Forum Discussion
Pricing Calculator for Microsoft Sentinel
Hello CyrilChu,
The pricing is split into two parts - Azure Monitor and Microsoft Sentinel because:
Azure Monitor is considered to be the "Ingestion" part (GB of logs that are ingested into Log Analytics Workspace) and Microsoft Sentinel is the SIEM system itself that operates logs, queries, workbooks, connectors etc.
Sharing a tool that might be useful for UK-based teams planning or optimising
Sentinel/Log Analytics costs.
azure-calc.co.uk covers:
- PAYG vs commitment tier comparison (100–5000 GB/day tiers in GBP)
- Basic vs Analytics vs Auxiliary log tier cost breakdown
- Retention cost modelling (interactive + archive, up to 12 years)
- Restore pricing — including the 2TB minimum billing floor that catches people out
- Search Job vs Restore cost comparison
- Sentinel simplified pricing (combined LA + Sentinel meter in GBP)
- Pre-deployment estimator: enter server/device counts, get estimated GB/day
Prices pull nightly from the Azure Retail Prices API filtered to uksouth + GBP,
so they stay current as Microsoft adjusts rates monthly.
There's also a KQL Cost Query Builder at azure-calc.co.uk/kql-builder with 10
queries for analysing billable ingestion by resource group, table, workspace,
and detecting ingestion anomalies — useful once you're live and want to
understand what's driving costs.
Not affiliated with Microsoft. Happy to hear if anything looks wrong with
the calculations.