The Magnificent Seven: New Ways to Get More Out of Your Microsoft and Splunk Environment

As a leading global provider of cloud computing services with a business critical software portfolio, Microsoft is a key Splunk partner. In our mission to empower customers with data, we are delighted to share a few of the latest integrations, dashboards, and reference guides that help you extract even more value from your Microsoft environments. 

Here’s a peek at what we’ve been working on lately:

1.  Deeper, Richer M365 insights: The M365 App for Splunk brings together unique insights about customers’ M365 environment with data from M365, Office 365, and Teams. To help ease uncertainty and tackle challenges presented by a rapidly growing remote workforce, Splunk introduced a Remote Work Insights solution. The solution offers expert guidance with real-time IT and security visibility across disparate systems and now includes Microsoft 365, Teams, Zoom, WebEx, Okta, and more.

2.  Microsoft Teams Integration: Microsoft Teams was a highly requested integration, and the Splunk Works team delivered! As of June 12, Teams data can be ingested into Splunk via the latest add-on for use in RWI

3.  Microsoft Graph Security API Add-on for Splunk: Microsoft Graph Security API Add-On allows Splunk users to ingest all security alerts for their organization using the Microsoft Graph Security API. Supported products include Azure Advanced Threat Protection, Azure AD Identity Protection, Azure Security Center, Azure Sentinel, Azure Information Protection, Microsoft Cloud App Security, Office Advanced Threat Protection, Defender Advanced Threat Protection and more.

4.  Guidelines for Deploying Splunk on Azure: Everything you need to successfully deploy Splunk on Azure can be found in this tech brief, including recommendations for Azure VM image, size, and storage, as well as sample deployment architectures.

5.  Streaming for Auditing for Azure DevOps: Auditing for Azure DevOps enables organization administrators to monitor and react to changes throughout their organizations. Now, audit data can be streamed into Splunk — the only non-Microsoft integration in the Azure DevOps portal. Splunk can help customers analyze this data, and will retain it longer than the 90-day Azure limit. Microsoft made these new capabilities available for public preview as of May 19th. 

6.  Visual Studio Code Extension for Splunk: Microsoft’s Visual Studio Code Extension for Splunk helps developers create, test, and debug Splunk Enterprise apps, add-ons, custom commands, REST handlers, etc. The extension helps Splunk administrators edit Splunk .conf files by providing stanza and setting completions as well as setting checking. For individuals living in Visual Studio Code, integrations are built in to run Splunk searches and display Splunk visualizations in Visual Studio Code.

7.  HashiCorp Consul Service (HCS) on Azure: There’s more than just the collaborations between Microsoft and Splunk. Joint partners like HashiCorp are building solutions on Azure with Splunk, such as the solution where Consul is offered as a fully managed service to HashiCorp and Azure customers. If you’re interested in learning more, check out the webinar.

Ready to unlock the power of your Microsoft data? The complete catalog of Microsoft Apps for Splunk can be found here.

Suzanna Barnard
Posted by

Suzanna Barnard

Senior Manager on the Global Strategic Alliances team at Splunk. Former intelligence analyst and security software product manager. Coffee connoisseur, llama chaser, and West Wing superfan. On a mission to bake the perfect chocolate chip cookie.