The Short Takes Version of the updated Microsoft Sentinel Trial and Customer Benefit Offers

At Microsoft Ignite 2021, there were a slew of important announcements around features. But, one of the bigger, more customer relatable announcements centered around changes in our Sentinel Trial and the Customer benefit. These two offers are key to customers getting introduced to Microsoft Sentinel and then continuing their journey by taking advantage of special cost benefits for being existing customers.

Instead of writing all of this out to the point of boring you and causing you to miss something important, I think it makes sense instead to supply the high-level bullet points about each offer. These bullet points speak for themselves. If you have further questions, please reach out to your Microsoft rep or I’m always available on Twitter (@rodtrent) for questions. I can’t promise I’ll always have the absolute answer to everything, but I can promise I’ll try my best to get to the bottom of it.

Microsoft 31-day Trial

Announced: Microsoft Sentinel updated 31-day free trial

  • Log Analytics customers can use both Log Analytics and Microsoft Sentinel free on new workspaces
  • Customers can still add Microsoft Sentinel to existing Log Analytics workspaces for free
  • Maximum of 10GB/day for the first 31 days – the 10GB/day is new and a huge value to allow customers to get the full effect
  • The new Microsoft Sentinel Training Lab Solution is available for customers to get familiar with using Sentinel and seeing the benefits
  • The big difference between new workspaces and existing workspaces for this trial is the time period in which the workspaces were created. Workspaces that are older than 3 days don’t get the Log Analytics data ingestion charges waived. For this and more limits of this trial see:

Microsoft Sentinel benefit

Announced: Enhanced and expanded Microsoft Sentinel free data grant

  • Begins on December 1st (the following link will be updated on Dec 1st:
  • No longer timestamped – will be an ongoing benefit
  • Originally for E5 customers, but expanded for A5 and G5 customers
  • The deal is available for both new and existing 365 E5, A5, F5, G5 customers.
  • Once a customer becomes eligible the benefits start on the first month of eligibility.
  • The data grant comes in the form of Azure credits
  • In addition to the normal free ingestion sources, the following are also included: Azure Active Directory sign-in and audit logs, Microsoft Cloud App Security shadow IT discovery logs, Microsoft Information Protection logs, Microsoft 365 advanced hunting data (including Microsoft Defender for Endpoint logs).
    • The tables included with these connections are:
      • SigninLogs
      • AuditLogs
      • AADNonInteractiveUserSignInLogs
      • AADServicePrincipalSignInLogs
      • AADManagedIdentitySignInLogs
      • AADProvisioningLogs
      • ADFSSignInLogs
      • McasShadowItReporting
      • InformationProtectionLogs_CL
      • DeviceEvents
      • DeviceFileEvents
      • DeviceImageLoadEvents
      • DeviceInfo
      • DeviceLogonEvents
      • DeviceNetworkEvents
      • DeviceNetworkInfo
      • DeviceProcessEvents
      • DeviceRegistryEvents
      • DeviceFileCertificateInfo
      • DynamicEventCollection
      • EmailAttachmentInfo
      • EmailEvents
      • EmailPostDeliveryEvents
      • EmailUrlInfo
      • IdentityLogonEvents
      • IdentityQueryEvents
      • IdentityDirectoryEvents
      • AlertEvidence
      • CloudAppEvents


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]


Leave a Reply