cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender for Storage – Price Estimation Dashboard

By
Fernanda
Published Jun 09 2021 05:15 AM 8,413 Views
Fernanda
Microsoft
‎Jun 09 2021 05:15 AM

Microsoft Defender for Storage – Price Estimation Dashboard

‎Jun 09 2021 05:15 AM

 

You are about to enable Microsoft Defender for Storage across your tenant but need to have a price estimation to share with your team to ensure it fits the team’s budget and share the results with the CISO for approval. Although the Azure pricing calculator makes it easy to do it, you still need to figure out how many transactions you are doing in your Storage Accounts in order to have a more accurate estimation.

 

The workbook below can make it even easier to accomplish this task, and you can deploy it from Microsoft Defender for Cloud GitHub community page.

 

Fernanda_0-1623224659528.png

 

While this workbook will help you to accomplish this task, there are some prerequisites that you must be aware, as described in the next section.

 

Prerequisites

To proper use this workbook you need:

  • Storage Accounts with at least 7 days of transactions up to the day you will deploy the workbook
  • Use supported storage types, such as Blob Storage, Azure Files, Azure Data Lake Storage Gen2
  • Have your storage account in Azure Commercial clouds or US Gov
  • At least Workbook Contributor permissions on the targeted resource group to save the workbook

 

How it works

By selecting a subscription, your Storage Accounts will be listed (with and without Microsoft Defender for Storage). Once this happens, all File Transactions and Blob Transactions from the last seven days will be retrieved. In the equation, discounts are not considered; it is the official price listed in the Microsoft Defender for Cloud pricing site ($0.02/10K transactions).

 

Fernanda_1-1623224659530.png

 

 

For a month, we use the 7-day behavior in both File and Blob Transactions to get an approximation of how a normal day looks like; then, this is multiplied by thirty days. Finally, with the official price listed in the Microsoft Defender for Cloud pricing site ($0.02/10K transactions), we estimate the monthly price using the 30-day estimated transactions.

Fernanda_2-1623224659532.png

 

 

Calculating across several large subscriptions or a tenant

To pull Blob and File Transactions from each Storage Account in larger subscriptions or across a tenant use the PowerShell script Read Azure Storage Transaction Metrics. The Price Estimation used in the script is calculated differently from the workbook described in this blog post.

 

Known Issues

  • Azure Monitor Metrics data backends have limits and probably the number of requests to fetch data across Storage Accounts might time out. To solve this, you will need to narrow the scope (reduce the selected Storage Accounts)
  • Errors might reflect by showing 0 transactions in Files and Blobs. To verify this error, go to Edit Mode and the "Timed out" message will be displayed in the query

Fernanda_3-1623224659534.jpeg

 

 

 

 

Contributors: Rogério Barros, Hasan Abo-Shally, Fernanda Vela

Reviewer: Yuri Diogenes

 

References:

 

 

1 Comment
%3CLINGO-SUB%20id%3D%22lingo-sub-2469970%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20Defender%20for%20Storage%20%E2%80%93%20Price%20Estimation%20Dashboard%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2469970%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20from%20my%20experience%20and%20a%20word%20of%20caution.%26nbsp%3B%20%26nbsp%3B%20Running%20ATP%20on%20legacy%20VM%20Unmanaged%20disks%20(i.e.%20a%20Storage%20account%20you%20manage%20yourself%20using%20Page%20Blobs)%20will%20be%20included%20in%20the%20%24.02%2F10k%20transactions%2C%20even%20for%20local%20VM%20disk%20reads%20and%20writes.%26nbsp%3B%20%26nbsp%3B%20I%20had%20a%20case%20where%20a%20SF%20Cluster%20using%20unmanaged%20disks%2C%20racked%20up%20over%20%24600%2Fmonth%20in%20ATP%20since%20the%20normal%20behavior%20for%20the%20application%20running%20on%20it%20was%20disk%20heavy.%26nbsp%3B%20That%20was%20about%20a%20year%20ago.%26nbsp%3B%20Not%20sure%20if%20anything%20changed.%26nbsp%3B%20%26nbsp%3B%20I%20disabled%20the%20Defender%20due%20to%20that.%3C%2FP%3E%0A%3CP%3EKind%20Regards%2C%3C%2FP%3E%0A%3CP%3ESteve%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2429724%22%20slang%3D%22en-US%22%3EMicrosoft%20Defender%20for%20Storage%20%E2%80%93%20Price%20Estimation%20Dashboard%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2429724%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EYou%20are%20about%20to%20enable%20Microsoft%20Defender%20for%20Storage%20across%20your%20tenant%20but%20need%20to%20have%20a%20price%20estimation%20to%20share%20with%20your%20team%20to%20ensure%20it%20fits%20the%20team%E2%80%99s%20budget%20and%20share%20the%20results%20with%20the%20CISO%20for%20approval.%20Although%20the%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fcalculator%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure%20pricing%20calculator%3C%2FA%3E%20makes%20it%20easy%20to%20do%20it%2C%20you%20still%20need%20to%20figure%20out%20how%20many%20transactions%20you%20are%20doing%20in%20your%20Storage%20Accounts%20in%20order%20to%20have%20a%20more%20accurate%20estimation.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20workbook%20below%20can%20make%20it%20even%20easier%20to%20accomplish%20this%20task%2C%20and%20you%20can%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FWorkbooks%2FAzure%2520Defender%2520for%2520Storage%2520Price%2520Estimation%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Edeploy%20it%20from%20Microsoft%20Defender%20for%20Cloud%20GitHub%20community%20page%3C%2FA%3E.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Fernanda_0-1623224659528.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287408i380B3ABAB1A77715%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fernanda_0-1623224659528.png%22%20alt%3D%22Fernanda_0-1623224659528.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWhile%20this%20workbook%20will%20help%20you%20to%20accomplish%20this%20task%2C%20there%20are%20some%20prerequisites%20that%20you%20must%20be%20aware%2C%20as%20described%20in%20the%20next%20section.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--440953296%22%20id%3D%22toc-hId--440300679%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId-2046559537%22%20id%3D%22toc-hId-2047212154%22%3EPrerequisites%3C%2FH2%3E%0A%3CP%3ETo%20proper%20use%20this%20workbook%20you%20need%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EStorage%20Accounts%20with%20at%20least%207%20days%20of%20transactions%20up%20to%20the%20day%20you%20will%20deploy%20the%20workbook%3C%2FLI%3E%0A%3CLI%3EUse%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-storage-introduction%23availability%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Esupported%3C%2FA%3E%3CSPAN%3E%20storage%20types%2C%20such%20as%20%3C%2FSPAN%3EBlob%20Storage%2C%20Azure%20Files%2C%20Azure%20Data%20Lake%20Storage%20Gen2%3C%2FLI%3E%0A%3CLI%3EHave%20your%20storage%20account%20in%20Azure%20Commercial%20clouds%20or%20US%20Gov%3C%2FLI%3E%0A%3CLI%3EAt%20least%20Workbook%20Contributor%20permissions%20on%20the%20targeted%20resource%20group%20to%20save%20the%20workbook%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH2%20id%3D%22toc-hId-239105074%22%20id%3D%22toc-hId-239757691%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId--1568349389%22%20id%3D%22toc-hId--1567696772%22%3EHow%20it%20works%3C%2FH2%3E%0A%3CP%3EBy%20selecting%20a%20subscription%2C%20your%20Storage%20Accounts%20will%20be%20listed%20(with%20and%20without%20Microsoft%20Defender%20for%20Storage).%20Once%20this%20happens%2C%20all%20%3CEM%3EFile%20Transactions%20and%20Blob%20Transactions%3C%2FEM%3E%20from%20the%20last%20seven%20days%20will%20be%20retrieved.%20In%20the%20equation%2C%20discounts%20are%20not%20considered%3B%20it%20is%20the%20official%20price%20listed%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-defender%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Defender%20for%20Cloud%20pricing%20site%3C%2FA%3E%20(%240.02%2F10K%20transactions).%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Fernanda_1-1623224659530.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287411iACBA2181D40D32D6%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fernanda_1-1623224659530.png%22%20alt%3D%22Fernanda_1-1623224659530.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20a%20month%2C%20we%20use%20the%207-day%20behavior%20in%20both%20File%20and%20Blob%20Transactions%20to%20get%20an%20approximation%20of%20how%20a%20normal%20day%20looks%20like%3B%20then%2C%20this%20is%20multiplied%20by%20thirty%20days.%20Finally%2C%20with%20the%20official%20price%20listed%20in%20the%20%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-defender%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Defender%20for%20Cloud%20pricing%20site%3C%2FA%3E%20(%240.02%2F10K%20transactions)%2C%20we%20estimate%20the%20monthly%20price%20using%20the%2030-day%20estimated%20transactions.%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Fernanda_2-1623224659532.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287409i931BBA40B51DE27E%2Fimage-size%2Flarge%3Fv%3Dv2%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Fernanda_2-1623224659532.png%22%20alt%3D%22Fernanda_2-1623224659532.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-919163444%22%20id%3D%22toc-hId-919816061%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId--888291019%22%20id%3D%22toc-hId--887638402%22%3ECalculating%20across%20several%20large%20subscriptions%20or%20a%20tenant%3C%2FH2%3E%0A%3CP%3ETo%20pull%20Blob%20and%20File%20Transactions%20from%20each%20Storage%20Account%20in%20larger%20subscriptions%20or%20across%20a%20tenant%20use%20the%20PowerShell%20script%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FPowershell%2520scripts%2FRead%2520Azure%2520Storage%2520Transaction%2520Metrics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ERead%20Azure%20Storage%20Transaction%20Metrics%3C%2FA%3E.%20The%20Price%20Estimation%20used%20in%20the%20script%20is%20calculated%20differently%20from%20the%20workbook%20described%20in%20this%20blog%20post.%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-1599221814%22%20id%3D%22toc-hId-1599874431%22%3E%26nbsp%3B%3C%2FH2%3E%0A%3CH2%20id%3D%22toc-hId--208232649%22%20id%3D%22toc-hId--207580032%22%3EKnown%20Issues%3C%2FH2%3E%0A%3CUL%3E%0A%3CLI%3EAzure%20Monitor%20Metrics%20data%20backends%20have%20limits%20and%20probably%20the%20number%20of%20requests%20to%20fetch%20data%20across%20Storage%20Accounts%20might%20time%20out.%20To%20solve%20this%2C%20you%20will%20need%20to%20narrow%20the%20scope%20(reduce%20the%20selected%20Storage%20Accounts)%3C%2FLI%3E%0A%3CLI%3EErrors%20might%20reflect%20by%20showing%200%20transactions%20in%20Files%20and%20Blobs.%20To%20verify%20this%20error%2C%20go%20to%20Edit%20Mode%20and%20the%20%22Timed%20out%22%20message%20will%20be%20displayed%20in%20the%20query%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20image-alt%3D%22Fernanda_3-1623224659534.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F287412iBAAE545459203494%2Fimage-size%2Fmedium%3Fv%3Dv2%26amp%3Bpx%3D400%22%20role%3D%22button%22%20title%3D%22Fernanda_3-1623224659534.jpeg%22%20alt%3D%22Fernanda_3-1623224659534.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EContributors%3C%2FSTRONG%3E%3A%20%3CSTRONG%3E%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Frogeriotbarros%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3ERog%C3%A9rio%20Barros%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Fhasanaboshally%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EHasan%20Abo-Shally%3C%2FA%3E%2C%20%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Fmfvelah%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noreferrer%22%3EFernanda%20Vela%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReviewer%3A%20%3CA%20href%3D%22https%3A%2F%2Fwww.linkedin.com%2Fin%2Fyuridiogenes%2F%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3EYuri%20Diogenes%3C%2FA%3E%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EReferences%3C%2FSTRONG%3E%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fdetails%2Fazure-defender%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPricing%E2%80%94Microsoft%20Defender%20for%20Cloud%20%7C%20Microsoft%20Azure%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fazure.microsoft.com%2Fen-us%2Fpricing%2Fcalculator%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPricing%20Calculator%20%7C%20Microsoft%20Azure%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fcustom-dashboards-azure-workbooks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EWorkbooks%20gallery%20in%20Microsoft%20Defender%20for%20Storage%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fsecurity-center%2Fdefender-for-storage-introduction%23availability%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EMicrosoft%20Defender%20for%20Storage%20-%20the%20benefits%20and%20features%20%7C%20Microsoft%20Docs%3C%2FA%3E%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FAzure-Security-Center%2Ftree%2Fmain%2FPowershell%2520scripts%2FRead%2520Azure%2520Storage%2520Transaction%2520Metrics%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAzure-Security-Center%2FPowershell%20scripts%2FRead%20Azure%20Storage%20Transaction%20Metrics%20at%20main%20%C2%B7%20Azure%2FAzure-Security-Center%20(github.com)%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Oct 28 2021 01:52 PM
Updated by: