Microsoft Azure Active Directory · Rate Limits

Azure Active Directory Rate Limits

Microsoft Entra ID enforces tenant-level service quotas on directory objects, group membership, Conditional Access policies, and B2B invitations rather than per-second API rate limits. Microsoft Graph (the primary API surface for Entra) applies its own request-rate throttling at the application / tenant level. Limits documented here cover the Entra service quotas; Graph throttling is enforced per-resource and per-app and is documented separately.

Azure Active Directory Rate Limits is the machine-readable rate-limit profile for Microsoft Azure Active Directory on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 10 rate-limit definitions, measuring tenants, objects, domains, requests_per_second, and policies.

The profile also includes 4 backoff/retry policies defined and response codes documented for throttled and serviceUnavailable.

Tagged areas include Authentication, Identity, Microsoft Entra, and Rate Limiting.

10 Limits Throttle: 429
AuthenticationIdentityMicrosoft EntraRate Limiting

Limits

Tenants per user (member or guest) user
tenants
500
A single user can belong to a maximum of 500 Entra tenants.
Directory objects per tenant (no verified domain) tenant
objects
50000
Default quota; raise via support.
Directory objects per tenant (with verified domain) tenant
objects
300000
Default quota; raise via support.
Managed domains per tenant tenant
domains
5000
Application Proxy transactions per app app
requests_per_second · second
500
750 TPS aggregate per Entra organization; throttled clients receive 429.
Conditional Access policies per tenant tenant
policies
240
Custom roles per tenant tenant
roles
100
B2B invitations (paid tenants > 30 days) tenant
invitations_per_day · day
-1
Capped only by service quotas; new tenants limited to 200/day.
B2B invitations (free tenants > 30 days) tenant
invitations_per_day · day
100
Microsoft Graph request throttling app/tenant
varies
see https://learn.microsoft.com/en-us/graph/throttling
Per-resource limits (e.g., 10,000 req / 10 min for /users). Returns 429 with Retry-After.

Policies

Backoff
Honor Retry-After header on 429 responses; use exponential backoff with jitter.
Service quota raise
Most Entra tenant quotas can be raised via Microsoft Support; some (Conditional Access, built-in) are hard caps.
Application Proxy throttling
Application Proxy transactions are tracked per connector and per organization; clients exceeding 500 TPS per app receive 429.
Use Microsoft Graph
Avoid the deprecated Azure AD Graph; all new integrations should use Microsoft Graph, which has documented throttling guidance.

Sources