After an Azure AD App registration has been created, it must be given appropriate permissions to access Azure resources. Some inputs will require granting permissions to specific APIs. Other inputs will require adding the Azure AD App registration to specific Identity and Access Management (IAM) roles.

Add permissions to access an API

Execute the following steps for the inputs in the add-on that require specific API permissions.

Refer to the Azure/O365 Splunk Add-on Required Permissions matrix for complete details on required API and role permissions.

1. Login to the Azure Portal

2. Type azure active directory in the search bar and click the Azure Active Directory service.


3. Select App registrations.


4. Select your App registration

5. Select API permissions > Add a permission


6. Select the appropriate API.

For example, choose Microsoft Graph to gather Azure Active Directory Users data.

Refer to the Azure/O365 Splunk Add-on Required Permissions matrix to determine which API is needed for each input you want to use in the add-on.


7. Choose Application or Deletegated permissions. Most inputs will require Application permissions.

We will choose Application for our Azure Active Directory Users data example.

8. Select the necessary permission(s).

We will choose User.Read.All for our Azure Active Directory Users data example.


9. Repeat the above steps for each necessary API permission.

10. Select the Add permissions button.

Grant API Consent

Some API permissions require an Azure administrator to consent to the requested permissions.

1. From the API permissions section of your Azure AD App registration, click the button labeled Grant admin consent for .

Note: if this button is disabled, you may not have the necessary permissions to grant API consent. Contact your Azure admin to grant the API permissions.


2. After granting permissions, the Status column should say "Granted for <your tenant".


Add an Azure AD App Registration to an IAM Role

Execute the following steps for the inputs in the add-on that require specific IAM roles.

Refer to the Azure/O365 Splunk Add-on Required Permissions matrix for complete details on required API and role permissions.

1. Login to the Azure Portal

2. Type subscriptions in the search bar and click the Subscriptions service.


3. Select your subscription, and then click Access control (IAM).

4. Click the Add button, and then select the Add role assignment option.


5. In the search box, type the name of the required role. Select the role in the table, and then click the Next button.

For example, choose Reader to gather Compute data.


6. Click the Select members button. Type the name of the Azure AD Application registration. Click the name of the application so that it shows up in the Selected members section. Then, click the Select button.


7. Click the Review + assign button.

8. Once the process finishes, click Role assignments and check that the application is in the role.


9. Repeat the above steps for each necessary role.

Next Step

Connect to your Azure Account with Splunk Add-on for Microsoft Azure