Windows Defender APT API ratelimited far below maximum

Rubeste 106 Reputation points


I am currently using the API to obtain some statistics from Microsoft Defender. For example the amount of active machines by using the following call:$count

I am doing this with one Application registered in all tenants.

As the documentation describes here I should get at least 100 requests per 60 seconds. However, I seem to get the following error:

    "error": {
        "code": "TooManyRequests",
        "message": "API calls quota exceeded! Maximum allowed 4 per 00:01:00 for the key Destination+TenantID+AppID+Uri. You can send requests again in 50 seconds.",
        "target": "|REDACTED."

I can not find any potentional reason why the 'actual' maximum is set to 4 instead of 100. Nor can I find how to change it. Can someone help me or is it simply impossible?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,889 questions
{count} votes