NEW: Two-tiered consumption model for Security Copilot
Microsoft Security Copilot introduces a two-tiered consumption model based on Security Compute Units (SCUs): provisioned capacity and overage capacity. Understanding how each is billed is critical for managing costs, forecasting usage, and optimising deployment.
Provisioned vs Overage SCUs: What’s the Difference?
1. Provisioned SCUs – Billed by the Hour
You provision a set number of SCUs to support your regular workloads.
These are billed hourly based on provisioned capacity—not by the minute or exact usage.
Key point: Any SCU provisioned during an hourly block is billed as a full hour, regardless of how long it’s active within that window.
Example:
Provision 1 SCU at 09:05 → deprovision at 09:35
Provision another SCU at 09:45
→ You’ll be billed for 2 SCUs in the 09:00–10:00 hour.
🔁 To optimise cost, always make provisioning changes at the start of the hour.
2. Overage SCUs – Billed on Actual Usage
These are on-demand units used when your provisioned capacity is exceeded (e.g. during unexpected demand spikes).
Billed per unit consumed, calculated up to one decimal place (e.g., 1.3 SCUs).
This model ensures flexibility without long-term commitments or cost surprises.
You can set:
A maximum overage limit
Or allow unlimited overage for full elasticity
This gives you full control over how much additional usage you’re willing to absorb—and how much you're willing to pay for it.
🔗 Full details and examples available here:
👉 https://learn.microsoft.com/en-us/copilot/security/manage-usage#example-billing-scenarios-for-overages
Follow me on LinkedIn: José Lázaro | LinkedIn
#MicrosoftSecurity #SecurityCopilot #SCU #BillingModel #CyberSecurity #CostManagement #Provisioning #SecurityEngineering #SOC #CloudSecurity #Microsoft #MSPartnerUK #AI #SIEM #XDR