Skip to content

Hardware and software requirements for the Splunk Add-on for Microsoft Office 365

Splunk admin requirements

To install and configure the Splunk Add-on for Microsoft Office 365, you must be a member of the admin role.

Network configuration requirements

The Splunk Add-on for Microsoft Office 365 makes REST API calls via HTTPS on port 443.

Secure socket layer (SSL) certification configuration requirements

By default, SSL verification is enabled. To configure secure socket layer (SSL) certifications according to the needs of your deployment, perform the following steps:

  1. Add SSL certificates to the file cacert.pem to the following paths: - $SPLUNK_HOME/etc/apps/splunk_ta_o365/lib/certifi/cacert.pem, or $SPLUNK_HOME/etc/apps/splunk_ta_o365/bin/3rdparty/certify/. - $SPLUNK_HOME/lib/python3.7/site-packages/certifi/cacert.pem
  2. Open the cacert.pem file with a text editor.
  3. Add the SSL certificates for your deployment.
  4. Use the internal certificate for your client machine. If you use a proxy connection, use the same internal certificate as the one on your client machine. The connection will be inspected by your proxy, and the certificate must match your root certificate when making the connection to your server.
  5. Save your changes.

Microsoft Office 365 requirements

You must have administrator access to the Office 365 Admin Console to configure an application in Azure Active Directory and grant the necessary permissions to send data to the Splunk platform using the Office 365 Management Activity API and Office 365 Service Communication API.

Note

Accessing the optional DLP policy events requires an additional Microsoft Azure Active Directory subscription. Refer to the Microsoft Azure Active Directory documentation for more information.

Azure Government Cloud limitations

Warning

The Splunk Add-on for Office 365 has not been tested with Azure Government Cloud. The functionality of the Splunk Add-on for Office 365 responsible for Azure Government Cloud data is not supported and is provided “as is”, and should be used at your own risk.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
  • If you plan to run this add-on entirely in Splunk Cloud, there are no additional Splunk platform requirements.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.