- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- 404 Client Error with Microsoft Office 365 Reporti...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
we have a the Microsoft Office 365 Reporting Add-On for Splunk configured with an account which is a member of the Service Administrators group. From the logs we are seeing the following error. Is this due to insufficient permissions?
Also when i log in as that account I do not see the ability to run any trace reports from the Admin console under Security & compliance; so that could also be an indicator of the issue? Is there an additional permission that needs to be set?
ERROR pid=15855 tid=MainThread file=base_modinput.py:log_error:307 | HTTP Request error: 404 Client Error: Not Found for url: https://reports.office365.com/ecp/reportingwebservice/reporting.svc/MessageTrace?$filter=StartDate%2...'
thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was resolved by creating a role group for the account and applying these permissions:
"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"
I believe "MessageTracking" is optional.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The following forum resolved my issue. I have another query. I am getting an issue that whenever I am trying to sign in to a Microsoft cloud service such as Office 365, Microsoft Azure, or Microsoft Intune, I am receiving the following error message from ADFS that "There was a problem accessing the site. Try to browse to the site again.".I have contacted the helpdesk support and followed accordingly https://supportprop58.com/office-setup/how-to-login-microsoft-office/.Guide us if anything I have missed out.
,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This was resolved by creating a role group for the account and applying these permissions:
"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"
I believe "MessageTracking" is optional.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
same error here, might be the solution?
https://answers.splunk.com/answers/658765/whats-causing-the-error-in-microsoft-office-365-re.html
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Saw this, but no the credentials are correct and i can login with the same ones into the Admin console. I've asked the Tenant admin to re-check the account permissions.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is the role group creation for the group mentioned on the Splunk side or the Azure Application Side? I only support the Azure Application Side. I don't have insight on how the Splunk Side was configured. Are the Role Groups mentioned:
"ViewOnlyAuditLogs"
"ViewOnlyConfiguration"
"ViewOnlyRecipients"
Set up in the the Azure Tenant Somewhere?
Thanks,
Kevin C.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Kevin,
our Tenant Administrator set this up on the Azure side for us. These are management role types.
thanks.
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
.conf24 | Personalize your .conf experience with Learning Paths!
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
