Del via

Billing in Data Security Investigations

Billing in Data Security Investigations is based solely on the combination of the amount of stored data and the associated computing capacity needed for AI analysis. It isn't based on a dedicated enterprise plan or license.

This billing combination is based on the storage meter and AI capacity models. The Data Security Investigations non-AI processing and storage meter lets you store data related to an investigation. Security Compute Units (SCUs) measure the computational capacity needed to run the AI analysis within Data Security Investigations.

Storage meter

The storage meter for Data Security Investigations uses the pay-as-you-go billing model. You pay for storage on a gigabyte (GB) per month basis for stored data associated with all investigations in your organization.

For example, you have three investigations in your organization that have the following data associated with the items included in the investigation scopes for the current month:

Investigation Items Total data
Data breach 02/12/2025 3,766 200 GB
Potential data theft 03/03/2025 1,982 10 GB
Risky user activity 04/06/2025 287 5 GB

For the current month, your total storage meter is 215 GB and you pay for that amount at the current per gigabyte rate. When you delete an investigation, you stop paying for the associated data storage amount. The charges are prorated to the number of days the data was stored in the billing cycle.

Some other important considerations for managing storage charges:

  • If you create an investigation, use data storage, and then delete the investigation in a single 24-hour period, you pay for the storage amount.
  • When you delete an investigation anytime after 00:00 UTC, you pay for storage for the full day (24 hours).

For more data storage rates and pricing, see Data Security Investigations storage meter pricing.

AI capacity

Important

To configure the AI capacity for Data Security Investigations, you must be a member of the Data Security Investigations Administrators role group.

Data Security Investigations uses the pay-as-you-go billing model for AI capacity. You need compute units for deep analysis and AI-related processing in your investigations. You can change the maximum limit of compute units ready to be used at any time. Billing is calculated on hourly blocks rather than by 60-minute increments and has a minimum of one hour. Any usage within the same hour is billed as a full compute unit, regardless of start or end times within that hour. You pay only for any compute units used.

For guidance on calculating the compute unit needs for your organization, see the Estimate and manage usage of Data Security Investigation Compute Units section in this article.

Locations for compute units and AI processing

Compute unit processing uses GPU resources in Azure datacenters protected with Azure security and privacy controls. You can choose to select where compute units are used from any of the following locations:

  • Australia/New Zealand (ANZ)
  • Europe (EU)
  • United Kingdom (UK)
  • United States (US)

You can opt in to having compute units provisioned and AI analysis processing done anywhere in the world to mitigate potential disruptions in case your primary location experiences high activity. 

Microsoft recommends having compute units and AI processing done anywhere with available GPU capacity. This recommendation enables Data Security Investigations and Azure to determine the optimal location based on load, latency, and responsiveness.

Estimate your investigation data storage and AI costs

Before configuring billing, use the estimate costs tool to calculate an estimate of potential monthly data storage and AI costs for investigations in Data Security Investigations. Use the estimator tool to plan your costs before setting up data storage and compute units for AI features.

Use the tool to estimate individual investigation costs to create an average investigation cost or use the tool to estimate the costs of all anticipated investigations. This estimate is based on current storage and AI usage billing meters for a 30 day period.

Use the guidelines in the Investigation size and complexity section in this article to help complete the fields in the estimator tool.

To estimate investigations costs, complete the following steps:

    1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned Data Security Investigations permissions.
  2. On the Estimate storage and AI usage costs card, select Estimate costs.
  3. Complete the required and optional fields for a single investigation to calculate an estimated average cost or for the total number of investigations in your organization.
  4. Select Calculate.
  5. Review the estimated costs and recalculate as needed.

Configure billing

Before you can use Data Security Investigations in your organization, you must configure both billing models. Storage meter billing requires a link to an Azure subscription for pay-as-you-go billing. Capacity billing requires dedicated compute unit configuration.

Prerequisites

To configure the storage meter and capacity for Data Security Investigations, you must have:

  • An Azure subscription in the same tenant as Microsoft Purview.
  • An Azure resource group in that subscription.
  • The Global Administrator role.
  • The resource group Owner or Contributor role.

Configure storage meter

The Azure subscription you configure for Data Security Investigations manages all pay-as-you-go capabilities across Microsoft Purview solutions. If you previously configured an Azure subscription for other Microsoft Purview solutions, you don't need to configure an additional subscription.

To configure the storage meter for Data Security Investigations, complete the following steps:

  1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned Data Security Investigations permissions.
  2. Select the Data Security Investigations solution card.
  3. Select Setup pay-as-you-go-billing for data storage in the Setup tasks section.
  4. On the Setup pay-as-you-go-billing for data storage flyout pane, complete the following fields for the Azure subscription:
    1. Azure subscription: The Azure subscription you want to assign to the storage meter.
    2. Resource group: The resource group in your Azure subscription you want to assign to the storage meter.
  5. Select Enable.

Configure AI capacity

Configuring compute units enables the AI capacity for investigations in your organization. To configure AI capacity for Data Security Investigations, complete the following steps:

  1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned Data Security Investigations permissions.
  2. Select the Data Security Investigations solution card.
  3. Select Setup pay-as-you-go to use AI in the Setup tasks section.
  4. On the Set up AI capacity pane, complete the following fields:
    1. AI analysis data processing location: The primary country/region. Select from the available locations.
  5. In the Number of compute units section, select one of the following options:
    1. No limit:
    2. Set maximum limit:
  6. Select the checkbox that you read, understood, and agreed to the Terms and Conditions.
  7. Select Confirm.

Estimate and manage usage of compute units

To manage the usage of compute units in Data Security Investigations, estimate your likely compute unit usage and the general size of the investigation. While it's challenging to estimate the exact amount of these variables, having a general sense of the investigation processing, size, and complexity can help you make informed decisions about provisioning and scaling compute unit usage.

Investigation processing

Data Security Investigations supports various processing tools to help you identify and take action on data security incidents. Each of these processing tools has different variables that you should consider when estimating support for each processing type:

Process type example Scale units or variables
Prepare data for AI analysis (vectorization) Size of data and extracted text
Vector searches Size of data searched
Categorization Number of categories selected
Examination Number of files analyzed

These variables primarily influence the cost for compute unit billing. They work together to determine the exact amount of compute unit usage per investigation. Each investigation might have a different combination of these cost influencers, so determining the exact compute unit billing estimation is challenging.

![Data Security Investigations compute unit cost influencers.](./media/dsi-compute unit-cost-influencers.png)

Investigation size and complexity

Each investigation varies in the exact storage and required processing. To estimate the likely compute unit usage for an investigation, think of investigations in terms of overall size. In general, investigations fall into one of the following sizes:

  • Small investigation: A small investigation to test usage as a proof of concept in your organization.
  • Medium investigation: A medium investigation, such as a data audit or responding to a minor data security incident.
  • Large investigation: A large investigation for a significant data breach or leak incident.
  • Extra large investigation: An extra large investigation for a major data security breach, leak, or incident.

Use the following table as a guideline for the rough estimation of required compute units for different sized investigations. Each investigation assumes using a mix of categorization, semantic searches, and deep examination and analysis for the investigation.​

Monthly cost factors Small
Investigation		 Medium
Investigation		 Large
Investigation		 Extra large
Investigation
Stored investigation data 100 MB 1 GB 100 GB 1 TB
Number of ongoing compute units consumed for AI analysis ~ 125 compute units ~ 226 compute units ~ 680 compute units ~ 1,600 compute units

To estimate the total compute units your organization needs for specific types of investigations, use the investigation processing, size, and complexity guidelines in this section. See the following sections during your planning and configuration:

  • Prepare data for AI analysis
  • [Vector search and compute units](data-security-investigations-ai-analysis.md#vector-search-and-compute units)
  • [Categorization and compute units](data-security-investigations-ai-analysis.md#categorization-and-compute units)
  • [Estimation and compute units](data-security-investigations-ai-analysis.md#examination-and-compute units)

Important

You aren't billed for failed compute unit operations but are billed for partial completions. For example, you pay when you successfully vectorize partial data in an investigation scope.

Update compute units

To update the limits for compute units for investigation in Data Security Investigations, complete the following steps:

  1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned Data Security Investigations permissions.
  2. Select the Data Security Investigations solution card.
  3. Select Setup pay-as-you-go to use AI in the Setup tasks section.
  4. On the Set up AI capacity pane, complete the following fields:
    1. No limit:
    2. Set maximum limit:
  5. Select the checkbox that you read, understood, and agreed to the Terms and Conditions.
  6. Select Confirm.

Pay-as-you-go usage dashboard (preview)

Use the Pay-as-you-go usage dashboard (preview) to quickly view and track data storage and compute unit usage for each investigation in your organization. The current data storage and compute unit totals for each investigation help you manage usage and cost per investigation. This information is helpful during reactive investigation surges associated with severe data breaches and ongoing data storage trends.

Note

It might take up to 48 hours for the latest billing data to show up on the Pay-as-you-go usage dashboard (preview) for your organization. Only users assigned the Data Security Investigations Admin role can access the Pay-as-you-go usage dashboard (preview).

To view the Pay-as-you-go usage dashboard (preview), complete the following steps:

  1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned to the Data Security Investigations Administrator role group.
  2. Select the Data Security Investigations solution card.
  3. Select Usage dashboard in the left-navigation.

From the Pay-as-you-go usage dashboard (preview), you can review:

  • The data storage usage for each investigation and the total for each process.
  • The total amount of compute units used by Data Security Investigations processes.
  • The compute units per day, for the last 7, 14, or 30 day timescale.
  • The compute unit usage for each investigation and the total for each process.

Each investigation has the total data storage for each of the following processes:

  • Add to scope: Storage supporting processes when adding items to the investigation scope.
  • Categorization: Storage and compute supporting categorization processes for an investigation.
  • Examination: Storage and compute supporting examination processes for an investigation.
  • Interactive AI: Storage and compute supporting semantic search and AI suggested categories.
  • Prepare for AI: Storage and compute supporting processes for vectorization for the investigation.

To export the data storage and compute information for all investigations, select Export. The export file lists the following information:

  • ID: The ID of the investigation.
  • Date: The date the report was created for each investigation.
  • Storage: The total data storage for each process in the investigation.
  • InvestigationName: The friendly name of the investigation.
  • JobType: The type of process associated with the date storage or compute usage.
  • JobID: The ID for the process.
  • ConsumedUnits: The amount of compute units used for the process.

Stop billing

To stop billing for Data Security Investigations, disable both storage meter and AI capacity support. This action deletes all investigations in Data Security Investigations and deletes compute units for your resource group.

Caution

Deleting investigations and your compute unit resource group is irreversible. Make sure you export or preserve any investigation results or reports before stopping billing.

Stop storage meter billing

Data storage charges start when you add items to the scope of an investigation. To stop storage metering, complete the following steps:

  1. Go to the Microsoft Purview portal and sign in with the credentials for a user account assigned to the Data Security Investigations Administrators role group.
  2. Select the Data Security Investigations solution card.
  3. Delete all existing investigations in your organization.
  4. Verify that no active or pending investigations remain in your organization.

When you delete all investigations, the associated data is removed and storage billing stops for Data Security Investigations.

Stop AI capacity billing

AI analysis is billed through compute units in Microsoft Azure. To stop compute unit billing, complete the following steps:

  1. Go to the Azure portal and sign in with a user account that has either the Owner or Contributor role for the Azure subscription associated with the Data Security Investigations compute unit resource.
  2. Go to the Subscription where you deployed your Data Security Investigations resource.
  3. Select the associated Resource group for Data Security Investigations.
  4. Select and delete the DSI compute unit capacity resource (for example, DataSecurityInvestigation-GUID).

When you delete the compute unit resource, all AI capacity and compute billing stops for Data Security Investigations.

  • Last updated on