Azure sentinel cost clarification

Iron Contributor



It's documented that Azure AD audit logs & activity logs are not ingested for free and payed within Sentinel.   I understood that customer using M365 subscriptions, would not be billed for Azure AD ingestion within Sentinel.   They already pay for the M365 subscription?


Maybe it's free for the logs that cover their users only?   Maybe it's not free at all and should be payed for when integrated in Azure Sentinel?   Azure AD data ingestion really is a grey zone when it comes to Sentinel pricing.


Any feedback would be much appreciated!  

2 Replies
best response confirmed by David De Vos (Iron Contributor)

@David De Vos 



Is there a particular clarification for the items listed in the FAQ?





There actually is somewhat explanation.  They state that the audit logs are not ingested for free, but activity logs are ingested for free from Azure AD.   I guess that kind of answers my question.  :)