Microsoft Sentinel pricing in 2026: PAYG, commitment tiers, and real costs
Independent Sentinel pricing reference. Pay-as-you-go and commitment tier rates, free Microsoft 365 data sources, Basic Logs and archive pricing, and head-to-head comparisons against Splunk Cloud at every common volume. Updated April 2026.
Commitment tier pricing in full
Microsoft publishes commitment tiers from 100 GB per day up to 5,000 GB per day. The savings compound: every step up reduces the effective per-GB rate. The break- even from PAYG to a 100 GB commit is roughly 65 GB per day of consistent ingest.
| Commitment tier | Daily cost | Effective rate | Saving vs PAYG |
|---|---|---|---|
| Pay-as-you-go | - | $5.22/GB | 0% |
| 100 GB/day | $343/day | $3.43/GB | 34% |
| 200 GB/day | $662/day | $3.31/GB | 37% |
| 300 GB/day | $971/day | $3.24/GB | 38% |
| 400 GB/day | $1,272/day | $3.18/GB | 39% |
| 500 GB/day | $1,575/day | $3.15/GB | 40% |
| 1,000 GB/day | $3,055/day | $3.06/GB | 41% |
| 5,000 GB/day | $13,955/day | $2.79/GB | 47% |
The free data sources that change the maths
Sentinel ingests certain Microsoft data sources free, regardless of commitment tier. For Microsoft 365 organisations on E5 licensing, free ingest can account for 30-50 percent of total log volume.
Third-party log sources (firewalls, SaaS apps, custom apps) always count towards paid ingest. Custom transform rules at the data collection rule (DCR) layer let you drop unwanted fields before billing.
Sentinel cost scenarios
| Scenario | Profile | Licence | Total TCO | Notes |
|---|---|---|---|---|
| Startup | 5 GB/day, PAYG, 90-day retention | $9.5K/yr | $22K-$35K | Free 31-day trial covers initial deployment |
| Mid-market | 50 GB/day, PAYG, 365-day retention | $95K/yr | $240K-$340K | Below 100 GB tier; PAYG remains cheapest |
| Enterprise | 200 GB/day, 200 GB commit, 365-day retention | $242K/yr | $680K-$1.0M | Commitment tier locks 37 percent savings |
| Microsoft-first enterprise | 500 GB/day inclusive of free M365 logs | ~$140K/yr effective | $420K-$580K | Free M365 data drives effective rate well below PAYG |
| Large enterprise | 1 TB/day, 1,000 GB commit, 365-day retention | $1.12M/yr | $2.6M-$3.4M | Microsoft Copilot for Security adds 15-25 percent |
Sentinel cost optimisation
Use Basic Logs for high-volume sources
Network firewall logs, NetFlow, and IIS logs ingest at $1.64 per GB instead of $5.22. Detection rules cannot fire from Basic Logs, so keep primary security telemetry in standard tier.
Apply DCR transformations early
Data Collection Rule transforms strip unused fields before they hit the billing meter. Cutting 20-30 percent of bytes per record is normal.
Right-size your commitment tier
Move up tiers as volume grows. Move down at term renewal if it dropped. Microsoft true-ups quarterly, not catastrophically.
Archive after 90 days
Sentinel archive tier costs $0.02 per GB per month. For 365-day retention with 90-day hot, archive saves 80-90 percent on long-tail storage.
Watch UEBA and Notebooks add-ons
Microsoft Sentinel UEBA and the Notebooks integration pull from the same workspace data and have their own consumption metrics.
Microsoft Copilot for Security
SCU-based pricing. Powerful, but easy to overspend on. Cap SCUs at the workspace level and review monthly.