Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article describes the limits in Microsoft Purview Data Security Investigations.
Investigation limits
The following table lists the limits for investigations in Data Security Investigations.
| Description of limit | Data Security Investigations feature support |
|---|---|
| Total number of documents that you can add to an investigation. | 40 million |
| Total file size per investigation. | 1 TB |
Purge limits
The following table lists the limits for purge in Data Security Investigations.
| Description of limit | Data Security Investigations feature support |
|---|---|
| Maximum number of items per purge search query. | 10,000 |
Search and integration limits
The following table lists the search and integration limits for Data Security Investigations. These limits apply to searches and investigations created from the following solutions:
- Audit search
- Endpoint DLP evidence collection (preview). For more information about endpoint DLP, see Learn about endpoint data loss prevention.
- Insider Risk Management
- Microsoft Defender XDR
| Description of limit | Data Security Investigations feature support |
|---|---|
| Maximum items returned per search or integration query. | Approximately 3,000 |
| Maximum concurrent audit searches per user. | 10 |
Tip
If your investigation involves more than approximately 3,000 audit items, you can split the data into smaller time-based slices. For more information, see Work with large audit search results.