Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
655 questions
I would start with Defender for Endpoint which requires an E3 or E5 (or equivalent) license. This is a user license. There are many M365 benefits with E3/E5 and there may be non-profit discounts. This is the biggest bang for your buck and is a predictable price. MDE goes a long way to securing servers and endpoints with a good dashboard. Sort of a cookie cutter Windows SIEM. I would also look into MDI to secure on-prem domain controllers.
Sentinel is a more advanced SIEM. It takes more effort to configure and manage. Best for monitoring signals from a wide range of services in Azure, in other clouds, and on-prem. You pay per GB ingested. Somewhere around $4.5 per GB in the US. There are cost controls but calculating costs is somewhat difficult.
Anyway, I find the value of Sentinel is diminished if the other MS security services are not onboarded first like MDE, MDI, MDO, MDFC (ASC), and MDFCA (MCAS),
@Alex Alborzfard
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
----------
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.