News

After Partner Feedback, Microsoft Releases Azure Sentinel SIEM Service

Microsoft on Tuesday announced the general availability of Azure Sentinel, its cloud-based security information and event management (SIEM) solution.

Since unveiling the product as a preview in February, Microsoft has been working with its partners to fine-tune Azure Sentinel. Its commercial launch comes after the company collected "feedback from 12,000 customers," explained Ann Johnson, corporate vice president for Microsoft's Cybersecurity Solutions Group, in the announcement. Johnson claimed that Azure Sentinel is a low-maintenance option compared with other SIEM solutions.

Microsoft's SIEM solution combines data from an organization's infrastructure, users, devices and applications, as well as cloud data. It uses machine learning and artificial intelligence to find threats and has a querying capability. It provides a dashboard view for users and also will send alerts.

Azure Sentinel works with other Azure services. It can use "security data from Azure Security Center and Azure Active Directory (Azure AD), along with data from Microsoft 365," Johnson noted. There's no extra cost to use data from "Office 365 audit logs, Azure activity logs and alerts from Microsoft Threat Protection," she added.

As an Azure service, Microsoft is touting Azure Sentinel's pay-for-what-you-use aspect. Organizations get billed based on the data stored in the Azure Monitor Log Analytics workspace, and the data that gets used for analysis. Organizations can opt for the Pay-As-You-Go option or for Capacity Reservations.

Billing under the Capacity Reservations option offers a "fixed fee based on the selected tier," Microsoft's Azure Sentinel pricing page explained. For instance, a capacity of 100GB per day is billed at $123 per day, while 500GB per day gets billed at $492 per day. These charges are considered to be discounted compared with the Pay-As-You-Go option, which gets billed at $2.46 per GB. Microsoft also charges if the data gets retained after 90 days.

Organizations can increase their Capacity Reservations at any time. However, they can only end or reduce their Capacity Reservations after 31 days.

Automating security responses with Azure Sentinel seems to require using Azure Logic Apps, an extra cost, according to the pricing page. For customizing Azure Sentinel's machine learning models, Microsoft recommends its Azure Machine Learning Studio and the Azure Databricks service.

Microsoft is planning to broadcast a talk on Azure Sentinel's security operations on Thursday, Sept. 26, starting at 10 a.m. PST, with sign-up here.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Appoints Althoff as New CEO for Commercial Business

    Microsoft CEO and chairman Satya Nadella on Wednesday announced the promotion of Judson Althoff to CEO of the company's commercial business, presenting the move as a response to the dramatic industrywide shifts caused by AI.

  • Broadcom Revamps VMware Partner Program Again

    Broadcom recently announced a significant update regarding its VMware Cloud Service Provider (VCSP) program, coinciding with the release of VMware Cloud Foundation (VCF) 9.0, a key component in Broadcom’s private cloud strategy.

  • Closeup of the new Copilot keyboard key

    Microsoft Updates Copilot To Add Context-Sensitive Agents to Teams, SharePoint

    Microsoft has rolled out a new public preview for collaborative "always on" agents in Microsoft 365 Copilot, bringing enhanced, context-aware tools into Teams channels, meetings, SharePoint sites, Planner workstreams and Viva Engage communities.

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.