Office 365 Azure configuration

[diogofgm]

I'm trying to setup an input for OAuth2 to connect to an Office 365 email account without success.

I'm using the user and password for the account and in the input I'm using the right tenant in the OAuth2 authority.

Errors I'm getting from splunk:

2023-02-10 17:22:13,325 ERROR pid=21961 tid=MainThread file=base_modinput.py:log_error:309 | get_dmarc_messages: No access token found for client ID: [email protected] - result {'error': 'unauthorized_client', 'error_description': "AADSTS700016: Application with identifier 'dmarc.report.failures' was not found in the directory 'REDACTED'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\r\nTrace ID: xxxxxxxx-xxxx-xxxx-xxxx-7c5069335800\r\nCorrelation ID: xxxxxxxx-xxxx-xxxx-xxxx-ae9665091ecd\r\nTimestamp: 2023-02-10 17:22:13Z", 'error_codes': [700016], 'timestamp': '2023-02-10 17:22:13Z', 'trace_id': 'xxxxxxxx-xxxx-xxxx-xxxx-7c5069335800', 'correlation_id': 'xxxxxxxx-xxxx-xxxx-xxxx-ae9665091ecd', 'error_uri': 'https://login.microsoftonline.com/error?code=700016'}

Followed by:

2023-02-10 17:22:13,328 ERROR pid=21961 tid=MainThread file=base_modinput.py:log_error:309 | Get error when collecting events. Traceback (most recent call last): File "/opt/splunk/etc/apps/TA-dmarc/bin/ta_dmarc/aob_py3/modinput_wrapper/base_modinput.py", line 128, in stream_events self.collect_events(ew) File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc_imap_oauth2.py", line 104, in collect_events input_module.collect_events(self, ew) File "/opt/splunk/etc/apps/TA-dmarc/bin/input_module_dmarc_imap_oauth2.py", line 93, in collect_events filelist = i2d.process_incoming() File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc/imap2dir.py", line 344, in process_incoming messages = self.get_dmarc_messages() File "/opt/splunk/etc/apps/TA-dmarc/bin/dmarc/imap2dir.py", line 161, in get_dmarc_messages info = self.server.select_folder(self.opt_imap_mailbox) File "/opt/splunk/etc/apps/TA-dmarc/bin/imapclient/imapclient.py", line 763, in select_folder self._command_and_check('select', self._normalise_folder(folder), readonly) File "/opt/splunk/etc/apps/TA-dmarc/bin/imapclient/imapclient.py", line 1666, in _command_and_check typ, data = meth(*args) File "/opt/splunk/lib/python3.7/imaplib.py", line 745, in select typ, dat = self._simple_command(name, mailbox) File "/opt/splunk/lib/python3.7/imaplib.py", line 1196, in _simple_command return self._command_complete(name, self._command(name, *args)) File "/opt/splunk/lib/python3.7/imaplib.py", line 944, in _command ', '.join(Commands[name]))) imaplib.IMAP4.error: command SELECT illegal in state NONAUTH, only allowed in states AUTH, SELECTED

What configurations do I need to do on the azure side to properly setup this up?