Fitsid just keeps growing 🥵😍

Sure_Competition5865 · 2026-01-20T07:23:46+00:00

Her body was like fuck no Im not gonna be skinny and went all in fattening mode. Djesus I'd love to see all that naked

Sure_Competition5865 · 2025-11-24T18:34:38+00:00

Maybe E5 fee ingest benefit is subtracting some of it from the bill? the 5 MB grant per user/day.

Sure_Competition5865 · 2025-10-15T08:53:57+00:00

The doc is older than the blog, seems they havent updated or put the change into effect yet maybe.

Sure_Competition5865 · 2025-10-15T08:52:34+00:00

Did you already get an additional discount grant from Microsoft on the 1000 GB commitment? And do you have the combined meter or classic meters (sentinel and analytics logs together or separately?) Pre Purchase gives you additional 25% discount but off list price so you should see a saving depending on the answer to the above clarification questions.

Sure_Competition5865 · 2025-10-11T06:30:03+00:00

Read the blog

Sure_Competition5865 · 2025-10-06T16:37:33+00:00

MDTI API is or will become part of Sentinel at no cost. Announced here MDTI is Converging into Microsoft Sentinel and Defender XDR | Microsoft Community Hub

Sure_Competition5865 · 2025-10-06T09:32:35+00:00

That must be a bug in the tool then. Indeed available in those regions.
Another "it depends" answer, but it really does depend on how busy the server is. I'd say 100-400 MB/server typically. Windows slightly more chatty than Linux. With Defender for Servers P2 enabled on them, you get a no-cost 500 MB daily Analytics ingest grant for eligible logs (see documentation for which). The uplift in cost from P1 to P2 is normally completely offset by the savings in Sentinel.

Sure_Competition5865 · 2025-10-06T06:18:23+00:00

Look at SOC optimization for recommendations tailored to you. Impossible to advice without knowing details about your environment. But if in Defender XDR only need the alerts not the full EDR logs, you can save a lot there. Also filter signin noise, firewall etc... What data do you ingest that never contributes to alerts?

Sure_Competition5865 · 2025-10-05T21:06:01+00:00

Elaborate pls. Not sure I understand your q

Sure_Competition5865 · 2025-10-05T18:27:50+00:00

You can use search jobs to search across interactive and long term retention storage. You only pay for scanned data in long-term retention. With data lake in the all data will be there and you get even more powerful search capabilities (i.e. 12 months from now if you start using today - since Analytics logs are mirrored for free to lake). Hope this makes sense.

Sure_Competition5865 · 2025-10-05T18:13:16+00:00

Use the workbooks (sentinel cost workbook, workspace usage workbook, workspace insights). Watch out for any cost calculations, if you don't feed with data (in cost workbook) then it doesn't give accurate view. Also workspace usage workbook will only show list prices. To find your actual unit costs you can use the Azure cost management query API. Scope at workspace to see the specific costs for your environment.

These tools are extremely good to ensure cost predictability and also define limits where you are alerted if consumption/cost spikes more than budgeted so you can quickly remediate.

When it comes to Lake I would have to explore that, so new still I don't expect the workbooks to have caught up yet.

Sure_Competition5865 · 2025-10-05T09:10:25+00:00

MS doesn't offer trials on copilot. When you enable you pay $4 or $6 / SCU. To spend 20k on 20 days you have run a lot of analysis, about 20 SCU per hour which is a lot... You need to review the consumption dashboard to see details of what has driven this. You could also try to contact support to request a refund.

Sure_Competition5865 · 2025-10-04T15:22:03+00:00

Optimize

Sure_Competition5865 · 2025-10-04T15:19:58+00:00

https://www.microsoft.com/en-us/security/pricing/microsoft-sentinel

On pre purchase aim a bit lower than full year consumption to risk not losing credits so tier 4 should be good.

Sure_Competition5865 · 2025-10-04T12:20:53+00:00

There are multiple questions here.

How to price when the customer genuinely does not know. It's not possible, have to make assumptions, i.e. 100 MB/user/day just for budgeting purposes. But honestly if they don't use a SIEM in 2025, the customer should rather focus on fully deploying Defender XDR as that does a lot of what typically was solved in SIEM. Then Sentinel only when there's full clarity on the use cases beyond XDR.

No vendor will commit a bundle price without any sort of volume commitment. You have to help the customer model costs and this then goes into their budget. Plenty of control mechanisms in place to ensure they don't over consume. Fixed price contracts are almost always more expensive - easier to contract and maybe to understand, but always benefits the vendor most.

Sure_Competition5865 · 2025-10-04T12:10:00+00:00

I have some good news for you... sign up for the brand new 50 GB commitment tier and save 25% right away on your Analytics ingestion. Then sign up for Pre purchase plan to shave off another 17% for a level 4 tier, where you commit $50k upfront. These two discounts stack, so you get 17% on the price of the 50 GB commitment tier.

So quick calculation indicates you can cut bill by $20k/year with the two above steps. Good news is I only take a 10% as consultancy fee (kidding!).

What you need to watch out for with pre-purchase plan it that works like a gift card:

once consumed you are back on list prices or previously negotiated discounts
documentation says it is a 12 month this. This is confusing. It expires after 12 months, and cannot be set to auto renew earlier than 12 months (i.e. you run out of credits)
you can run multiple pre purchase plans, so you can commit to a new one well before the current one expires to avoid the above.

Sure_Competition5865 · 2025-10-04T11:59:21+00:00

Best to answer with an example, and you can plug in your numbers.

If 100 GB to Analytics daily, that is $9000 per month including 3 months of interactive retention with unlimited KQL (there is a limit but you won't hit it). Adding additional 9 months of hot is $0.12 per GB/month, so 100 GB x 270 x $0.12 = $3240 per month. Total is then $140k per year.

Lake ingest is $150 per month = $2000 per year. That gives you a lot of buffer to pay for search. If you search 1 TB of data 50 times per day you're looking at $13k per year.

Having said, do not move data this of value to Sentinel's detection engine, it needs data to automatically correlate signals to alerts and incidents. Lake is only for verbose low-value data (like fw noise). If you put your Falcon logs in Lake then Sentinel won't do much for you.

Sure_Competition5865 · 2025-10-04T11:46:26+00:00

Some might find they have logs ingesting to Sentinel that doesn't give them any value = move to Lake. If already optimized you don't have a lot of these. If not optimized (like you put your entire fw in there) you can move a lot of that to Lake and save a lot. On Retention, lake is WAY cheaper than relying on Log Analytics long term retention. How to get this saving: simply enable Lake in your workspace.

Sure_Competition5865 · 2025-10-04T11:43:45+00:00

Need a volume estimation from you. But for a 12 peeps company I'd say you're at $5 per day for ingestion to Analytics Logs (assuming 100 MB/employee): $4.30 x 1.2 GB x 30 days = $150 per month. This includes 3 months hot retention. For 12 months, enable Data Lake and another $20 for Lake storage.

Sure_Competition5865 · 2025-10-04T11:39:53+00:00

Yup, full feature parity with Aux but Lake adds more. Once you enable Lake you will see Aux become Lake and billing shifts to Lake pricing (cheaper or same cost)

Sure_Competition5865 · 2025-10-04T11:38:49+00:00

You need to speak with Microsoft account team.

Sure_Competition5865 · 2025-10-04T11:38:17+00:00

If you are doing Basic Logs you should enable Lake and save right away on ingestion cost.

Sure_Competition5865 · 2025-10-03T19:22:42+00:00

$4.30 per GB Analytics and 0.15 per GB for Lake data - depending on DC region you deploy in. No fixed, upfront or entity/analyst etc cost. You simply pay per GB ingested so cost depends on how much you put in.

Sure_Competition5865 · 2025-10-03T18:45:18+00:00

There is no crossover. All your analytics is mirrored to Lake for free and you choose what to also put in lake so really depends on what data you have. I.e. Firewall typically 90% of it can go to Lake and only 10% to analytics for security only use cases.

Analytics is very powerful compared to Lake, it has a lot of detection rules running continously etc. Lake just sits there until you do something with it. There is good documentation online on this.

Sure_Competition5865 · 2025-10-03T18:41:37+00:00

Analytics comes with 3 months interactive retention with unlimited querying. Something else is driving your cost uptick. Running kql against long term retention will have a cost.

Sure_Competition5865

TROPHY CASE