Newbie Question - Sentinel Deployment: Cost & Effort Required

Alex Alborzfard 1 Reputation point
2022-02-08T14:49:49.463+00:00

I'm considering deploying Sentinel for our Azure & Non-Azure environment. We're a small, nonprofit Windows shop.
Where is the best place to get an idea of the cost and effort involved?

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
970 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Andrew Blumhardt 9,491 Reputation points Microsoft Employee
    2022-02-08T19:10:17.277+00:00

    I would start with Defender for Endpoint which requires an E3 or E5 (or equivalent) license. This is a user license. There are many M365 benefits with E3/E5 and there may be non-profit discounts. This is the biggest bang for your buck and is a predictable price. MDE goes a long way to securing servers and endpoints with a good dashboard. Sort of a cookie cutter Windows SIEM. I would also look into MDI to secure on-prem domain controllers.

    Sentinel is a more advanced SIEM. It takes more effort to configure and manage. Best for monitoring signals from a wide range of services in Azure, in other clouds, and on-prem. You pay per GB ingested. Somewhere around $4.5 per GB in the US. There are cost controls but calculating costs is somewhat difficult.

    Anyway, I find the value of Sentinel is diminished if the other MS security services are not onboarded first like MDE, MDI, MDO, MDFC (ASC), and MDFCA (MCAS),

    1 person found this answer helpful.
    0 comments No comments

  2. JamesTran-MSFT 36,351 Reputation points Microsoft Employee
    2022-02-08T19:28:15.13+00:00

    @Alex Alborzfard
    Thank you for your post!

    Adding onto what @Andrew Blumhardt mentioned, the best place to get an idea of the cost and effort involved in deploying Azure Sentinel will be the Microsoft Sentinel pricing webpage and the Microsoft Sentinel documentation.

    Additional Links:
    Best practices for Microsoft Sentinel
    Microsoft Sentinel workspace architecture best practices
    Quickstart: On-board Microsoft Sentinel
    Connect your threat intelligence platform to Microsoft Sentinel
    Microsoft Sentinel pricing - FAQ
    Microsoft Sentinel Overview

    If you have any other questions, please let us know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    0 comments No comments

  3. Chiheb Chebbi 1 Reputation point MVP
    2022-03-14T21:06:18.54+00:00
    0 comments No comments