Merge pull request #26088 from microsoftgraph/freshness-throttling

[Content freshness] Microsoft Graph throttling

Author: Danielabom

concepts/throttling-limits.md

@@ -1,21 +1,22 @@
 ---
 title: "Microsoft Graph throttling guidance"
-description: "Find best practices for maintaining optimal performance of the Microsoft Graph service if an overwhelming number of requests occurs."
+description: "Learn the best practices to avoid throttling and maintaining optimal performance should your app be throttled."
 ms.localizationpriority: high
 author: FaithOmbongi
 ms.author: ombongifaith
-ms.reviewer: Luca.Spolidoro
+ms.reviewer: mariampo, Avinash.Chenoor
 ms.subservice: non-product-specific
-ms.date: 01/22/2024
+ms.topic: overview
+ms.date: 01/14/2025
 ms.custom: graphiamtop20
 #Customer intent: As a developer integrating with Microsoft Graph, I want to understand how to avoid throttling and how to handle throttling when it occurs.
 ---
 
 # Microsoft Graph throttling guidance
 
-Throttling limits the number of concurrent calls to a service to prevent overuse of resources. Microsoft Graph is designed to handle a high volume of requests. If an overwhelming number of requests occurs, throttling helps maintain optimal performance and reliability of the Microsoft Graph service.
+Throttling limits the number of concurrent calls to a service to prevent overuse of resources. The Microsoft Graph service implements throttling limits to ensure service availability and reliability.
 
-Throttling limits vary based on the scenario. For example, if you are performing a large volume of writes, the possibility for throttling is higher than if you are only performing reads.
+Throttling limits vary based on the scenario. For example, if you're performing a large volume of writes, the possibility for throttling is higher than if you're only performing reads.
 
 > [!NOTE]
 > Solutions that need to extract a large volume of data from Microsoft Graph should use [Microsoft Graph Data Connect](data-connect-concept-overview.md) instead of the Microsoft Graph REST APIs. Microsoft Graph Data Connect allows organizations to extract Microsoft 365 data in bulk without being subject to throttling limits.
@@ -31,7 +32,12 @@ Throttling limits vary based on the scenario. For example, if you are performing
 ## What happens when throttling occurs?
 <!-- markdownlint-enable MD026 -->
 
-When a throttling threshold is exceeded, Microsoft Graph limits any further requests from that client for a period of time. When throttling occurs, Microsoft Graph returns HTTP status code 429 (Too many requests), and the requests fail. A suggested wait time is returned in the response header of the failed request. Throttling behavior can depend on the type and number of requests. For example, if you have a high volume of requests, all requests types are throttled. Threshold limits vary based on the request type. Therefore, you could encounter a scenario where writes are throttled but reads are still permitted.
+When a throttling threshold is exceeded, Microsoft Graph:
+- Limits any further requests from that client app for some time. 
+- Returns HTTP status code **429 Too Many Requests** and the requests fail. 
+- Returns a suggested wait time in the response header of the failed request.
+
+Throttling behavior can depend on the type and number of requests. For example, if you have a high volume of requests, all requests types are throttled. Threshold limits vary based on the request type. Therefore, you could encounter a scenario where writes are throttled but reads are still permitted.
 
 ## Common throttling scenarios
 
@@ -77,20 +83,20 @@ When you implement error handling, use the HTTP error code 429 to detect throttl
 
 1. Wait the number of seconds specified in the `Retry-After` header.
 2. Retry the request.
-3. If the request fails again with a 429 error code, you are still being throttled. Continue to use the recommended `Retry-After` delay and retry the request until it succeeds.
+3. If the request fails again with a 429 error code, you're still being throttled. Continue to use the recommended `Retry-After` delay and retry the request until it succeeds.
 
-All the resources and APIs described in the [Service-specific limits](throttling-limits.md) provide a `Retry-After` header except when noted.
+All the resources and APIs described in the [Service-specific limits](throttling-limits.md) provide a `Retry-After` header except where indicated.
 
 For a broader discussion of throttling in the Microsoft Cloud, see [Throttling pattern](/azure/architecture/patterns/throttling).
 
 > [!NOTE]
-> If no `Retry-After` header is provided by the response, we recommend implementing an exponential backoff retry policy. You can also implement [more advanced patterns](/azure/architecture/patterns/category/resiliency) when building large-scale applications.
+> If no `Retry-After` header is provided by the response, we recommend implementing an exponential backoff retry policy. You can also implement [more advanced patterns](/azure/well-architected/reliability/design-patterns) when building large-scale applications.
 >
 > Microsoft Graph SDKs already implement handlers that rely on the `Retry-After` header or default to an exponential backoff retry policy.
 
 ## Best practices to avoid throttling
 
-Programming patterns like continuously polling a resource to check for updates and regularly scanning resource collections to check for new or deleted resources are more likely to lead to applications being throttled and degrade overall performances. You should instead leverage [change tracking](delta-query-overview.md) and [change notifications](change-notifications-overview.md) when available.
+Programming patterns like continuously polling a resource to check for updates and regularly scanning resource collections to check for new or deleted resources are more likely to lead to applications being throttled and degrade overall performances. You should instead use [change tracking](delta-query-overview.md) and [change notifications](change-notifications-overview.md) when available.
 
 >[!NOTE]
 >[Best practices for discovering files and detecting changes at scale](/onedrive/developer/rest-api/concepts/scan-guidance) describes best practices in details.
@@ -99,7 +105,7 @@ Programming patterns like continuously polling a resource to check for updates a
 
 [JSON batching](./json-batching.md) allows you to optimize your application by combining multiple requests into a single JSON object. Requests in a batch are evaluated individually against throttling limits and if any request exceeds the limits, it fails with a status code of `429` and an error similar to the [preceding sample response](#sample-response). The batch itself succeeds with a status code of `200` (OK). Multiple requests can be throttled in a single batch. You should retry each failed request from the batch using the value provided in the `retry-after` response header from the JSON content. You may retry all the failed requests in a new batch after the longest `retry-after` value.
 
-If SDKs retry throttled requests automatically when they are not batched, throttled requests that were part of a batch are not retried automatically.
+If SDKs retry throttled requests automatically when they aren't batched, throttled requests that were part of a batch aren't retried automatically.
 
 ## Next step
 

concepts/throttling.md

@@ -0,0 +1,21 @@
+---
+author: "cristobal-buenrostro"
+ms.localizationpriority: high
+ms.subservice: education
+ms.topic: include
+---
+<!-- markdownlint-disable MD041 -->
+
+| Request type                 | Limit per app per tenant     | Limit per tenant for all apps |
+|---------------------------|------------------------------|----------------------------|
+| Any         | 500 requests per 10 seconds   | 1,000 requests per 10 seconds
+|Any          | 15,000 requests per 3,600 seconds|30,000 requests per 3,600 seconds|
+| GET me/Assignment  | 50 requests per 10 seconds | 150 requests per 10 seconds |
+
+
+The preceding limits apply to the following resources:
+
+- [educationAssignment](/graph/api/resources/educationassignment)
+- [educationSubmission](/graph/api/resources/educationsubmission)
+- [trending](/graph/api/resources/insights-trending)
+- [educationResource](/graph/api/resources/educationresource)

includes/throttling-assignment.md

@@ -0,0 +1,21 @@
+---
+author: "arvindmicrosoft"
+ms.localizationpriority: high
+ms.subservice: microsoft-bookings
+ms.topic: include
+---
+<!-- markdownlint-disable MD041 -->
+
+The Bookings service applies limits to each app ID and mailbox combination, specifically when a particular app accesses a particular booking mailbox. Exceeding the limit for one mailbox doesn't affect the ability of the application to access another mailbox.
+
+| Limit      | Applies to    |
+| -------------- | ------------ |
+| Four concurrent requests  | v1.0 and beta endpoints   |
+
+The preceding limits apply to the following resources:
+- [business](/graph/api/resources/bookingbusiness)
+- [appointment](/graph/api/resources/bookingappointment)
+- [customQuestion](/graph/api/resources/bookingcustomquestion)
+- [customer](/graph/api/resources/bookingcustomer)
+- [service](/graph/api/resources/bookingservice)
+- [staffMember](/graph/api/resources/bookingstaffmember)

includes/throttling-bookings.md

@@ -0,0 +1,21 @@
+---
+author: "mcm223"
+ms.localizationpriority: high
+ms.subservice: cloud-communications
+ms.topic: include
+---
+<!-- markdownlint-disable MD041 -->
+
+The limits listed in the following table apply to the following resources:
+
+- [callRecord](/graph/api/resources/callrecords-callrecord)
+- [participant](/graph/api/resources/callrecords-participant)
+- [session](/graph/api/resources/callrecords-session)
+
+| Limit type      | Limit    |
+| -------------- | ------------ |
+| Per application for all tenants | 15,000 requests per 20 seconds |
+| Per tenant for all applications | 10,000 requests per 20 seconds |
+| Per application per tenant  | 1,500 requests per 20 seconds |
+| Per call record | 10 requests per 20 seconds (first page) <br/> 50 requests per 5 minutes (subsequent pages) |
+| List call records | 15 requests per 20 seconds (first page) <br/> 55 requests per 5 minutes (subsequent pages) |

includes/throttling-call-records.md

@@ -0,0 +1,14 @@
+---
+author: "ananmishr"
+ms.localizationpriority: high
+ms.subservice: cloud-communications
+ms.topic: include
+---
+<!-- markdownlint-disable MD041 -->
+
+| Resource      | Limits per app    |
+| -------------- | ------------ |
+| [Calls](/graph/api/resources/call) | 50,000 requests in a 15-second period, per application per tenant |
+| [Meeting information](/graph/api/resources/meetinginfo)   | 2,000 meetings/user each month |
+| [Presence](/graph/api/resources/presence)   | 1,500 requests in a 30-second period, per application per tenant |
+| [Virtual event](/graph/api/resources/virtualevent) | 10,000 requests/app each month |

includes/throttling-cloud-communication.md

@@ -5,7 +5,6 @@ ms.subservice: entra-sign-in
 ms.topic: include
 ---
 <!-- markdownlint-disable MD041 -->
-<!-- this file is auto-generated don't edit it manually! -->
 
 | Request type | Limit per tenant for all apps | Limit per app per tenant |
 | ------------ | ----------------------------- | ------------------------ |

includes/throttling-cpim.md

@@ -0,0 +1,19 @@
+---
+author: "dkershaw10"
+ms.localizationpriority: high
+ms.subservice: entra-sign-in
+ms.topic: include
+---
+<!-- markdownlint-disable MD041 -->
+
+| Request type | Limit per tenant |
+| ------------ | ---------------- |
+| POST on `exportPersonalData` | 1,000 requests per day for any subject and 100 per subject per day |
+| Any other request | 10,000 requests per hour |
+
+The preceding limits apply to the following resources:
+
+- [dataPolicyOperation](/graph/api/resources/datapolicyoperation)
+
+> [!NOTE]
+> The resources listed earlier don't return a `Retry-After` header on `429 Too Many Requests` responses.

includes/throttling-datapolicy-operation.md

@@ -5,7 +5,6 @@ ms.subservice: education
 ms.topic: include
 ---
 <!-- markdownlint-disable MD041 -->
-<!-- this file is auto-generated don't edit it manually! -->
 
 | Request type | Limit per app for all tenants | Limit per app per tenant |
 | ------------ | ----------------------------- | ------------------------ |

includes/throttling-education-rostering-apis.md

@@ -5,7 +5,12 @@ ms.subservice: entra-monitoring-health
 ms.topic: include
 ---
 <!-- markdownlint-disable MD041 -->
-<!-- this file is auto-generated don't edit it manually! -->
+
+| Request type |  Limit per app per tenant |
+| ------------ | ------------------------ |
+| Any | Five requests per 10 seconds |
+
+The preceding limits apply to the following resources:
 
 | <!-- fake header--> | <!-- fake header--> |
 |--|--|
@@ -16,3 +21,8 @@ Verify the following:  azureadfeatureusage, azureadlicenseusage, azureaduserfeat
 
 Changed authenticationMethodsRoot to authenticationMethod
 -->
+
+### Identity and access reports best practices
+Microsoft Entra reporting APIs are throttled when Microsoft Entra ID receives too many calls during a given timeframe from a tenant or app. Calls might also be throttled if the service takes too long to respond. If your requests still fail with a `429 Too Many Requests` error code despite applying the [best practices to handle throttling](/graph/throttling#best-practices-to-handle-throttling), try reducing the amount of data returned. Try these approaches first:
+- Use filters to target your query to just the data you need. If you only need a certain type of event or a subset of users, for example, filter out other events using the `$filter` and `$select` query parameters to reduce the size of your response object and the risk of throttling.
+- If you need a broad set of Microsoft Entra ID reporting data, use `$filter` on the **createdDateTime** to limit the number of sign-in events you query in a single call. Then, iterate through the next timespan until you have all the records you need. For example, if you're being throttled, you can begin with a call that requests three days of data and iterate with shorter timespans until your requests are no longer throttled.