SCU CalculatorSCU Calculator

Methodology

How this calculator works

Core formulas

  • Included pool: for M365 E5 or E7 tenants,min(10000, 0.4 × paid_E5_users)SCU per month — i.e. 0.4 SCU per paid E5/E7 license, capped at 10,000 SCU/month. The cap is reached at exactly 25,000 paid licenses (25,000 × 0.4 = 10,000). Microsoft's public doc phrases the same rate as “400 SCUs per 1,000 paid licenses” — that's an equivalent illustration, not a separate rule.
  • Workload: chat_admins × msgs_per_admin_per_workday × 22 working_days × 0.25 SCU + agent_picker contribution (when the per-experience split isn't active).
  • Billing month: 730 hours. Billing year: 8,760 hours.
  • Cost (E5 mode): max(0, monthly_consumed_SCU - included_SCU) × overage_rate billed monthly. Overage is metered at one-decimal precision per consumed SCU. The hourly figure shown in the result card is purely monthly ÷ 730 for sizing intuition; E5 + overage has no hourly billing.
  • Cost (provisioned mode): provisioned_SCU/hr × provisioned_rate + max(0, consumed - provisioned) × overage_rate.

Where the 0.25 SCU/message rate comes from

Microsoft does not publish a per-prompt SCU rate. Their billing-math example shows three illustrative operations:

  • Heavy prompt (40-second execution): 3.0 SCU
  • Incident summarization: 0.5 SCU
  • Promptbook: 3.7 SCU

Microsoft labels these as “Example billing scenarios” — illustrative for teaching the math, not benchmarks. Their FAQ says explicitly: “Because every prompt and workflow varies in complexity, SCU consumption isn't fixed.”

This calculator anchors the chat-message rate at 0.25 SCU per message — half of the documented 0.5 SCU “incident feature” reference. The reasoning: a single chat prompt is mechanically lighter than a full incident summarization (which processes alerts, evidence, related entities). 0.25 sits in a defensible middle: heavier than “trivial,” lighter than the documented incident reference. Real per-message consumption varies with prompt complexity and entity scope; verify against your tenant's usage dashboard.

Why provisioning saves money over pure overage

Microsoft bills Security Copilot two ways. Provisioned capacity is committed by the hour at $4 USD per SCU per hour — you payN × $4 × 730 every month whether you use it or not. Overage consumption (above the included pool or your committed capacity) is pay-as-you-go at $6 USD per SCU.

Calculator default is $6/SCU because the auto-included E5 / E7 pool covers everything up to its cap; once exhausted, the next SCU bills as overage. To recommend provisioning, this calculator assumes steady-state usage and computesN = ceil(monthly_overage_SCU / 730) — the smallest integer commitment that fully absorbs your projected overage at the cheaper $4 rate. Below ~487 SCU/month of overage, even a single committed SCU/hour is more expensive than pure pay-as-you-go, so no recommendation is shown.

Real usage is rarely steady — peaks and idle periods both move the optimum. Treat the recommendation as a ceiling: in practice you may want to commit slightly less and let the rest float as overage. Verify against your tenant's usage dashboard before committing.

How the recommended overage cap is calculated

Microsoft Security Copilot capacity exposes a tenant-side setting called Number of overage units — a configurable integer between 0 and 999 (or unlimited) that puts a hard ceiling on how many overage SCUs Microsoft will bill in a given hour. Microsoft frames it as a budget guardrail: their own documentation example provisions four SCUs and sets an overage limit of six “to stay within the monthly budget.” When provisioned plus cap is exhausted, Security Copilot returns a high-usage error rather than continuing to bill.

Microsoft does not publish a recommended formula for the cap value. This calculator suggests one with a 50% spike-absorption buffer:

cap = clamp(ceil(projected_overage_SCU/hour × 1.5), 1, 999)

The 1.5× multiplier matches the ratio in Microsoft's own four-provisioned-/-six-cap docs example. The 999 ceiling matches the upper bound of the tenant-side field. The recommendation is hidden when there is no projected overage — the cap would be irrelevant. The displayed worst-case bill is (provisioned_cost + cap × $6) × 730, i.e. the bill if every hour ran fully into the cap. Treat the suggestion as a starting safety net while you learn your real consumption pattern from the in-tenant usage dashboard, then tighten or relax it.

Agent SCU rate provenance

Microsoft has published per-run rates only for the Conditional Access Optimization Agent and the Identity Risk Management Agent — both documented verbatim as “On average, each agent run consumes less than one SCU” on Microsoft Learn. For every other agent, Microsoft explicitly does not publish a per-run rate and instead points to the in-tenant Security Copilot usage dashboard. This calculator defaults all unpublished agents to 0.5 SCU/run, anchored to the incident-summarisation reference (0.5 SCU) used in Microsoft's billing-math example. Agent cards label each rate as either Microsoft (documented) or Estimate (anchored to the closest Microsoft reference number). Earlier versions of this calculator used 1.0 SCU as a conservative upper bound; that produced cost estimates roughly 2× the consumption observed by Microsoft product teams in customer environments and has been corrected.

Sources

Back to the calculator.