Forum Discussion
Azure Sentinel Pricing Clarification
I have just on-boarded a customer to my tenant and I have used ARM template to get a delegation access of a resource group from my customers tenant. Customer resource group contains a LogAnalytic...
Rajkamal1960 You would not want to ingest the data into your tenant (but you would pay the ingestion charges and your client would pay egress charges if in a different region). Like @Thijs Lecomte said, use Azure Lighthouse to interact with your customers.
This article will get you started:
https://docs.microsoft.com/en-us/azure/sentinel/multiple-tenants-service-providers
GaryBushey Thanks for the clarification.
It means that I will be charged if I am working on Azure Sentinel at my tenant on the LogAnanlyticsWorkspace of my client's tenant. As I have already got the delegated access of that resource group of client's workspace. Please let me know if my understanding is correct.
Also it would be much appreciated if you can tell me more about egress charges if in a different region.
Thanks
Rajkamal1960 *IF* you do not use Azure Lighthouse, and again that is the preferred method, you will be charged for the data coming into your Azure Sentinel instance. With Lighthouse, all the data stays on the client side.
You can go here to see more on egress charges: https://azure.microsoft.com/en-us/pricing/details/bandwidth/
GaryBushey If I am not using Azure Lighthouse then what other methods I have to ingest logs in to my Azure Sentinel Workspace from my client's AD.
Because if I am not using Azure Lighthouse then I will not be able to get the delegated access of their resource groups and will not be able to get the access of their LogAnalyticsWorkspace.
- CliveWatson
Microsoft
also take a look at module 3 in the training - MSSP
"...A special use case is providing service using Azure Sentinel, for example by an MSSP (Managed Security Service Provider) or by a Global SOC in a large organization. "
