You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: includes/active-directory-service-limits-include.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,7 +5,7 @@
5
5
author: curtand
6
6
ms.service: active-directory
7
7
ms.topic: include
8
-
ms.date: 05/22/2019
8
+
ms.date: 01/22/2020
9
9
ms.author: curtand
10
10
ms.custom: include file
11
11
---
@@ -19,9 +19,9 @@ Here are the usage constraints and other service limits for the Azure Active Dir
19
19
| Schema extensions |<ul><li>String-type extensions can have a maximum of 256 characters. </li><li>Binary-type extensions are limited to 256 bytes.</li><li>Only 100 extension values, across *all* types and *all* applications, can be written to any single Azure AD resource.</li><li>Only User, Group, TenantDetail, Device, Application, and ServicePrincipal entities can be extended with string-type or binary-type single-valued attributes.</li><li>Schema extensions are available only in the Graph API version 1.21 preview. The application must be granted write access to register an extension.</li></ul> |
20
20
| Applications |A maximum of 100 users can be owners of a single application. |
21
21
|Application Manifest |A maximum of 1200 entries can be added in the Application Manifest. |
22
-
| Groups |<ul><li>A maximum of 100 users can be owners of a single group.</li><li>Any number of Azure AD resources can be members of a single group.</li><li>A user can be a member of any number of groups.</li><li>The number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members.</li><li>Nested Groups in Azure AD are not supported within all scenarios</li></ul><br/> At this time the following are the supported scenarios with nested groups.<ul><li> One group can be added as a member of another group and you can achieve group nesting.</li><li> Group membership claims (when an app is configured to receive group membership claims in the token, nested groups the signed-in user is a member of are included)</li><li>Conditional access (when scoping a conditional access policy to a group)</li><li>Restricting access to self-serve password reset</li><li>Restricting which users can do Azure AD Join and device registration</li></ul><br/>The following scenarios DO NOT supported nested groups:<ul><li> App role assignment (assigning groups to an app is supported, but groups nested within the directly assigned group will not have access), both for access and for provisioning</li><li>Group-based licensing (assigning a license automatically to all members of a group)</li><li>Office 365 Groups.</li></ul> |
23
-
| Application Proxy | <ul><li>A maximum of 500 transactions per second per App Proxy application</li><li>A maximum of 750 transactions per second for the tenant</li></ul><br/>A transaction is defined as a single http request and response for a unique resource. When throttled, clients will receive a 429 response (too many requests). |
22
+
| Groups |<ul><li>A user can create a maximum of 250 groups in an Azure AD organization.</li><li>An Azure AD organization can have a maximum of 5000 dynamic groups.<li>A maximum of 100 users can be owners of a single group.</li><li>Any number of Azure AD resources can be members of a single group.</li><li>A user can be a member of any number of groups.</li><li>The number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members.</li><li>Nested Groups in Azure AD are not supported within all scenarios</li></ul><br/> At this time the following are the supported scenarios with nested groups.<ul><li> One group can be added as a member of another group and you can achieve group nesting.</li><li> Group membership claims (when an app is configured to receive group membership claims in the token, nested groups the signed-in user is a member of are included)</li><li>Conditional access (when scoping a conditional access policy to a group)</li><li>Restricting access to self-serve password reset</li><li>Restricting which users can do Azure AD Join and device registration</li></ul><br/>The following scenarios DO NOT supported nested groups:<ul><li> App role assignment (assigning groups to an app is supported, but groups nested within the directly assigned group will not have access), both for access and for provisioning</li><li>Group-based licensing (assigning a license automatically to all members of a group)</li><li>Office 365 Groups.</li></ul> |
23
+
| Application Proxy | <ul><li>A maximum of 500 transactions per second per App Proxy application</li><li>A maximum of 750 transactions per second for the Azure AD organization</li></ul><br/>A transaction is defined as a single http request and response for a unique resource. When throttled, clients will receive a 429 response (too many requests). |
24
24
| Access Panel |<ul><li>There's no limit to the number of applications that can be seen in the Access Panel per user. This applies to users assigned licenses for Azure AD Premium or the Enterprise Mobility Suite.</li><li>A maximum of 10 app tiles can be seen in the Access Panel for each user. This limit applies to users who are assigned licenses for Azure AD Free license plan. Examples of app tiles include Box, Salesforce, or Dropbox. This limit doesn't apply to administrator accounts.</li></ul> |
25
25
| Reports | A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated. |
26
26
| Administrative units | An Azure AD resource can be a member of no more than 30 administrative units. |
27
-
| Admin roles and permissions | <ul><li>A group cannot be added as an [owner](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions?context=azure/active-directory/users-groups-roles/context/ugr-context#object-ownership).</li><li>A group cannot be assigned to a [role](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).</li><li>Users’ ability to read other users’ directory information cannot be restricted outside of the tenant-wide switch to disable all non-admin users’ access to all directory information (not recommended). More information on default permissions [here](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions?context=azure/active-directory/users-groups-roles/context/ugr-context#to-restrict-the-default-permissions-for-member-users).</li><li>It may take up to 15 minutes or signing out/signing in before admin role membership additions and revocations take effect.</li></ul> |
27
+
| Admin roles and permissions | <ul><li>A group cannot be added as an [owner](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions?context=azure/active-directory/users-groups-roles/context/ugr-context#object-ownership).</li><li>A group cannot be assigned to a [role](https://docs.microsoft.com/azure/active-directory/users-groups-roles/directory-assign-admin-roles).</li><li>Users’ ability to read other users’ directory information cannot be restricted outside of the Azure AD organization-wide switch to disable all non-admin users’ access to all directory information (not recommended). More information on default permissions [here](https://docs.microsoft.com/azure/active-directory/fundamentals/users-default-permissions?context=azure/active-directory/users-groups-roles/context/ugr-context#to-restrict-the-default-permissions-for-member-users).</li><li>It may take up to 15 minutes or signing out/signing in before admin role membership additions and revocations take effect.</li></ul> |
0 commit comments