Saving money on Microsoft Sentinel!

What is Microsoft Sentinel?

Microsoft Sentinel is a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. It provides intelligent security analytics across an entire enterprise, powered by AI and automation. It also centralizes threat collection, detection, response, and investigation efforts.

Great!….so, how can we save $ on this service?

Let’s imagine that we are ingesting 100 GB per day into this service.

Microsoft Sentinel has something that they refer to as Commitment Tier which allows you to get a discount (…discount compared to Retail Pay-As-You-Go) if you commit to at least 100 GB/day:

When you select a tier, such as 100 GB/day, Microsoft will bill you a fixed fee for that tier (a 50% discount compared to Pay-as-you-go).

You commit to being on a tier (for example 100 GB/day) for 31 days (which means that you can change/remove the tier after 31 days if you wish).

It’s almost like a one-month reservation!

We are now getting a discount on Microsoft Sentinel….are we done?

Nope!

Microsoft Sentinel runs on top of Log Analytics, and we can get a discount on Log Analytics as well:

In this example, we can get another 15% discount on the Log Analytics piece.
 
Note that with Microsoft Sentinel, you tend to spend more on Log Analytics than Microsoft Sentinel.
 
If you spend $1.00 per day on Microsoft Sentinel, you’ll likely (as Sentinel needs Log Analytics) have to spend $2.00 on Log Analytics for a total of $3.00 per day.