Ingest sign-in logs from Microsoft Entra ID
This is only needed if your organization does not have Entra ID Protect Plan 1 or higher. If you have Entra IDP P1 or higher Wirespeed’s default Microsoft integration will ingest sign-in logs.
Wirespeed uses Entra ID’s data export settings to forward all sign in logs to a customer-owned storage blob, which is synced every minute. A 5-10 minute delay between a sign in occurring and Microsoft publishing it to the storage account is common.
We want to automatically expire logs after a certain period so that you aren’t paying for them after they’ve been ingested by Wirespeed. Wirespeed syncs logs every minute, but it’s common to set retention between 1-7 days. Wirespeed does not delete logs in your storage accounts after ingestion, which is why a lifecycle policy is used.
After integrating, it’s normal to see warnings in our integration logs saying “Failed to list blobs from container”. Microsoft does not publish logs immediately, so this warning will be present until logs are published.
TL;DR: You can expect to pay <$5/mo
There is a minimal cost associated with this integration due to it being hosted in your account and not ours. You can calculate your costs using the below information.
In the below calculations, we assume the average size of a sign-in event which is 5kb.
We call the List and Create Container endpoint every minute, this endpoint has an associated cost of $0.05 per 10k requests (source). For the duration of a month, this totals** ~45k** API requests, totaling $.225/mo.
This cost is dependent on Microsoft and how often they write to your storage account. If we assume they write once a minute at $0.0228 per 10k write requests (source), for ~45k monthly requests, we get a total of $.1026/mo.
With a lifecycle policy of 1 day and 1 million monthly sign-in events, 33k daily sign-in events would be stored at any given time. 33k events * 5KB/event = 165,000KB = .165GB
stored at any given time. With a storage rate of $0.15/GB (source) this would total** $.02475/mo**.
Azure charges for data leaving their network. While downloading from the account itself is free, you are charged for network egress at a rate of $.08/GB (source). Sign-in events are ~5kb per event, which totals** ~200k** sign-in events per GB. For an organization with 1 million monthly sign-in events, you can expect to pay $.40/mo.
If you observe otherwise in your environment please contact support.