This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 49%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EEE%3C/text%3E%3C/svg%3E)
Hi all, our customer is synchronizing users by configuring SCIM provisioning in Azure AD. In order to provide SCIM endpoint security, we have implemented rate limiting for SCIM service. After 2 days of normal operation,the requests sent by Azure AD suddenly reached the rate limit and our scim service blocked the requests for a short period of time, putting the customer's provisioning into quarantine.
I would like to ask if Azure AD's provision can recognize the 429 response (with Retry-After header) to slow down the rate at which it sends requests?
Also is it possible to tell if the rate at which Azure AD sends requests increases over time, or can you provide the rate at which Azure AD sends requests by default? Thanks!
I read the following paragraph in the documentation, it seems that Microsoft can adjust the sending request for the rate limitation of the target system, is there anything that the target system needs to do in order to implement this? For example, in response to 429(with Retry-After header).
I read the following paragraph in the documentation, it seems that Microsoft can adjust the sending request for the rate limitation of the target system, is there anything that the target system needs to do in order to implement this? For example, in response to 429.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 54%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBC%3C/text%3E%3C/svg%3E)
@Danny Zollner if I have a gallery App - how can I request a rate limit?
Rate limiting is only configurable for "gallery" provisioning integrations and can only be configured by the Microsoft engineering team. The provisioning service does not have the ability to dynamically adjust to 429 responses.
The rate of requests when rate limiting is not configured can be described as "as fast as possible", meaning that as soon as the Entra ID provisioning service has calculated a request that needs to be made, it will make it.
Thank you for your response. So are there any future plans to provide rate limiting features for non-gallery applications?
As well I know that Microsoft's provisioning service goes into quarantine when it receives a certain threshold of failure messages. I'm wondering if the 429 response will be used as this type of failure message for going into quarantine?
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 62%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EV%3C/text%3E%3C/svg%3E)
Hello and thank you for the information above @Danny Zollner
We've implemented SCIM provisioning for our non-gallery app. With gallery submissions paused (March 4, 2025: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/v2-howto-app-gallery-listing), we can't use Entra ID's built-in rate limiting.
How can we manage potential rate limit issues from high-volume Entra ID SCIM requests for a non-gallery app? Are there any alternatives since gallery submission is currently unavailable?
Are there any upcoming changes or workarounds planned by Microsoft to address rate limit management for non-gallery SCIM provisioning, especially during the gallery submission suspension?
and finally, is there a possibility to request an exception or get assistance from Microsoft support to get some kind of rate limiting applied in our specific case, even if we are not a gallery application?
thanks