Skip to main content
Splunk Lantern

Microsoft: Office 365

Microsoft Office 365 (now called Microsoft 365) is a SaaS offering that combines the traditional Microsoft Office desktop applications, Microsoft application services, and productivity services from within Microsoft’s Azure cloud platform. Office 365 contains the same core desktop applications as the traditional versions of Microsoft Office, such as Word, Excel, PowerPoint and Outlook, as well as a suite of other apps and online services for cloud file storage, secure communication, and collaboration. These include Planner, OneDrive, Exchange, SharePoint, Yammer, and Microsoft Teams.

Microsoft Office 365 produces service status, service messages, and management activity logs that are all useful for system administrators. In the Common Information Model, Microsoft O365 data can be mapped to any of the following data models: Authentication, Change, Data Access

Configuration

Guidance for onboarding data can be found in the Spunk Documentation: 

Refer to the documentation, and note the following:

  • Source types:
    • o365:cas:api
    • o365:graph:api
    • o365:management:activity
    • o365:service:healthIssue
    • o365:service:update:Message
    • o365:ta:o365:log
  • Add-on or app: Splunk Add-on for Microsoft Office 365

Application

When your Splunk deployment is ingesting Microsoft O365 data, you can use it to accomplish the following use cases: