Click Save after you change permissions.Refer to the Microsoft Azure Active Directory documentation for more information. If you are unable to ingest DLP policy events, make sure you have the correct Microsoft Azure Active Directory subscription. (Optional) Read DLP policy events including detected sensitive dataĪccessing DLP policy events requires an additional Microsoft Azure Active Directory subscription.Read activity data for your organization.Read service health information for your organization.Set the following Application permissions and Delegated permissions.Navigate to the Enable Access pane in the Microsoft Azure Active Directory application configuration UI.Make sure these permissions are selected, saved and then granted within the Office 365 Management Activity API configuration on Azure Active Directory. The Splunk Add-on for Microsoft Office 365 requires Application and Delegated permissions to read the service health, activity data, and DLP policy events. For additional resources, see Support and resource links for add-ons in Splunk Add-ons.Ĭannot ingest data after configuring a new application and tenant Troubleshooting the Splunk Add-on for Microsoft Office 365 General troubleshootingįor troubleshooting tips that you can apply to all add-ons, see Troubleshoot add-ons in Splunk Add-ons.