Hi, I'm following this guide here to ingest Microsoft Office 365 logs from the Management API
I've already created an application and granted these permissions to the application. I've also granted Admin consent to these permissions.
- ActivityFeed.Read
- ActivityFeed.ReadDlp
- User.Read
There after i entered the Directory (tenant) ID, Application (client) ID and secret value.
However the data is not showing up on my elastic cloud instance. I've tried creating a data view, but I don't see logs-o365.audit-2.6.5 being available.
For sanity, I tried manually connecting to the Management API via Postman and it works, yet Elastic is not creating any subscriptions or pulling any data down.
I did not install any agents, and it's purely an API connection setup.
Is there any other configuration I need to do?