9: Pricing Flashcards
(11 cards)
What is Sentinel pricing based on?
Sentinel pricing is primarily based on the amount of data ingested (per GB). Optional costs also apply for automation, extended retention, and some premium features.
What is the default data retention period in Sentinel?
90 days, included at no additional cost.
Can you extend data retention beyond 90 days?
Yes, but it incurs additional cost per GB per month.
What is included at no cost in Sentinel ingestion?
Logs from Microsoft 365 Defender and Microsoft Entra (formerly Azure AD) are free to ingest into Sentinel.
How can customers reduce ingestion costs?
Use filtering with Azure Monitor Agent (AMA) to only send necessary logs. Use compression, reduce verbosity, apply sampling, and tune data sources.
What happens if you send too many verbose logs?
Costs increase, queries slow down, and dashboards may lag. You should tune ingestion to focus on relevant, high-value data.
Can you archive Sentinel data instead of deleting it?
Yes. You can use the Archive Tier to retain logs at a lower cost and restore them when needed.
Why should customers care about pricing and retention?
It helps with budget planning and avoids surprise costs. Understanding which data is free vs. billable helps teams prioritize what to ingest and store.
Can I see how much each data connector is costing me?
Yes. You can use Azure Cost Management or the Sentinel Usage Workbook to track ingestion and cost per table or data source.
Is there a free trial for Sentinel?
Yes. You get up to 10GB/day free for the first 31 days after enabling Sentinel.
Do I get billed for running queries or viewing dashboards?
No. You’re only billed for ingestion, extended retention, and automation—queries and dashboards are free to use.
