Update sentinel-service-limits.md

guywi-ms · guywi-ms · commit 18036ad1dc14 · 2025-07-07T12:46:11.000+03:00
diff --git a/articles/sentinel/sentinel-service-limits.md b/articles/sentinel/sentinel-service-limits.md
@@ -61,22 +61,21 @@ The following limits apply to incidents in Microsoft Sentinel.
 | Number of incidents returned by API to *list* request | 1,000 incidents maximum | None |
 | Number of incidents per day (per workspace) | See explanation after table | Database capacity |
 
+**Number of incidents per day:** There isn't a formal, hard limit on the number of incidents that can be created per day. A workspace's actual capacity for incidents depends on the storage capacity of the incident database, so the size of the incidents is as much a factor as their number.
+
+However, a SOC that experiences the creation of more than *around* 3,000 new incidents per day will most likely find itself unable to keep up, and the database capacity will quickly be reached. In this situation, the SOC needs to find and fix any rules that create large numbers of incidents, to get the count of daily new incidents to manageable levels.
+
 ## Case management limits
 
 The following limits apply to case management in Microsoft Sentinel.
-|
+
 | Description        | Limit                                   | Dependency |
 |--------------------|-----------------------------------------|------------|
 | Cases per tenant   | 100,000 cases                 | None       |
 | Attachments per tenant    | 500 GB         | None       |
 | Linked incidents per case  | 100 incidents       | None       |
 | Case retention period | 180 days | None       |
 
-
-**Number of incidents per day:** There isn't a formal, hard limit on the number of incidents that can be created per day. A workspace's actual capacity for incidents depends on the storage capacity of the incident database, so the size of the incidents is as much a factor as their number.
-
-However, a SOC that experiences the creation of more than *around* 3,000 new incidents per day will most likely find itself unable to keep up, and the database capacity will quickly be reached. In this situation, the SOC needs to find and fix any rules that create large numbers of incidents, to get the count of daily new incidents to manageable levels.
-
 ## Machine learning-based limits
 
 The following limits apply to machine learning-based features in Microsoft Sentinel like customizable anomalies and Fusion.
