Become a Member My Atlas
Insights
Training
Advisory & Negotiation
Free Resources
About
Contact Us
Search
Become a Member

August 18, 2025

  Analyst Report

Sentinel Data Lake Eases Storage of Logs

My Atlas / Analyst Reports

1,081 wordsTime to read: 6 min
Wes Miller by
Wes Miller
Wes Miller by
Wes Miller

Wes Miller analyzes and writes about Microsoft’s security, identity management, and systems management technologies. Before joining Directions on Microsoft, Wes... more

  • Microsoft’s Sentinel Security Information and Event Management (SIEM) includes a new lower-cost data storage tier, Sentinel data lake.

  • There is no change to the analytics tier of Sentinel, which is based on Log Analytics.

  • Data lake should encourage broader, longer-term retention of logs at a lower cost than Sentinel’s earlier approaches.

  • Data lake replaces Sentinel archive logs by enabling retention and search of archived data.

Sentinel now offers a lower-cost data lake tier to encourage high-volume ingestion and long-term retention of log data regardless of source. The data lake tier of log data storage will encourage better log retention—in terms of volume and duration—than Sentinel’s earlier archive tier, while also offering the ability to perform searches at an additional cost. This new storage tier could boost the use of Sentinel for real-time analytics for security and hunting as well as encourage longer-term retention, which is necessary for compliance and auditing.

Atlas Members have full access

Get access to this and thousands of other unbiased analyses, roadmaps, decision kits, infographics, reference guides, and more, all included with membership. Comprehensive access to the most in-depth and unbiased expertise for Microsoft enterprise decision-making is waiting.

Membership Options

Already have an account? Login Now