You are about to enable Azure Defender for Storage across your tenant but need to have a price estimation to share with your team to ensure it fits the team’s budget and share the results with the CISO for approval. Although the Azure pricing calculator makes it easy to do it, you still need to figure out how many transactions you are doing in your Storage Accounts in order to have a more accurate estimation.
The workbook below can make it even easier to accomplish this task, and you can deploy it from Azure Security Center GitHub community page.
While this workbook will help you to accomplish this task, there are some prerequisites that you must be aware, as described in the next section.
Prerequisites
To proper use this workbook you need:
- Storage Accounts with at least 7 days of transactions up to the day you will deploy the workbook
- Use supported storage types, such as Blob Storage, Azure Files, Azure Data Lake Storage Gen2
- Have your storage account in Azure Commercial clouds or US Gov
- At least Workbook Contributor permissions on the targeted resource group to save the workbook
How it works
By selecting a subscription, your Storage Accounts will be listed (with and without Azure Defender for Storage). Once this happens, all File Transactions and Blob Transactions from the last seven days will be retrieved. In the equation, discounts are not considered; it is the official price listed in the Azure Defender pricing site ($0.02/10K transactions).
For a month, we use the 7-day behavior in both File and Blob Transactions to get an approximation of how a normal day looks like; then, this is multiplied by thirty days. Finally, with the official price listed in the Azure Defender pricing site ($0.02/10K transactions), we estimate the monthly price using the 30-day estimated transactions.
Calculating across several large subscriptions or a tenant
To pull Blob and File Transactions from each Storage Account in larger subscriptions or across a tenant use the PowerShell script Read Azure Storage Transaction Metrics. The Price Estimation used in the script is calculated differently from the workbook described in this blog post.
Known Issues
- Azure Monitor Metrics data backends have limits and probably the number of requests to fetch data across Storage Accounts might time out. To solve this, you will need to narrow the scope (reduce the selected Storage Accounts)
- Errors might reflect by showing 0 transactions in Files and Blobs. To verify this error, go to Edit Mode and the "Timed out" message will be displayed in the query
Contributors: Rogério Barros, Hasan Abo-Shally, Fernanda Vela
References:
- Pricing—Azure Defender | Microsoft Azure
- Pricing Calculator | Microsoft Azure
- Workbooks gallery in Azure Security Center | Microsoft Docs
- Azure Defender for Storage - the benefits and features | Microsoft Docs
- Azure-Security-Center/Powershell scripts/Read Azure Storage Transaction Metrics at main · Azure/Azure-Security-Center (github.com)
Posted at https://sl.advdat.com/3zni8Kj
