Sentinel being in Preview since February 2019, Microsoft just announced the General Availability and pricing for Azure Sentinel today.
Pay-As-You-Go Pricing for Azure Sentinel
For those of you familiar with Azure pricing, running the same service in different datacenters can have a different price. On top of that, purchasing reserved capacity can provide up to a 60% discount on certain workloads. For now, let’s take a look at the initial Pay-as-you-go pricing for Azure Sentinel in the US:
| Region | Sentinel Price per GB | Log Analytics Price per GB | Data Retention Price per GB |
| US East | $2.00 | $2.30 | $0.10 |
| US East 2 | $2.00 | $2.76 | $0.12 |
| US Central | $2.46 | $2.76 | $0.12 |
| US North Central | $2.40 | $2.76 | $0.12 |
| US South Central | $2.40 | $2.76 | $0.12 |
| US West Central | $2.40 | $2.76 | $0.12 |
| US West | $2.60 | $2.99 | $0.13 |
| US West 2 | $2.00 | $2.30 | $0.10 |
| US Government VA | $2.50 | $2.88 | $0.13 |
Data has to be ingested into a Log Analytics Workspace before you can perform analytics with Azure Sentinel. Ingesting data is fairly simple–only a few clicks for certain workloads–but it does have a price per GB associated with it.
Pricing for Log Analytics
Log Analytics pricing is its own beast. Pricing for Log Analytics also varies per datacenter and you’re granted a limited amount of free log ingestion per tenant.
| Feature | Free Units Included |
| Log Analytics Data Ingestion | 5 GB per customer per month |
| Log Analytics Data Retention | 31 Days (Or 90 Days if Azure Sentinel is enabled on the workspace) |
Data retention pricing is listed above and is only charged if you choose to keep your logs longer than the free period allocated to the workspace. Going back to Azure Sentinel, the following logs can be ingested to the service for free as well:
| Azure Sentinel Data Source | Free Units Included |
| Azure Activity Logs | Unlimited |
| Office 365 Audit Logs | Unlimited |
| Microsoft Threat Protection Logs | Unlimited |
Pricing for Add-on Services to Azure Sentinel
There are many other services that are typically deployed alongside Azure Sentinel, such as Application Insights, Logic Apps, Azure Monitor, etc. Each of those services have additional pricing that is separate for Azure Sentinel. Azure Security Center also relies on the Log Analytics agent, which has its own pricing model too. For more information, take a look the Microsoft pricing pages:
- Azure Monitor Pricing Details including Log Analytics and Application Insights
- Azure Security Center Pricing
- Databricks Pricing
- Logic Apps Pricing
- Machine Learning Studio Pricing
- Sentinel Pricing Details
If you’re going to rip out Splunk, Logrhythm, Qradar, or Arcsight and replace it with Azure Sentinel, then you probably have a ton of logs that you need to process.
