Microsoft Azure Active Directory · Rate Limits

Microsoft Azure Active Directory Rate Limits

Microsoft Entra ID is consumed primarily through Microsoft Graph. Throttling is applied per app, per tenant, and per service using a token-bucket algorithm. Limits are not plan-scoped; they are global to the Graph service. From September 30, 2025 the per-app/per-tenant cap is half of the total per-tenant limit so a single app cannot consume the full tenant quota.

Microsoft Azure Active Directory Rate Limits is the machine-readable rate-limit profile for Microsoft Azure Active Directory on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 6 rate-limit definitions, measuring requests_per_10_seconds, requests_per_20_seconds, and varies.

The profile also includes 5 backoff/retry policies defined and response codes documented for throttled and serviceUnavailable.

Tagged areas include Rate Limiting, Identity, and Microsoft Entra.

6 Limits Throttle: 429
Rate LimitingIdentityMicrosoft Entra

Limits

Global per-app limit app
requests_per_10_seconds · second
130000
Universal cap of 130,000 requests per 10 seconds per app across all tenants.
Per-tenant general operations tenant
requests_per_20_seconds · second
2000
2,000 requests per 20 seconds tenant-wide; ~50 RPS sustained.
Per-app per-tenant general operations app/tenant
requests_per_20_seconds · second
1000
1,000 requests per 20 seconds for a single app per tenant.
Intune device management per-tenant tenant
requests_per_20_seconds · second
4000
Intune device management per-app per-tenant app/tenant
requests_per_20_seconds · second
2000
Service-specific limits app/tenant/service
varies
see Microsoft Graph service-specific throttling limits

Policies

Token-bucket algorithm
Throttling sums weighted request costs against per-tenant and per-app buckets; only requests above the limit are throttled (HTTP 429).
Honor Retry-After
When a 429 or 503 is returned, wait the duration in the Retry-After header before retrying.
Backoff with jitter
Use exponential backoff with jitter on transient errors to avoid synchronized retry storms across distributed callers.
Use batching and delta queries
Reduce request count using $batch, delta queries, change notifications, and selecting only required properties.
Bulk extracts via Data Connect
Microsoft Graph Data Connect supports bulk extraction of Microsoft 365 data without Graph throttling limits.

Sources