Microsoft Graph service-specific throttling limits

Microsoft Graph allows you to access data in multiple services, such as Outlook or Microsoft Entra ID. These services impose their own throttling limits that affect applications that use Microsoft Graph to access them.

Any request can be evaluated against multiple limits, depending on the scope of the limit (per app across all tenants, per tenant for all apps, per app per tenant, and so on), the request type (GET, POST, PATCH, and so on), and other factors. The first limit to be reached triggers throttling behavior. In addition to the service specific-limits described in the section, the following global limits apply:

Request type Per app across all tenants
Any 130,000 requests per 10 seconds

Note

The specific limits described here are subject to change.

In this section, the term tenant refers to the Microsoft 365 organization where the application is installed. This tenant can be the same as the one where the application was created in the case of a single-tenant application, or it can be different in the case of a multi-tenant application.

Assignment service limits

The following limits apply to requests on the assignment service API:

Request type Limit per app per tenant Limit per tenant for all apps
Any 500 requests per 10 seconds 1,000 requests per 10 seconds
Any 15,000 requests per 3,600 seconds 30,000 requests per 3,600 seconds
GET me/Assignment 50 requests per 10 seconds 150 requests per 10 seconds

The preceding limits apply to the following resources:

Bookings service limits

The Bookings service applies limits to each app ID and mailbox combination, specifically when a particular app accesses a particular booking mailbox. Exceeding the limit for one mailbox doesn't affect the ability of the application to access another mailbox.

Limit Applies to
Four concurrent requests v1.0 and beta endpoints

The preceding limits apply to the following resources:

Cloud communication service limits

Resource Limits per app
Calls 50,000 requests in a 15-second period, per application per tenant
Meeting information 2,000 meetings/user each month
Presence 1,500 requests in a 30-second period, per application per tenant
Virtual event 10,000 requests/app each month

Call records limits

The limits listed in the following table apply to the following resources:

Limit type Limit
Per application for all tenants 15,000 requests per 20 seconds
Per tenant for all applications 10,000 requests per 20 seconds
Per application per tenant 1,500 requests per 20 seconds
Per call record 10 requests per 20 seconds (first page)
50 requests per 5 minutes (subsequent pages)
List call records 15 requests per 20 seconds (first page)
55 requests per 5 minutes (subsequent pages)

PSTN call records limits

The limits listed in the following table apply to the following resources:

Limit type Limit
Per tenant 1,000 requests per 60 seconds
Per application per tenant 200 requests per 60 seconds
Per collection 50 requests per 60 seconds

Excel service limits

For explanations and best practices related to Excel service throttling, see Reduce throttling errors. In addition, following are some throttling limits.

Request type Limit per app for all tenants Limit per app per tenant
Any 5000 requests per 10 seconds 1500 requests per 10 seconds

The preceding limits apply to the following resources:

Education service limits

Request type Limit per app for all tenants Limit per app per tenant
Any 400,000 requests per 20 seconds 35,000 requests per 10 seconds

The preceding limits apply to the following resources:

Files and lists service limits

For service limits for OneDrive, OneDrive for Business, and SharePoint Online, see Avoid getting throttled or blocked in SharePoint Online.

The preceding information applies to the following resources:

Identity and access reports service limits

Request type Limit per app per tenant
Any Five requests per 10 seconds

The preceding limits apply to the following resources:

Identity and access reports best practices

Microsoft Entra reporting APIs are throttled when Microsoft Entra ID receives too many calls during a given timeframe from a tenant or app. Calls might also be throttled if the service takes too long to respond. If your requests still fail with a 429 Too Many Requests error code despite applying the best practices to handle throttling, try reducing the amount of data returned. Try these approaches first:

  • Use filters to target your query to just the data you need. If you only need a certain type of event or a subset of users, for example, filter out other events using the $filter and $select query parameters to reduce the size of your response object and the risk of throttling.
  • If you need a broad set of Microsoft Entra ID reporting data, use $filter on the createdDateTime to limit the number of sign-in events you query in a single call. Then, iterate through the next timespan until you have all the records you need. For example, if you're being throttled, you can begin with a call that requests three days of data and iterate with shorter timespans until your requests are no longer throttled.

Identity and access service limits

Pattern

Throttling is based on a token bucket algorithm, which works by adding individual costs of requests. The sum of request costs is then compared against predetermined limits. Only the requests exceeding the limits are throttled. If any of the limits are exceeded, the response is 429 Too Many Requests. It's possible to receive 429 Too Many Requests responses even when the following limits aren't reached, in situations when the services are under an important load or based on data volume for a specific tenant. The following table lists existing limits.

Limit type Resource unit quota Write quota
application+tenant pair S: 3,500 ResourceUnits per 10 seconds
M: 5,000 ResourceUnits per 10 seconds
L: 8,000 ResourceUnits per 10 seconds
3,000 requests per 2 minutes and 30 seconds
application 150,000 ResourceUnits per 20 seconds 35,000 requests per 5 minutes
tenant Not Applicable 18,000 requests per 5 minutes

Note

The application + tenant pair limit varies based on the number of users in the tenant requests are run against. The tenant sizes are defined as follows: S - under 50 users, M - between 50 and 500 users, and L - above 500 users.

The preceding limits apply to the following resources:

The following table lists base request costs. Any requests not listed have a base cost of 1.

Operation Request Path Base Resource Unit Cost Write Cost
GET applications 2 0
GET applications/{id}/extensionProperties 2 0
GET contracts 3 0
POST directoryObjects/getByIds 5 0
GET domains/{id}/domainNameReferences 4 0
POST getObjectsById 5 0
GET groups/{id}/members 3 0
GET groups/{id}/transitiveMembers 5 0
POST isMemberOf 4 0
POST me/checkMemberGroups 4 0
POST me/checkMemberObjects 4 0
POST me/getMemberGroups 2 0
POST me/getMemberObjects 2 0
GET me/licenseDetails 2 0
GET me/memberOf 2 0
GET me/ownedObjects 2 0
GET me/transitiveMemberOf 2 0
GET oauth2PermissionGrants 2 0
GET oauth2PermissionGrants/{id} 2 0
GET servicePrincipals/{id}/appRoleAssignments 2 0
GET subscribedSkus 3 0
GET users 2 0
GET Any identity path not listed in the table 1 0
POST Any identity path not listed in the table 1 1
PATCH Any identity path not listed in the table 1 1
PUT Any identity path not listed in the table 1 1
DELETE Any identity path not listed in the table 1 1

Important

The cost of POST, PATCH, and DELETE operations on the applications request path depends on the signInAudience type. For apps where the signInAudience is AzureADMyOrg or AzureADMultipleOrgs, the cost is 70,000 requests per 5 minutes; while for apps where the signInAudience is AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount, the cost is 60 requests per minute.

Other factors that affect a request cost:

  • Using $select decreases cost by 1
  • Using $expand increases cost by 1
  • Using $top with a value of less than 20 decreases cost by 1
  • Creating a user in a Microsoft Entra ID B2C tenant increases cost by 4

Note

  • A request cost can never be lower than 1. Any request cost that applies to a request path starting with me/ also applies to equivalent requests starting with users/{id | userPrincipalName}/.
  • Using $select for directoryObjects/getByIds and getObjectsById will result in 2 ResourceUnits.

Additional headers

Request headers

  • x-ms-throttle-priority - If the header doesn't exist or is set to any other value, it indicates a normal request. We recommend setting priority to high only for the requests initiated by the user. This header can have one of the following values:
    • Low - Indicates the request is low priority. Throttling this request doesn't cause user-visible failures.
    • Normal - Default if no value is provided. Indicates that the request is default priority.
    • High - Indicates that the request is high priority. Throttling this request causes user-visible failures.

Note

Should requests be throttled, low priority requests will be throttled first, normal priority requests second, and high priority requests last. Using the priority request header does not change the limits.

Regular responses requests

  • x-ms-resource-unit - Indicates the resource unit used for this request. Values are positive integers.
  • x-ms-throttle-limit-percentage - Returned only when the application consumed more than 0.8 of its limit. The value ranges from 0.8 to 1.8 and is a percentage of the use of the limit. Callers can use this value to set up an alert and take action.

Throttled responses requests

  • x-ms-throttle-scope - for example, Tenant_Application/ReadWrite/9a3d526c-b3c1-4479-ba74-197b5c5751ae/0785ef7c-2d7a-4542-b048-95bcab406e0b. Indicates the scope of throttling with the following format <Scope>/<Limit>/<ApplicationId>/<TenantId|UserId|ResourceId>:
    • Scope: (string, required)
      • Tenant_Application - All requests for a particular tenant for the current application.
      • Tenant - All requests for the current tenant, regardless of the application.
      • Application - All requests for the current application.
    • Limit: (string, required)
      • Read: Read requests for the scope (GET)
      • Write: Write requests for the scope (POST, PATCH, PUT, DELETE...)
      • ReadWrite: All Requests for the scope (any)
    • ApplicationId (Guid, required)
    • TenantId|UserId|ResourceId: (Guid, required)
  • x-ms-throttle-information - Indicates the reason for throttling and can have any value (string). The value is provided for diagnostics and troubleshooting purposes, some examples include:
    • CPULimitExceeded - Throttling is because the limit for cpu allocation is exceeded.
    • WriteLimitExceeded - Throttling is because the write limit is exceeded.
    • ResourceUnitLimitExceeded - Throttling is because the limit for the allocated resource unit is exceeded.

Identity and access data policy operation service limits

Request type Limit per tenant
POST on exportPersonalData 1,000 requests per day for any subject and 100 per subject per day
Any other request 10,000 requests per hour

The preceding limits apply to the following resources:

Note

The resources listed earlier do not return a Retry-After header on 429 Too Many Requests responses.

Identity protection and conditional access service limits

Request type Limit per tenant for all apps
Any One request per second

Note

The resources listed earlier do not return a Retry-After header on 429 Too Many Requests responses.

Identity providers service limits

Request type Limit per tenant for all apps Limit per app per tenant
Any 300 requests per 1 minute 200 requests per 1 minute

The preceding limits apply to the following resources:

Information protection service limits

The following limits apply to any request on /informationProtection.

For email, the resource is a unique network message ID/recipient pair. For example, submitting an email with the same message ID sent to the same person multiple times in a 15-minute period triggers the limit per resource limits listed in the following table. However, you can submit up to 150 unique emails every 15 minutes (tenant limit).

Operation Limit per tenant Limit per resource (email, URL, file)
POST 150 requests per 15 minutes and 10,000 requests per 24 hours One request per 15 minutes and 3 requests per 24 hours

Insights service limits

The following limits apply to any request on me/insights or users/{id}/insights.

Limit Applies to
10,000 API requests in a 10-minute period v1.0 and beta endpoints
Four concurrent requests v1.0 and beta endpoints

The preceding limits apply to the following resources:

Intune service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune android for work service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune applications service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune auditing service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune books service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune bundles service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune chromebook sync service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune company terms service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune device config v2 service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune device configuration service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune device enrollment service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune device intent service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune devices service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 400 requests per 20 seconds 200 requests per 20 seconds
Any 4000 requests per 20 seconds 2000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune endpoint protection service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune enrollment service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune GPAnalytics service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune managed applications service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune notifications service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune ODJ service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune partner integration service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune rbac service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune remote assistance service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune telephony service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune TEM service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune troubleshooting service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune unlock service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune updates service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Intune wip service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

Invitation manager service limits

The following limits apply to any request on /invitations.

Operation Limit per tenant for all apps
Any operation 150 requests per 5 seconds

Microsoft 365 reports service limits

The following limits apply to any request on /reports.

Operation Limit per app per tenant Limit per tenant for all apps
Any request (CSV) 14 requests per 10 minutes 40 requests per 10 minutes
Any request (JSON, beta) 100 requests per 10 minutes n/a

The preceding limits apply individually to each report API. For example, a request to the Microsoft Teams user activity report API and a request to the Outlook user activity report API within 10 minutes count as one request out of 14 for each API, not two requests out of 14 for both.

The preceding limits apply to all usage reports resources.

Microsoft Teams service limits

Limits are expressed as requests per second (rps).

Teams request type Limit per app per tenant Limit per app across all tenants Limit per app per tenant per resource(chat/channel)
GET team 30 rps 600 rps
GET channel 30 rps 600 rps 1rps
GET tab for channel, chat 30 rps 600 rps 1rps
GET installedApps for user, team 30 rps 600 rps
GET installedApps for chat 30 rps 600 rps 1rps
GET appCatalogs 30 rps 600 rps
POST channel 30 rps 300 rps 1rps
POST tab for channel or chat 30 rps 300 rps 1rps
POST installedApps for chat, user, team 30 rps 300 rps
POST appCatalogs 30 rps 300 rps
PATCH team, tab 30 rps 300 rps
PATCH channel 30 rps 300 rps 1rps
DELETE channel 15 rps 150 rps 1rps
DELETE tab for chat, channel 15 rps 150 rps 1rps
DELETE installedApps for chat, user, team 15 rps 150 rps
DELETE appCatalogs 15 rps 150 rps
GET /teams/{team-id}, joinedTeams 30 rps 300 rps
POST /teams 10 rps 100 rps
PUT /groups/{team-id}/team Six rps 150 rps
POST /{team-id}/ clone Six rps 150 rps
GET channel message 20 rps 200 rps 1rps
GET 1:1/group chat message 20 rps 200 rps 1rps
POST channel message 50 rps 500 rps 1rps
POST chat member 30 rps 300 rps 4rpm
Delete chat member 30 rps 300 rps 4rpm
POST 1:1/group chat message 20 rps 200 rps 1rps
GET /teams/{team-id}/schedule and all APIs under this path 30 rps 600 rps
POST /teams/{team-id}/schedule and all APIs under this path 30 rps 300 rps
PUT /teams/{team-id}/schedule and all APIs under this path 30 rps 300 rps
POST /teams/{team-id}/sendActivityNotification Five rps 50 rps
POST /chats/{chat-id}/sendActivityNotification Five rps 50 rps 1rps
POST /users/{user-id}/teamwork/sendActivityNotification Five rps 50 rps
POST /teamwork/sendActivityNotificationToRecipients Two rps 20 rps
GET /teams/{team-id}/members 60 rps 1200 rps
POST /teams/{team-id}/members 30 rps 300 rps 4rpm
GET /teams/{team-id}/channels 60 rps 1200 rps 1rps
GET /teams/{team-id}/channels/{channel-id}/members 60 rps 1200 rps 1rps
Get all channel messages for a team
GET teams/{team-id}/channels/getAllMessages
GET teams/{team-id}/channels/allMessages
200rps 1000rps
Get all chat messages for a user
GET users/{user-id}/chats/getAllMessages
GET users/{user-id}/chats/allMessages
200rps 1000rps
GET /teams/{team-id}/channels/getAllRetainedMessages 200rps 1000rps
GET /users/{user-id}/chats/getAllRetainedMessages 200rps 1000rps
Other GET API calls for Microsoft Teams 30 rps 1500 rps 1rps
Other API calls for Microsoft Teams 30 rps 300 rps 1rps

A maximum of four requests per second per app can be issued on a given team.

A maximum of one request per second per app per tenant can be issued on a given channel or chat.

A maximum of one request per second per user can be issued when doing POST message in a given chat or channel (This throttling limit doesn't apply to migration).

A maximum of five requests per second per user can be issued when doing List chats or Get chat or chat:removeAllAccessForUser

See also Microsoft Teams limits and polling requirements.

The preceding limits apply to the following resources:

Multitenant management service limits

Request type Limit per tenant for all apps Limit per app per tenant
POST, PUT, DELETE, PATCH 200 requests per 20 seconds 100 requests per 20 seconds
Any 2000 requests per 20 seconds 1000 requests per 20 seconds

The preceding limits apply to the following resources:

OneNote service limits

Limit type Limit per app per user (delegated context) Limit per app (app-only context)
Requests rate 120 requests per 1 minute and 400 per 1 hour 240 requests per 1 minute and 800 per 1 hour
Concurrent requests Five concurrent requests 20 concurrent requests

The preceding limits apply to the following resources:

You can find additional information about best practices in OneNote API throttling and how to avoid it.

Note

The resources listed earlier do not return a Retry-After header on 429 Too Many Requests responses.

Open and schema extensions service limits

Request type Limit per app per tenant
Any 455 requests per 10 seconds

The preceding limits apply to the following resources:

Outlook service limits

Outlook service limits apply to the public cloud and national cloud deployments.

Limits per mailbox

The Outlook service applies limits to each app ID and mailbox combination - that is, a specific app accessing a specific user or group mailbox. Exceeding the limit for one mailbox doesn't affect the ability of the application to access another mailbox.

Limit Applies to
10,000 API requests in a 10 minute period v1.0 and beta endpoints
Four concurrent requests v1.0 and beta endpoints
150 megabytes (MB) upload (PATCH, POST, PUT) in a 5-minute period v1.0 and beta endpoints

Outlook service resources

API Resources
Search API (preview)
  • External item (Microsoft Search)
  • Profile API
  • Photo
  • Calendar API
  • event
  • eventMessage
  • calendar
  • calendarGroup
  • outlookCategory
  • attachment
  • place (preview)
  • Mail API
  • message
  • mailFolder
  • mailSearchFolder
  • messageRule
  • outlookCategory
  • attachment
  • Personal contacts API
  • contact
  • contactFolder
  • outlookCategory
  • Social and workplace intelligence
  • person
  • To-do tasks API (preview)
  • outlookTask
  • outlookTaskFolder
  • outlookTaskGroup
  • outlookCategory
  • attachment
  • Outlook service limits for JSON batching

    When an app makes a JSON batch request that consists of multiple, unordered individual requests to the Outlook service, by default, Microsoft Graph sends the Outlook service up to four individual requests from the batch at a time, regardless of the target mailboxes of those requests. The Outlook service can execute these requests in parallel at any point, also irrespective of the target mailbox. Since Microsoft Graph sends only up to four requests to run in parallel, the execution of that batch stays within Outlook's concurrency limits for the same mailbox, regardless of the app used.

    Alternatively, an app can use the dependsOn property to order requests within a batch. Microsoft Graph sends the Outlook service one request from the batch at a time following the specified order, and Outlook executes each individual request in the batch sequentially.

    In other words, when targeting the same mailbox, apps that allow multiple batch requests to run in parallel can use either of the following approaches:

    • If the individual requests don't have to be ordered, have individual requests from a single batch run concurrently.
    • Use the dependsOn property to order requests in a batch, and have up to four such batch requests run concurrently.

    Project Rome service limits

    Request type Limit per user for all apps
    GET 400 requests per 5 minutes and 12,000 requests per one day
    POST, PUT, PATCH, DELETE 100 requests per 5 minutes and 8,000 requests per one day

    The preceding limits apply to the following resources:

    Security detections and incidents service limits

    The following limits apply to any request on /security.

    Operation Limit per app per tenant
    Any operation on alert, securityActions, secureScore 150 requests per minute
    Any operation on tiIndicator 1,000 requests per minute
    Any operation on secureScore or secureScorecontrolProfile 10,000 API requests in a 10-minute period
    Any operation on secureScore or secureScorecontrolProfile Four concurrent requests

    Security eDiscovery service limits

    The following limits apply to any request on /security/eDiscoveryCases.

    Operation Limit per app per tenant
    Any Five requests per minute

    Service Communications service limits

    The following limits apply to any type of requests for service communications under /admin/serviceAnnouncement/.

    Request type Limit per app per tenant
    Any 240 requests per 60 seconds
    Any 800 requests per hour

    Subscription service limits

    Request type Limit per app for all tenants Limit per app per tenant
    POST, PUT, DELETE, PATCH 2000 requests per 20 seconds 500 requests per 20 seconds
    POST /reauthorize subscription by ID 4000 requests per 20 seconds 1000 requests per 20 seconds
    GET Subscription by Id 2000 requests per 20 seconds 500 requests per 20 seconds
    GET Subscription List 40 requests per 20 seconds 25 requests per 20 seconds

    The preceding limits apply to the subscription resource.

    Tasks and plans service limits

    Service limits for Planner aren't available.

    The preceding information applies to the following resources:

    Viva Engage service limits

    Viva Engage API calls are subject to rate limiting, allowing 10 requests per user, per app, within a 30-second time period. When you exceed the rate limit, all subsequent requests return a 429 Too Many Requests response code.