Azure AD service limits and restrictions

This article contains the usage constraints and other service limits for the Azure Active Directory (Azure AD) service. If you’re looking for the full set of Microsoft Azure service limits, see Azure Subscription and Service Limits, Quotas, and Constraints.

Here are the usage constraints and other service limits for the Azure Active Directory service.

Category Limits
Directories A single user can only be associated with a maximum of 20 Azure Active Directory directories.
Examples of possible combinations:
  • A single user creates 20 directories.
  • A single user is added to 20 directories as a member.
  • A single user creates 10 directories and later is added by others to 10 different directories.
Objects
  • A maximum of 500,000 objects can be used in a single directory by users of the Free edition of Azure Active Directory.
  • A non-admin user can create no more than 250 objects.
Schema extensions
  • String type extensions can have maximum of 256 characters.
  • Binary type extensions are limited to 256 bytes.
  • 100 extension values (across ALL types and ALL applications) can be written to any single object.
  • Only “User”, “Group”, “TenantDetail”, “Device”, “Application” and “ServicePrincipal” entities can be extended with “String” type or “Binary” type single-valued attributes.
  • Schema extensions are available only in Graph API-version 1.21-preview. The application must be granted write access to register an extension.
Applications A maximum of 100 users can be owners of a single application.
Groups
  • A maximum of 100 users can be owners of a single group.
  • Any number of objects can be members of a single group in Azure Active Directory.
  • The number of members in a group you can synchronize from your on-premises Active Directory to Azure Active Directory is limited to 15K members, using Azure Active Directory Directory Synchronization (DirSync).
  • The number of members in a group you can synchronize from your on-premises Active Directory to Azure Active Directory using Azure AD Connect is limited to 50K members.
Access Panel
  • There is no limit to the number of applications that can be seen in the Access Panel per end user, for users assigned licenses for Azure AD Premium or the Enterprise Mobility Suite.
  • A maximum of 10 app tiles (examples: Box, Salesforce, or Dropbox) can be seen in the Access Panel for each end user for users assigned licenses for Free or Azure AD Basic editions of Azure Active Directory. This limit does not apply to Administrator accounts.
Reports A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated.
Administrative units An object can be a member of no more than 30 administrative units.

What's next