concerns to be aware of when installing?
I have been trying to follow this blog which explains how to go through this process of setting up for audit logs:
https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
Step #13 states you need to setup an Azure subscription role. However, with my current Microsoft subscription level (Access to Azure Active Directory) does not provide an option to configure roles. When I try to put the Client ID, Secret, and Tenant ID I get an error message that says "REST ERROR[1021]: Fail to decrypt the encrypted credential information - Failed to get credentials".
Do I need to upgrade my account so I can setup the Azure subscription role? Or is there another way to work around this issue? I am hopeful since the previous answer suggested there are no license requirements.
There are no special license requirements to use the Splunk Add-on for Microsoft Cloud Services. You can even use the add-on with plain Pay-as-you-go subscriptions or free trial subscriptions.