Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Costs of Data Source

Essential Data Sources in Microsoft Sentinel: Visibility vs. Cost.

Some of the most valuable data sources in Microsoft Sentinel are not free.

Logs such as Entra ID Audit Logs, Sign-in Logs, and Alert Evidence incur additional data ingestion costs in Azure Log Analytics.

Typical Costs

  • Audit Logs – Very low cost, almost negligible

  • Sign-in Logs – Small but consistent cost impact

  • Non-interactive Sign-in Logs – Highest cost contributor, but crucial for identity threat detection

Based on our analysis across multiple customer environments, the average additional cost for enabling these paid data sources is approximately €0.10 per user per month.

 

Why This Matters

These logs are critical for detecting:

  • Account compromise

  • Adversary-in-the-Middle (AiTM) attacks

  • Persistence techniques

Without these data sources, Microsoft Sentinel’s visibility into identity-related threats is significantly reduced.

 

Onboarding Choice

During onboarding, we will ask whether you want to enable these paid data sources.

While optional, we strongly recommend enabling them to fully leverage the capabilities of Microsoft Sentinel.