Feb 17 2020 06:48 AM
Hi
It's documented that Azure AD audit logs & activity logs are not ingested for free and payed within Sentinel. I understood that customer using M365 subscriptions, would not be billed for Azure AD ingestion within Sentinel. They already pay for the M365 subscription?
Maybe it's free for the logs that cover their users only? Maybe it's not free at all and should be payed for when integrated in Azure Sentinel? Azure AD data ingestion really is a grey zone when it comes to Sentinel pricing.
Any feedback would be much appreciated!
Feb 17 2020 08:31 AM
Solution
Is there a particular clarification for the items listed in the FAQ?
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
Feb 18 2020 02:53 AM
There actually is somewhat explanation. They state that the audit logs are not ingested for free, but activity logs are ingested for free from Azure AD. I guess that kind of answers my question. 🙂
Feb 17 2020 08:31 AM
Solution
Is there a particular clarification for the items listed in the FAQ?
https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/