I have been trying to follow this blog which explains how to go through this process of setting up for audit logs:
https://www.splunk.com/blog/2017/07/27/splunking-microsoft-cloud-data-part-1.html
Step #13 states you need to setup an Azure subscription role. However, with my current Microsoft subscription level (Access to Azure Active Directory) does not provide an option to configure roles. When I try to put the Client ID, Secret, and Tenant ID I get an error message that says "REST ERROR[1021]: Fail to decrypt the encrypted credential information - Failed to get credentials".
Do I need to upgrade my account so I can setup the Azure subscription role? Or is there another way to work around this issue? I am hopeful since the previous answer suggested there are no license requirements.
... View more