The Microsoft 365 Defender Connector in Microsoft Sentinel is coming along nicely with all the table sources now available to select. The Connector is still in public preview, but the progress is a very welcome sight.
Even though ingesting the M365 Advanced logs is considered necessary, enabling them will cost something.
There are two primary data costs to Microsoft Sentinel and those are ingestion and retention. A Microsoft Sentinel environment gets 90 days of free retention for active data and there are methods and approaches to managing the data once it hits the 90-day threshold.