Share via

What is the recommended rate limit for bulk B2B guest invitations via Microsoft Graph API (New-MgInvitation) to avoid suspicious activity blocks?

Ross Phillips 5 Reputation points
2026-04-16T21:04:48.32+00:00

We are a managed service provider that onboards external guest users into customer tenants via Microsoft Entra B2B collaboration. We use the Microsoft Graph PowerShell module (New-MgInvitation) to bulk invite users from a CSV file.

We are consistently hitting a suspicious activity block after approximately 11 invites, even with a 30 second delay between each invite. The error returned is:


Invitations are blocked for this directory due to suspicious activity. Please contact Microsoft support for help.

Status: 403 (Forbidden)

ErrorCode: Forbidden

Once triggered, the block does not appear to lift automatically and requires Microsoft support intervention to release, which is disruptive to our onboarding workflow.

Questions:

  1. Is there a documented rate limit or threshold for New-MgInvitation calls before the suspicious activity block triggers?
  2. Is there a recommended delay between invites to avoid triggering the block?
  3. Is there a recommended approach for MSPs needing to bulk invite 20-30 guest users into customer tenants programmatically?
  4. Is the portal bulk invite CSV upload subject to the same limits, or does it use a different backend path?
  5. Is there a way to pre-register or whitelist a tenant for higher invite throughput for legitimate MSP workflows?

Environment:

  • Microsoft Graph PowerShell module v2.36.0
  • Scopes: User.Invite.All, User.Read.All
  • Typical batch size: 20-30 users per customer tenant
  • Current delay between invites: 30 seconds

Any guidance on the recommended approach for this use case would be appreciated.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sridevi Machavarapu 31,750 Reputation points Microsoft External Staff Moderator
    2026-04-16T21:30:20.5333333+00:00

    Hello Ross Phillips,

    You’re not hitting a fixed API limit. It’s a risk-based block in Microsoft Entra.

    There isn’t a specific rate limit published for New-MgInvitation, but there are service level limits for B2B invitations that provide context:

    User's image

    Reference: https://learn.microsoft.com/en-us/entra/identity/users/directory-service-limits-restrictions

    Even within these limits, requests can still be blocked if the pattern looks automated. A 30 second delay is usually not enough.

    In practice, keep it slower and less predictable. Send 5 to 10 invites, add random delay of 1 to 3 minutes, and pause 15 to 30 minutes between batches.

    For 20 to 30 users, don’t do it in one run. Split it into batches or let initial users onboard others through the portal.

    Portal CSV uploads are handled differently and are generally more tolerant than API calls, though still subject to protection.

    There is no whitelisting option. Support can unblock, but it can happen again if the same pattern continues.

    Was this answer helpful?

    2 people found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.