cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Microsoft Defender for Storage – Price Estimation Dashboard
By
Fernanda_Vela
Published Jun 09 2021 05:15 AM 25.5K Views
Fernanda_Vela
Microsoft
‎Jun 09 2021 05:15 AM

Microsoft Defender for Storage – Price Estimation Dashboard

‎Jun 09 2021 05:15 AM

Blog post updated on April 17th, 2024.

 

Estimate the cost of Microsoft Defender for Storage

Microsoft Defender for Storage is an Azure-native layer of security intelligence that detects potential threats to your storage accounts. It helps prevent the three major impacts on your data and workload: malicious file uploads, sensitive data exfiltration, and data corruption.

 

This blog post explains how to use a new workbook that helps you estimate the cost of Microsoft Defender for Storage and add-ons, like Malware Scanning, based on your current storage usage.

Prerequisites

To use the cost estimation workbook, you need the following:

  • At least one Azure subscription with Storage Accounts (Defender for Storage is not required)
  • Access to the Azure portal
  • Subscription or resource-level reader permission
  • At least Workbook Contributor permissions on the targeted resource group to save the workbook

Access the cost estimation workbook

The workbook is available in the Microsoft Defender for Cloud’s GitHub repository. You can access it directly from this link.

 

Deploy it

  1. Go to the Workbook’s location Microsoft-Defender-for-Cloud/Workbooks/Microsoft Defender for Storage Price Estimation at main · Azu...
  2. In the ReadMe.md file, click the button “Deploy to Azure”

Fernanda_Vela_0-1713392340937.png

 

  1. This will take you to the Azure portal and the template settings will display for you to fill them. The subscription, resource group and region are required for you to Review + Create.

Fernanda_Vela_1-1713392340947.png

 

  1. After clicking on “Review + Create” the workbook will show in your resource group.
  2. Click on it and then on “Open Workbook”.

Fernanda_Vela_2-1713392340954.png

 

How it looks like

Fernanda_Vela_3-1713392340963.png

 

Fernanda_Vela_4-1713392340972.png

 

 

The workbook will display the following information in the tab “Defender for Storage coverage”:

 

Column name

Description

Subscription

Subscription name in the scope.

In trial

True/False value if the subscription has a free trial.

Is enabled

Enabled/Disabled value if there’s a Defender for Storage plan enabled.

DF-Storage plan

The Defender for Storage plan enabled at the subscription-level or if it’s disabled.

Malware scanning enabled

True/False value if the Defender for Storage add-on Malware Scanning enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there.

Malware scanning cap

The cap setting value at the subscription level.

Sensitive data discovery enabled

True/False value if the Defender for Storage add-on Sensitive Data Discovery is enabled at the subscription-level. For Classic plans, it will show in blank since this feature is not available there.

 

 

The tab “Cost estimation” will display the following information:

 

Column name

Description

Subscription

Subscription name in the scope.

Storage account

Storage account name in the scope.

Estimated monthly transactions

Transactions taken from a 7-day usage-sample and then used for a 30-day result.

Overage transactions

Total transactions that are more or equal to 73M.

Storage account cost

Cost without considering overage. This is $10 USD.

Estimated overage charge

Overage transactions cost

Estimated monthly cost (activity monitoring)

“Storage account cost” + “Estimated overage charge”

Estimated monthly uploaded GBs

7-day ingress bytes taken from microsoft.storage/storageaccounts/blobservices-Transaction-Ingress; then this is extrapolated to estimate the monthly total based on a standard 30-day month, and finally, it converts this monthly total from bytes to gigabytes using the factor 1073741824 (bytes per gigabyte).

The APIs in the filter are: AppendFile, CopyBlob, CreatePathFile, FlushFile, PutBlob, PutBlock, PutBlockFromURL, PutBlockList.

Estimated malware scanning cost

Cost considering “Estimated monthly uploaded GBs”. Malware Scanning cost is currently $0.15 USD per GB scanned.

 

Note: You can filter the results by subscription and storage account.

 

Workbook estimation limitations

This tool estimates malware scanning costs based on the total volume of blobs uploaded, as indicated by Blob Ingress metrics. Please consider the following:

  • Multiple scans: Specific upload methods, such as PutBlockList operations, may trigger multiple scans for a single blob (e.g., when writing logs to the same blob). This tool does not accurately capture the additional costs from multiple scans triggered by such operations.
  • Index Tag costs: Costs associated with blob index tags, which store scan times and results on supported blobs, are not included in these estimates. Learn more on index tags costs in the Azure Storage Blobs Pricing page.
  • Blob size: The estimation accounts for all uploaded blobs; however, only blobs smaller than 2GB are actually scanned.

 

Good to know

 

 

Note: Resources protected before March 28, 2023, are protected by Defender for Storage (classic) plan. Customers who protected storage accounts prior to this (under the per-transaction or per-storage account plans) are encouraged to migrate to the new plan to enjoy enhanced capabilities. Please note that after March 28, 2023, all new subscriptions created through the Azure portal will enable the new Defender for Storage (per-storage account plan) by default. Learn about migrating to the new plan.

 

 

The cost of Defender for Storage is based on the number of storage accounts within a subscription. Storage accounts that have less than 73 million monthly transactions, are billed at $10 USD each. Storage accounts with higher transaction volume (above 73M monthly transactions) will experience an overage charge of $0.1492 per additional 1 million transactions.

 

Fernanda_Vela_5-1713392340973.png

 

 

 

This PowerShell script helps you enumerate all storage accounts in your environment and get the transaction metrics for the last week.

 

Calculating across several large subscriptions or a tenant

To pull Blob and File Transactions from each Storage Account in larger subscriptions or across a tenant use this PowerShell script. The Price Estimation used in the script is calculated differently from the workbook described in this blog post. Note that the PowerShell script does not currently estimate the add-on Malware Scanning. This will come in the next couple of weeks.

 

 

 

Known Issues

  • Azure Monitor Metrics data backends have limits and probably the number of requests to fetch data across Storage Accounts might time out. To solve this, you will need to narrow the scope (reduce the selected Storage Accounts).
  • Errors might reflect by showing 0 transactions in Files and Blobs. To verify this error, go to Edit Mode and the "Timed out" message will be displayed in the query.
  • If you don’t have permissions to read on the storage accounts, there might be an error like this:

Fernanda_Vela_6-1713392340974.png

Fernanda_Vela_7-1713392340974.png

 

Contributors: Eitan Shteinberg, Fernanda Vela, Rogério BarrosHasan Abo-Shally, Dick Lake, Shay Amar, Daniela Villareal,

 

Reviewer: Yuri Diogenes

 

 

References:

 

 

3 Comments
Co-Authors
Version history
Last update:
‎Apr 17 2024 03:41 PM
Updated by:
Labels