Sentinel's 2025 dual-tier model changed the maths. What to route to the analytics tier, what to send to the lake, and how it all stays inside a fixed monthly fee.
Draft outline · Cost / FinOps lensIn 2025 Microsoft introduced the Sentinel data lake alongside the analytics tier: analytics ingest runs roughly $4 to $5.50 per GB pay-as-you-go, while data-lake ingest is about $0.05 per GB with cheap long-term retention. Get the routing wrong and the Log Analytics bill runs away from you; get it right and it is predictable.
Primary product documentation for the dual-tier model, retention and query-cost mechanics.
Third-party breakdown of the 2025 pricing change and where real bills come from, free of Microsoft's framing.
Deliberately a non-security piece: pure cost engineering. It proves the fixed-price promise is real by showing the mechanism behind it, and it speaks to the accountable, budget-owning reader who has been burned by an unbounded cloud bill. This is the differentiator against threat-blog competitors.