There are a few things that differ in the basic SKU
- Threat detection in alert only, even if you set this deny it will not work
- Pricing is cheaper for the hourly cost, but more expensive for throughput, as it is designed to be used for light workloads only
- Only support 250MB/s throughput
- Does not support FQDN filtering for network rules
You can see more details here