From c2757f9a1c40c7735e18438621c541a0bb786c76 Mon Sep 17 00:00:00 2001
From: ediemerson-br <60996132+ediemerson-br@users.noreply.github.com>
Date: Tue, 23 Sep 2025 19:02:28 -0300
Subject: [PATCH 1/2] Update billing.md
Some connectors in the document have names that differ from Sentinel Content Hub, including certain items in the Free data type column. I verified this directly in the Sentinel configuration in my test environment. Additionally, the connector for Defender for Office 365 is not present.
---
articles/sentinel/billing.md | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/articles/sentinel/billing.md b/articles/sentinel/billing.md
index f0ea04c1eb1ac..d619d13e40601 100644
--- a/articles/sentinel/billing.md
+++ b/articles/sentinel/billing.md
@@ -252,19 +252,21 @@ The following table lists the data sources in Microsoft Sentinel and Log Analyti
| Microsoft Sentinel data connector | Free data type |
| ------------------------------------- | --------------------------------------- |
-| **Azure Activity Logs** | AzureActivity |
+| **Azure Activity** | AzureActivity |
| **Health monitoring for Microsoft Sentinel** [1](#audithealthnote) | SentinelHealth |
| **Microsoft Entra ID Protection** | SecurityAlert (IPC) |
-| **Office 365** | OfficeActivity (SharePoint) |
+| **Microsoft 365** | OfficeActivity (SharePoint) |
| | OfficeActivity (Exchange) |
| | OfficeActivity (Teams) |
-| **Microsoft Defender for Cloud** | SecurityAlert (Defender for Cloud) |
-| **Microsoft Defender for IoT** | SecurityAlert (Defender for IoT) |
+| **Microsoft Defender for Cloud** | SecurityAlert (ASC) |
+| **Microsoft Defender for IoT** | SecurityAlert (ASC for IoT) |
| **Microsoft Defender XDR** | SecurityIncident |
| | SecurityAlert |
| **Microsoft Defender for Endpoint** | SecurityAlert (MDATP) |
| **Microsoft Defender for Identity** | SecurityAlert (AATP) |
-| **Microsoft Defender for Cloud Apps** | SecurityAlert (Defender for Cloud Apps) |
+| **Microsoft Defender for Cloud Apps** | SecurityAlert (MCAS) |
+| **Microsoft Defender for Office 365 (Preview)** | SecurityAlert (OATP) |
+
*1* *For more information, see [Auditing and health monitoring for Microsoft Sentinel](health-audit.md).*
From 210a0cc1670195bc13153a7b31289f23d7b46b3b Mon Sep 17 00:00:00 2001
From: Tracey Torble <56347952+ttorble@users.noreply.github.com>
Date: Wed, 8 Oct 2025 15:11:59 +0100
Subject: [PATCH 2/2] Update billing.md
---
articles/sentinel/billing.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/articles/sentinel/billing.md b/articles/sentinel/billing.md
index d619d13e40601..90380cbd91454 100644
--- a/articles/sentinel/billing.md
+++ b/articles/sentinel/billing.md
@@ -258,8 +258,8 @@ The following table lists the data sources in Microsoft Sentinel and Log Analyti
| **Microsoft 365** | OfficeActivity (SharePoint) |
| | OfficeActivity (Exchange) |
| | OfficeActivity (Teams) |
-| **Microsoft Defender for Cloud** | SecurityAlert (ASC) |
-| **Microsoft Defender for IoT** | SecurityAlert (ASC for IoT) |
+| **Microsoft Defender for Cloud** | SecurityAlert (Azure Security Center) |
+| **Microsoft Defender for IoT** | SecurityAlert (Azure Security Center for IoT) |
| **Microsoft Defender XDR** | SecurityIncident |
| | SecurityAlert |
| **Microsoft Defender for Endpoint** | SecurityAlert (MDATP) |