Effective July 11, 2024, Microsoft Sentinel is generally available as part of the unified security operations platform. This integration aims to streamline security operations by combining various tools into a single platform.

 

What is the Microsoft Unified Security Operations Platform?

The Microsoft Unified Security Operations Platform is a comprehensive solution designed to enhance the efficiency and effectiveness of security operations centers (SOCs). It integrates several key Microsoft security tools into a single platform, including:

  • Microsoft Sentinel: A cloud-native security information and event management (SIEM) solution that provides extensive visibility into the threat landscape.
  • Microsoft Defender XDR: An extended detection and response (XDR) platform that offers unified visibility, investigation, and response across various environments such as endpoints, identities, emails, and cloud apps.
  • Microsoft Copilot for Security: An AI-powered assistant that helps security teams with threat detection, investigation, and response by leveraging advanced generative AI. It includes Microsoft 365 Copilot.

 

What is Microsoft Sentinel?

Microsoft Sentinel is a cloud-native security information and event management (SIEM) solution. It offers advanced security analytics and threat intelligence across the enterprise. It is accessible in the Microsoft Azure portal and the Microsoft Defender portal. By integrating with Microsoft Defender, it provides a unified experience for managing security incidents and hunting cyberthreats. Microsoft Sentinel also natively incorporates proven Azure services, like Log Analytics and Logic Apps, and enriches your investigation and detection with AI.

 

Microsoft Sentinel: Key Features

  • Unified Workspace: Onboard a single workspace into the Defender portal through a simple wizard available on the home screen at microsoft.com.
  • Unified Incidents and Hunting: Streamline investigations with unified incidents and hunting capabilities.
  • Microsoft Copilot for Security (add-on): Utilize AI for incident summaries, guided investigations, and more, if you are licensed with the Microsoft Copilot for Security add-on.
  • Extended Attack Disruption: Extend attack disruption to critical apps like SAP.
  • Post-Incident Recommendations: Receive tailored recommendations to prevent similar attacks.
  • Classic Experience: Continue using the classic experience in Microsoft Azure if needed.

 

Microsoft Sentinel: Licensing requirements

Microsoft Sentinel is available to commercial cloud users with at least one Microsoft Defender XDR workload deployed.

 

Microsoft Sentinel: Pricing Overview

Pricing depends on the types of logs added to a workspace and is billed daily per workspace. There are two main types of logs: Analytics logs and Basic logs.

  • Analytics logs, which are high-value security logs, can be paid for using either the Pay-As-You-Go model or Commitment Tiers.
    • The Pay-As-You-Go model charges based on the actual data volume stored in GB.
    • Commitment Tiers offer predictable pricing and savings for higher data volumes (tiers range from 100 GB to 50,000 GB per day).
  • Basic logs are detailed but have low security value.
    • They are charged at a flat rate per GB and have limitations such as reduced querying capabilities and eight-day retention.

There are simplified pricing tiers that combine the costs of data analysis and ingestion storage into a single tier, making billing and cost management more straightforward. Some data sources are free with Microsoft Sentinel. For more info, please visit: https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers.

 

More information

Find the announcement here: https://www.microsoft.com/en-us/security/blog/2024/07/11/simplified-zero-trust-security-with-the-microsoft-entra-suite-and-unified-security-operations-platform-now-generally-available/#:~:text=Microsoft%20Sentinel%20is,Defender%20XDR%20environment.

Find a Microsoft Sentinel overview here: https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers.

Understand pricing options of Microsoft Sentinel with this documentation: https://learn.microsoft.com/en-us/azure/sentinel/billing?tabs=simplified%2Ccommitment-tiers.

Find a pricing overview here: https://azure.microsoft.com/en-us/pricing/details/microsoft-sentinel/#purchase-options.

For more on Microsoft licensing, visit our Microsoft vendor page at: https://www.schneider.im/software/microsoft/.

Please contact us for expert services on your specific Microsoft software and Online Services requirements and to request a quote today.

Share article