Skip navigation

Azure Sentinel benefit for Microsoft 365 E5 customers

Save up to USD1500/month on a typical 3,500 seat deployment of Microsoft 365 E51 for up to 5 MB per user/day of data ingestion into Microsoft Sentinel.

Integrated threat protection with SIEM and XDR

With security information and event management (SIEM) and extended detection and response (XDR) from Microsoft, you’re armed with the context and automation you need to stop sophisticated, cross-domain attacks across your entire organization. Microsoft 365 E5, A5, F5, G5 and Microsoft 365 E5, A5, F5, G5 Security customers can get data grant up to 5MB per user/day of Microsoft 365 data ingestion into Microsoft Sentinel1.

  • Comprehensive security

    Get end-to-end visibility across your resources, including users, devices, applications and infrastructure.

  • Detect advanced threats

    Defend against modern attacks with SIEM and XDR capabilities, powered by AI.

  • Investigate prioritised incidents

    Surface critical incidents and hunt suspicious activities at scale.

  • Enable efficient and effective response

    Respond to incidents rapidly with built-in orchestration and automation of common tasks.

Offer details

Microsoft 365 E5, A5, F5, G5 and Microsoft 365 E5, A5, F5, G5 Security customers can receive a data grant of up to 5MB per user/day to ingest Microsoft 365 data1. The data sources included in this offer include:

  • Azure Active Directory (Azure AD) sign-in and audit logs
  • Microsoft Cloud App Security shadow IT discovery logs
  • Microsoft information protection logs
  • Microsoft 365 advanced hunting data

The data grant will be calculated at the end of the month and applied to your bill, covering the cost of up to 5 MB of data ingestion per user/day.

With this benefit, a standard 3,500 seat deployment can see estimated savings of up to USD 1,500 per month1.

In addition to this data grant, the following Microsoft 365 data sources are always free for all Microsoft Sentinel users as an ongoing Microsoft Sentinel benefit:

  • Azure activity logs
  • Office 365 audit logs (all SharePoint activity and Exchange admin activity)
  • Alerts from Microsoft Defender for Cloud, Microsoft 365 Defender, Microsoft Defender for Office 365, Microsoft Defender for Identity, Microsoft Defender for Endpoint and Microsoft Defender for Cloud Apps.

1Calculation based on pay-as-you-go prices for Microsoft Sentinel and Azure Monitor Log Analytics for US East region.

Offer eligibility

This data grant is available to Microsoft 365 E5, A5, F5, G5 and Microsoft 365 E5, A5, F5, G5 Security customers who have Enterprise (EA) or Enterprise Subscription (EAS) Agreements and Enrollments1. New Microsoft 365 E5, A5, F5, G5 or Microsoft 365 E5, A5, F5, G5 Security customers are also qualified for this data grant. Once a customer becomes eligible, they will begin benefiting from the data grant starting with their first month of eligibility.

Getting started

Ready to get started on comprehensive protection with Microsoft 365 and Microsoft Sentinel? Just start ingesting Microsoft 365 data into Microsoft Sentinel and your Microsoft 365 E5, A5, F5, G5 or Microsoft 365 E5, A5, F5, G5 Security data grant will apply automatically, with no additional sign-up required.

Microsoft waives any and all entitlement to compensation for the services provided to you under this agreement. Microsoft intends that these services and associated terms be in compliance with applicable laws and regulations with respect to gratuitous services. It is specifically understood that all services and services deliverables provided are for the sole benefit and use of the government entity and are not provided for personal use or benefit of any individual government employee.

Get started now and see firsthand what you can do with integrated SIEM & XDR.

FAQ

  • Name
    M365 E5 Security
    Microsoft 365 E5 Security
    Microsoft 365 E5 Security_USGOV_GCCHIGH
    Microsoft 365 G5 Security GCC
    Microsoft 365 G5 Security_USGOV_DOD
    Microsoft 365 A5 Security for faculty
    Microsoft 365 A5 Security for students
    M365 E5
    Microsoft 365 E5
    Microsoft 365 E5_USGOV_GCCHIGH
    Microsoft 365 GCC G5
    Microsoft 365 G5_USGOV_DOD
    Microsoft 365 A5 for faculty
    Microsoft 365 A5 for students
    M365 F5
    Microsoft 365 F5 Security Add-on
    Microsoft 365 F5 Security Add-on AR_USGOV_DOD
    Microsoft 365 F5 Security Add-on AR_USGOV_GCCHIGH
    Microsoft 365 F5 Security Add-on GCC
    Microsoft 365 F5 Security + Compliance Add-on
    Microsoft 365 F5 Security + Compliance Add-on AR (DOD)_USGOV_DOD
    Microsoft 365 F5 Security + Compliance Add-on AR_USGOV_GCCHIGH
    Microsoft 365 F5 Security + Compliance Add-on GCC

    Other SKUs:

    Microsoft 365 E5 Suite features

    Microsoft 365 E5 with Calling Minutes

    Microsoft 365 E5 without Audio Conferencing

    Microsoft 365 A5 Suite features for faculty

    Microsoft 365 A5 Suite features for students

    Microsoft 365 A5 with Calling Minutes for Faculty

    Microsoft 365 A5 with Calling Minutes for Students

    Microsoft 365 A5 without Audio Conferencing for faculty

    Microsoft 365 A5 without Audio Conferencing for students

    Microsoft 365 G5 GCC Suite features

    Microsoft 365 G5_USGOV_DOD

    Microsoft 365 E5 Security for EMS E5

    Microsoft 365 Security and Compliance for FLW

  • Data Connector Data Type
    AAD (audit and sign-in logs) SigninLogs
    AuditLogs
    AADNonInteractiveUserSignInLogs
    AADServicePrincipalSignInLogs
    AADManagedIdentitySignInLogs
    AADProvisioningLogs
    ADFSSignInLogs
    MCAS (Shadow IT Discovery logs) McasShadowItReporting
    AIP (Logs) InformationProtectionLogs_CL
    M365 Advanced Hunting Data (MDATP Logs) DeviceEvents
    DeviceFileEvents
    DeviceImageLoadEvents
    DeviceInfo
    DeviceLogonEvents
    DeviceNetworkEvents
    DeviceNetworkInfo
    DeviceProcessEvents
    DeviceRegistryEvents
    DeviceFileCertificateInfo
    DynamicEventCollection
    EmailAttachmentInfo
    EmailEvents
    EmailPostDeliveryEvents
    EmailUrlInfo
    IdentityLogonEvents
    IdentityQueryEvents
    IdentityDirectoryEvents
    AlertEvidence
    CloudAppEvents