Tuesday, April 23, 2024
Microsoft Sentinel

Microsoft Sentinel free for the first 31 days

Tiago SouzaNo tagsMicrosoft Sentinel

Did you know that you can test Microsoft Sentinel for 31 days, being able to ingest up to 10 GB/day?

When you enable a new Log Analytics workspace you can ingest up to 10 GB/day of log data for the first 31-days at no cost. It’s considered a new workspace when is less than 3 days old.

To understand more what comprises the free trial it’s important to understand the differences between Data Ingestion x Data Retention. I wrote this article explaining about this topic: Microsoft Sentinel – Ingestion x Retention Costs – Part I.

Some important information about this trial:

For NEW Log Analytics Workspaces:

  • You can ingest up to 10 GB/day of log for the first 31-days at no cost.
  • Are considered new workspaces those ones that are less than 3 days old.
  • In this case,  Log Analytics data ingestion and Microsoft Sentinel charges are free for 31-day trial period.
  • Free trial limit of 20 Workspaces per Azure Tenant.

For EXISTING Log Analytics Workspaces:

  • You can enable Microsoft Sentinel at no extra cost.
  • Are considered existing workspaces those ones created more than 3 days ago.
  • In this case, only the Microsoft Sentinel charges are waived during the 31-day trial period.

Important – For both:

  • Usage beyond these limits will be charged per the pricing listed on the Microsoft Sentinel pricing page.
  • Extra capabilities such as automation and bring your own machine learning will be charged during the free trial.

Activating the Trial

  1. Go to the Azure Portal
  2. Search for Sentinel
  3. Select News & guides
  4. You will see the Free trial option

If you want to estimate the Microsoft Sentinel you can visit the Pricing calculator page.

Defining a data volume cap in Log Analytics

If you want to test for this period and make sure that you won’t have extra charges, you can configure a data volume cap in Log Analytics.

In Log Analytics, it’s possible to activate a daily volume cap that limits the daily ingestion for your log analytics workspace. With that, you can manage unexpected increases in data volume and stay within your limit.

  1. Go to the Azure Portal
  2. Search for Log Analytics workspaces
  3. select Usage and estimated costs in the left navigation of your Log Analytics workspace
  4. select Daily cap. Select On
  5. enter a daily volume cap amount, and then select OK
Screenshot showing the Usage and estimated costs screen and the Daily cap window.

Reference: Manage and monitor costs for Microsoft Sentinel | Microsoft Docs

add a comment
Tiago Souza

Tiago Souza

Security Technical Specialist
Cyber Security Technical Specialist at Microsoft | Cloud Security & Threat Protection | Blog content creator at CyberGeeks.Cloud - https://linktr.ee/tiagovf
view all posts

You may also like