SOLVED

Azure sentinel cost clarification

%3CLINGO-SUB%20id%3D%22lingo-sub-1177580%22%20slang%3D%22en-US%22%3EAzure%20sentinel%20cost%20clarification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1177580%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIt's%20documented%20that%20Azure%20AD%20audit%20logs%20%26amp%3B%20activity%20logs%20are%20not%20ingested%20for%20free%20and%20payed%20within%20Sentinel.%26nbsp%3B%26nbsp%3B%20I%20understood%20that%20customer%20using%20M365%20subscriptions%2C%20would%20not%20be%20billed%20for%20Azure%20AD%20ingestion%20within%20Sentinel.%26nbsp%3B%26nbsp%3B%20They%20already%20pay%20for%20the%20M365%20subscription%3F%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMaybe%20it's%20free%20for%20the%20logs%20that%20cover%20their%20users%20only%3F%26nbsp%3B%26nbsp%3B%20Maybe%20it's%20not%20free%20at%20all%20and%20should%20be%20payed%20for%20when%20integrated%20in%20Azure%20Sentinel%3F%26nbsp%3B%26nbsp%3B%20Azure%20AD%20data%20ingestion%20really%20is%20a%20grey%20zone%20when%20it%20comes%20to%20Sentinel%20pricing.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EAny%20feedback%20would%20be%20much%20appreciated!%26nbsp%3B%26nbsp%3B%20%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1177709%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20sentinel%20cost%20clarification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1177709%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F11134%22%20target%3D%22_blank%22%3E%40David%20De%20Vos%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%20id%3D%22tinyMceEditorClive%20Watson_0%22%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CP%3EIs%20there%20a%20particular%20clarification%20for%20the%20items%20listed%20in%20the%20FAQ%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-sentinel%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1179086%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20sentinel%20cost%20clarification%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1179086%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F239477%22%20target%3D%22_blank%22%3E%40Clive%20Watson%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere%20actually%20is%20somewhat%20explanation.%26nbsp%3B%20They%20state%20that%20the%20audit%20logs%20are%20not%20ingested%20for%20free%2C%20but%20activity%20logs%20are%20ingested%20for%20free%20from%20Azure%20AD.%26nbsp%3B%26nbsp%3B%20I%20guess%20that%20kind%20of%20answers%20my%20question.%26nbsp%3B%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Hi

 

It's documented that Azure AD audit logs & activity logs are not ingested for free and payed within Sentinel.   I understood that customer using M365 subscriptions, would not be billed for Azure AD ingestion within Sentinel.   They already pay for the M365 subscription?

 

Maybe it's free for the logs that cover their users only?   Maybe it's not free at all and should be payed for when integrated in Azure Sentinel?   Azure AD data ingestion really is a grey zone when it comes to Sentinel pricing.

 

Any feedback would be much appreciated!  

2 Replies
best response confirmed by David De Vos (Contributor)
Solution

@David De Vos 

 

 

Is there a particular clarification for the items listed in the FAQ?

 

https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/

 

 

@CliveWatson 

 

There actually is somewhat explanation.  They state that the audit logs are not ingested for free, but activity logs are ingested for free from Azure AD.   I guess that kind of answers my question.  :)