Windows Defender APT API ratelimited far below maximum

Rubeste 106 Reputation points
2023-03-30T11:40:50.58+00:00

Hi,

I am currently using the api.securitycenter.microsoft.com API to obtain some statistics from Microsoft Defender. For example the amount of active machines by using the following call:

https://api.securitycenter.microsoft.com/api/machines/$count

I am doing this with one Application registered in all tenants.

As the documentation describes here I should get at least 100 requests per 60 seconds. However, I seem to get the following error:

{
    "error": {
        "code": "TooManyRequests",
        "message": "API calls quota exceeded! Maximum allowed 4 per 00:01:00 for the key Destination+TenantID+AppID+Uri. You can send requests again in 50 seconds.",
        "target": "|REDACTED."
    }
}

I can not find any potentional reason why the 'actual' maximum is set to 4 instead of 100. Nor can I find how to change it. Can someone help me or is it simply impossible?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,889 questions
{count} votes