Update sentinel-service-limits.md

Author: guywi-ms

articles/sentinel/sentinel-service-limits.md

@@ -61,6 +61,16 @@ The following limits apply to incidents in Microsoft Sentinel.
 | Number of incidents returned by API to *list* request | 1,000 incidents maximum | None |
 | Number of incidents per day (per workspace) | See explanation after table | Database capacity |
 
+## Case management limits
+
+The following limits apply to case management in Microsoft Sentinel.
+|
+| Description        | Limit                                   | Dependency |
+|--------------------|-----------------------------------------|------------|
+| Number of cases    | 100,000 cases per tenant                | None       |
+| Linked incidents   | 100 incidents linked to each case       | None       |
+| Attachments        | 500 GB of attachments per tenant        | None       |
+
 **Number of incidents per day:** There isn't a formal, hard limit on the number of incidents that can be created per day. A workspace's actual capacity for incidents depends on the storage capacity of the incident database, so the size of the incidents is as much a factor as their number.
 
 However, a SOC that experiences the creation of more than *around* 3,000 new incidents per day will most likely find itself unable to keep up, and the database capacity will quickly be reached. In this situation, the SOC needs to find and fix any rules that create large numbers of incidents, to get the count of daily new incidents to manageable levels.