Microsoft Security Copilot Pricing Model: What You Need to Know

By /

Listen to this Post

Microsoft has introduced a new Overage pricing model for Security Copilot, effective June 1st. This model offers flexibility in managing costs while ensuring continuous security coverage. Here’s how it works:

  • Baseline SCUs (Security Copilot Units):
  • Fixed provisioned units billed at $4/hour per unit.
  • You pay for these even if unused.

  • Overage SCUs:

  • Additional flexible units activated automatically when baseline SCUs are insufficient.
  • Billed at $6/hour per unit, provisioned/decommissioned hourly based on demand.

Key Benefits:

✔ Cost Control: Start with a minimal baseline (e.g., 1 SCU) and rely on overage for spikes.
✔ PoC/Trial Friendly: Avoid consumption limits—scale dynamically during testing.
✔ Optimization Potential: After usage normalization, increase baseline SCUs to save $2/unit.

Future Wishlist:

  • Bring-your-own-model (BYOM) support.
  • Multiple model choices for tailored security needs.

You Should Know:

1. Automating SCU Monitoring (PowerShell)

Check your SCU usage with Microsoft Graph API:

 Connect to Microsoft Graph 
Connect-MgGraph -Scopes "SecurityActions.Read.All"

Fetch Security Copilot usage 
$usageReport = Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/security/copilot/usageReports" 
$usageReport | Format-Table -AutoSize

2. Linux-Based Cost Alerts (Bash + Cron)

Set up alerts when overage exceeds a threshold:

!/bin/bash 
API_ENDPOINT="https://graph.microsoft.com/beta/security/copilot/usage" 
TOKEN="your_access_token"

USAGE=$(curl -s -H "Authorization: Bearer $TOKEN" $API_ENDPOINT | jq '.overageUnits')

if [ $USAGE -gt 5 ]; then 
echo "Warning: Overage SCUs exceeded 5 units!" | mail -s "SCU Alert" [email protected] 
fi

Add to cron:

crontab -e 
0     /path/to/script.sh

3. Windows Event Log Tracking

Audit SCU activation events:

Get-WinEvent -LogName "Microsoft-SecurityCopilot/Operational" | 
Where-Object { $_.Id -eq 1001 } | 
Format-List TimeCreated, Message

What Undercode Say:

Microsoft’s move balances predictable costs and elastic demand, but optimizations require:
– Baseline tuning (e.g., Calculate-AvgUsage.ps1).
– Overage automation (e.g., Azure Logic Apps).
– Model flexibility—hopefully coming soon!

Pro Tip: Use `jq` (Linux) or `ConvertFrom-Json` (PowerShell) to parse SCU reports.

Expected Output:

{ 
"baselineUnits": 1, 
"overageUnits": 3, 
"costEstimate": "$22/hour" 
}

Relevant URLs:

References:

Reported By: Jaimeguimera Aicybersecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: