Manage directory size quota of your Azure Active Directory B2C tenant

It's important that you monitor how you use your Azure AD B2C directory quota. Directory quota has a given size that is expressed in number of objects. These objects include user accounts, app registrations, groups, etc. When the number of objects in your tenant reach quota size, the directory will generate an error when trying to create a new object.

Monitor directory quota usage in your Azure AD B2C tenant

  1. Use the steps in Register an application to register an app in your tenant, which uses client credentials flow. Record the Application (client) ID for use in a later.

  2. Use the steps in Create a client secret to configure a client secret for your app. Record the secret's Value. You'll use this value for configuration in a later step.

  3. For your app to call Microsoft Graph API, you need to grant it the required permissions. To do so, use the steps in Grant API access, but only grant Organization.Read.All permission.

  4. Run the following PowerShell script. Replace the placeholder:

    1. [TenantId] with your Azure AD B2C tenant ID. Learn how to read your tenant ID

    2. [ClientID] with the Application (client) ID that you copied earlier.

    3. [ClientSecret] with the application client secret value that you copied earlier.

$tenantId = "[TenantId]"
$clientId = "[ClientID]"
$clientSecret = "[ClientSecret]"

## Use Client Credentials flow to get token to call Graph API
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/x-www-form-urlencoded")
$body = "grant_type=client_credentials&client_id=" +  $clientId + "&" + $clientSecret
$endpoint = "" + $tenantId + "/oauth2/v2.0/token"
$response = Invoke-RestMethod $endpoint -Method "POST" -Headers $headers -Body $body

## Call Graph API using token obtained in previous step
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $response.access_token)
$response = Invoke-RestMethod '$select=directorySizeQuota' -Method 'GET' -Headers $headers
$response | ConvertTo-Json

The response from the API call looks similar to the following json:

    "@odata.context": "$metadata#organization(directorySizeQuota)",
    "value": [
            "directorySizeQuota": {
                "used": 211802,
                "total": 50000000
  • The attribute total is the maximum number of objects allowed in the directory.

  • The attribute used is the number of objects you already have in the directory.

If your tenant usage is higher that 80%, you can remove inactive users or request for a quota increase.

Request increase directory quota size

You can request to increase the quota size by contacting support