News

After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service

Microsoft on Tuesday announced the general availability of Azure Sentinel, its cloud-based security information and event management (SIEM) solution.

Since unveiling the product as a preview in February, Microsoft has been working with its partners to fine-tune Azure Sentinel. Its commercial launch comes after the company collected "feedback from 12,000 customers," explained Ann Johnson, corporate vice president for Microsoft's Cybersecurity Solutions Group, in the announcement. Johnson claimed that Azure Sentinel is a low-maintenance option compared with other SIEM solutions.

Microsoft's SIEM solution combines data from an organization's infrastructure, users, devices and applications, as well as cloud data. It uses machine learning and artificial intelligence to find threats and has a querying capability. It provides a dashboard view for users and also will send alerts.

Azure Sentinel works with other Azure services. It can use "security data from Azure Security Center and Azure Active Directory (Azure AD), along with data from Microsoft 365," Johnson noted. There's no extra cost to use data from "Office 365 audit logs, Azure activity logs and alerts from Microsoft Threat Protection," she added.

As an Azure service, Microsoft is touting Azure Sentinel's pay-for-what-you-use aspect. Organizations get billed based on the data stored in the Azure Monitor Log Analytics workspace, and the data that gets used for analysis. Organizations can opt for the Pay-As-You-Go option or for Capacity Reservations.

Billing under the Capacity Reservations option offers a "fixed fee based on the selected tier," Microsoft's Azure Sentinel pricing page explained. For instance, a capacity of 100GB per day is billed at $123 per day, while 500GB per day gets billed at $492 per day. These charges are considered to be discounted compared with the Pay-As-You-Go option, which gets billed at $2.46 per GB. Microsoft also charges if the data gets retained after 90 days.

Organizations can increase their Capacity Reservations at any time. However, they can only end or reduce their Capacity Reservations after 31 days.

Automating security responses with Azure Sentinel seems to require using Azure Logic Apps, an extra cost, according to the pricing page. For customizing Azure Sentinel's machine learning models, Microsoft recommends its Azure Machine Learning Studio and the Azure Databricks service.

Microsoft is planning to broadcast a talk on Azure Sentinel's security operations on Thursday, Sept. 26, starting at 10 a.m. PST, with sign-up here.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

    The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Microsoft to Shut Down Skype Services

    Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

  • Big Blue To Acquire Datastax in Enterprise AI Play

    In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.