Azure subscription and service limits, quotas, and constraints

• 09/02/2020
• 101 minutes to read
• • t
  • s
  • l
  • w
  • d
  • +24

This document lists some of the most common Microsoft Azure limits, which are also sometimes called quotas.

To learn more about Azure pricing, see Azure pricing overview. There, you can estimate your costs by using the pricing calculator. You also can go to the pricing details page for a particular service, for example, Windows VMs. For tips to help manage your costs, see Prevent unexpected costs with Azure billing and cost management.

Managing limits

Free Trial subscriptions aren't eligible for limit or quota increases. If you have a Free Trial subscription, you can upgrade to a Pay-As-You-Go subscription. For more information, see Upgrade your Azure Free Trial subscription to a Pay-As-You-Go subscription and the Free Trial subscription FAQ.

Some limits are managed at a regional level.

Let's use vCPU quotas as an example. To request a quota increase with support for vCPUs, you must decide how many vCPUs you want to use in which regions. You then make a specific request for Azure resource group vCPU quotas for the amounts and regions that you want. If you need to use 30 vCPUs in West Europe to run your application there, you specifically request 30 vCPUs in West Europe. Your vCPU quota isn't increased in any other region--only West Europe has the 30-vCPU quota.

As a result, decide what your Azure resource group quotas must be for your workload in any one region. Then request that amount in each region into which you want to deploy. For help in how to determine your current quotas for specific regions, see Resolve errors for resource quotas.

General limits

For limits on resource names, see Naming rules and restrictions for Azure resources.

For information about Resource Manager API read and write limits, see Throttling Resource Manager requests.

Management group limits

The following limits apply to management groups.

¹The 6 levels don't include the subscription level.

²If you reach the limit of 800 deployments, delete deployments from the history that are no longer needed. To delete management group level deployments, use Remove-AzManagementGroupDeployment or az deployment mg delete.

Subscription limits

The following limits apply when you use Azure Resource Manager and Azure resource groups.

¹You can apply up to 50 tags directly to a subscription. However, the subscription can contain an unlimited number of tags that are applied to resource groups and resources within the subscription. The number of tags per resource or resource group is limited to 50. Resource Manager returns a list of unique tag name and values in the subscription only when the number of tags is 80,000 or less. You still can find a resource by tag when the number exceeds 80,000.

²If you reach the limit of 800 deployments, delete deployments that are no longer needed from the history. To delete subscription-level deployments, use Remove-AzDeployment or az deployment sub delete.

Resource group limits

¹Deployments are automatically deleted from the history as you near the limit. Deleting an entry from the deployment history doesn't affect the deployed resources. For more information, see Automatic deletions from deployment history.

Template limits

You can exceed some template limits by using a nested template. For more information, see Use linked templates when you deploy Azure resources. To reduce the number of parameters, variables, or outputs, you can combine several values into an object. For more information, see Objects as parameters.

Active Directory limits

Here are the usage constraints and other service limits for the Azure Active Directory (Azure AD) service.

API Management limits

¹Scaling limits depend on the pricing tier. For details on the pricing tiers and their scaling limits, see API Management pricing.
²Per unit cache size depends on the pricing tier. To see the pricing tiers and their scaling limits, see API Management pricing.
³Connections are pooled and reused unless explicitly closed by the back end.
⁴This limit is per unit of the Basic, Standard, and Premium tiers. The Developer tier is limited to 1,024. This limit doesn't apply to the Consumption tier.
⁵This limit applies to the Basic, Standard, and Premium tiers. In the Consumption tier, policy document size is limited to 16 KiB.
⁶Multiple custom domains are supported in the Developer and Premium tiers only.
⁷CA certificates are not supported in the Consumption tier.
⁸This limit applies to the Consumption tier only. There are no limits in these categories for other tiers.
⁹Applies to the Consumption tier only. Includes an up to 2048 bytes long query string.
¹⁰ To raise this limit please contact support.
¹¹Self-hosted gateways are supported in the Developer and Premium tiers only. The limit applies to the number of self-hosted gateway resources. To raise this limit please contact support. Note, that the number of nodes (or replicas) associated with a self-hosted gateway resource is unlimited in the Premium tier and capped at a single node in the Developer tier.

App Service limits

The following App Service limits include limits for Web Apps, Mobile Apps, and API Apps.

¹Apps and storage quotas are per App Service plan unless noted otherwise.
²The actual number of apps that you can host on these machines depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.
³Dedicated instances can be of different sizes. For more information, see App Service pricing.
⁴More are allowed upon request.
⁵The storage limit is the total content size across all apps in the same App service plan. The total content size of all apps across all App service plans in a single resource group and region cannot exceed 500GB.
⁶These resources are constrained by physical resources on the dedicated instances (the instance size and the number of instances).
⁷If you scale an app in the Basic tier to two instances, you have 350 concurrent connections for each of the two instances. For Standard tier and above, there are no theoretical limits to web sockets, but other factors can limit the number of web sockets. For example, maximum concurrent requests allowed (defined by maxConcurrentRequestsPerCpu) are: 7,500 per small VM, 15,000 per medium VM (7,500 x 2 cores), and 75,000 per large VM (18,750 x 4 cores).
⁸The maximum IP connections are per instance and depend on the instance size: 1,920 per B1/S1/P1V3 instance, 3,968 per B2/S2/P2V3 instance, 8,064 per B3/S3/P3V3 instance.
⁹The App Service Certificate quota limit per subscription can be increased via a support request to a maximum limit of 200.
¹⁰App Service Isolated SKUs can be internally load balanced (ILB) with Azure Load Balancer, so there's no public connectivity from the internet. As a result, some features of an ILB Isolated App Service must be used from machines that have direct access to the ILB network endpoint.
¹¹Run custom executables and/or scripts on demand, on a schedule, or continuously as a background task within your App Service instance. Always On is required for continuous WebJobs execution. There's no predefined limit on the number of WebJobs that can run in an App Service instance. There are practical limits that depend on what the application code is trying to do.

¹²Naked domains are not supported. Only issuing standard certificates (wildcard certificates are not available). Limited to only one free certificate per custom domain.

Automation limits

Process automation

¹A sandbox is a shared environment that can be used by multiple jobs. Jobs that use the same sandbox are bound by the resource limitations of the sandbox.

Change Tracking and Inventory

The following table shows the tracked item limits per machine for change tracking.

Update Management

The following table shows the limits for Update Management.

Azure App Configuration

Azure Cache for Redis limits

Azure Cache for Redis limits and sizes are different for each pricing tier. To see the pricing tiers and their associated sizes, see Azure Cache for Redis pricing.

For more information on Azure Cache for Redis configuration limits, see Default Redis server configuration.

Because configuration and management of Azure Cache for Redis instances is done by Microsoft, not all Redis commands are supported in Azure Cache for Redis. For more information, see Redis commands not supported in Azure Cache for Redis.

Azure Cloud Services limits

¹Each Azure Cloud Service with web or worker roles can have two deployments, one for production and one for staging. This limit refers to the number of distinct roles, that is, configuration. This limit doesn't refer to the number of instances per role, that is, scaling.

Azure Cognitive Search limits

Pricing tiers determine the capacity and limits of your search service. Tiers include:

• Free multi-tenant service, shared with other Azure subscribers, is intended for evaluation and small development projects.
• Basic provides dedicated computing resources for production workloads at a smaller scale, with up to three replicas for highly available query workloads.
• Standard, which includes S1, S2, S3, and S3 High Density, is for larger production workloads. Multiple levels exist within the Standard tier so that you can choose a resource configuration that best matches your workload profile.

Limits per subscription

You can create multiple services within a subscription. Each one can be provisioned at a specific tier. You're limited only by the number of services allowed at each tier. For example, you could create up to 12 services at the Basic tier and another 12 services at the S1 tier within the same subscription. For more information about tiers, see Choose an SKU or tier for Azure Cognitive Search.

Maximum service limits can be raised upon request. If you need more services within the same subscription, contact Azure Support.

¹ Free is based on shared, not dedicated, resources. Scale-up is not supported on shared resources.

² Search units are billing units, allocated as either a replica or a partition. You need both resources for storage, indexing, and query operations. To learn more about SU computations, see Scale resource levels for query and index workloads.

Limits per search service

A search service is constrained by disk space or by a hard limit on the maximum number of indexes or indexers, whichever comes first. The following table documents storage limits. For maximum object limits, see Limits by resource.

¹ Basic has one fixed partition. Additional search units can be used to add replicas for larger query volumes.

² Service level agreements are in effect for billable services on dedicated resources. Free services and preview features have no SLA. For billable services, SLAs take effect when you provision sufficient redundancy for your service. Two or more replicas are required for query (read) SLAs. Three or more replicas are required for query and indexing (read-write) SLAs. The number of partitions isn't an SLA consideration.

To learn more about limits on a more granular level, such as document size, queries per second, keys, requests, and responses, see Service limits in Azure Cognitive Search.

Azure Cognitive Services limits

The following limits are for the number of Cognitive Services resources per Azure subscription. Each of the Cognitive Services may have additional limitations, for more information see Azure Cognitive Services.

Azure Cosmos DB limits

For Azure Cosmos DB limits, see Limits in Azure Cosmos DB.

Azure Data Explorer limits

The following table describes the maximum limits for Azure Data Explorer clusters.

The following table describes the limits on management operations performed on Azure Data Explorer clusters.

Azure Database for MySQL

For Azure Database for MySQL limits, see Limitations in Azure Database for MySQL.

Azure Database for PostgreSQL

For Azure Database for PostgreSQL limits, see Limitations in Azure Database for PostgreSQL.

Azure Functions limits

¹ By default, the timeout for the Functions 1.x runtime in an App Service plan is unbounded.
² Requires the App Service plan be set to Always On. Pay at standard rates.
³ These limits are set in the host.
⁴ The actual number of function apps that you can host depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.
⁵ The storage limit is the total content size in temporary storage across all apps in the same App Service plan. Consumption plan uses Azure Files for temporary storage.
⁶ When your function app is hosted in a Consumption plan, only the CNAME option is supported. For function apps in a Premium plan or an App Service plan, you can map a custom domain using either a CNAME or an A record.
⁷ Guaranteed for up to 60 minutes.
⁸ Workers are roles that host customer apps. Workers are available in three fixed sizes: One vCPU/3.5 GB RAM; Two vCPU/7 GB RAM; Four vCPU/14 GB RAM.

For more information, see Functions Hosting plans comparison.

Azure Kubernetes Service limits

¹When you deploy an Azure Kubernetes Service (AKS) cluster with the Azure CLI or a Resource Manager template, this value is configurable up to 250 pods per node. You can't configure maximum pods per node after you've already deployed an AKS cluster, or if you deploy a cluster by using the Azure portal.

Azure Machine Learning limits

The latest values for Azure Machine Learning Compute quotas can be found in the Azure Machine Learning quota page

Azure Maps limits

The following table shows the usage limit for the Azure Maps S0 pricing tier. Usage limit depends on the pricing tier.

The following table shows the cumulative data size limit for Azure Maps accounts in an Azure subscription. The Azure Maps Data service is available only at the S1 pricing tier.

For more information on the Azure Maps pricing tiers, see Azure Maps pricing.

Azure Monitor limits

Alerts

Action groups

Autoscale

Log queries and language

General query limits

User query throttling

Azure Monitor has several throttling limits to protect against users sending an excessive number of queries. Such behavior can potentially overload the system backend resources and jeopardize service responsiveness. The following limits are designed to protect customers from interruptions and ensure consistent service level. The user throttling and limits are designed to impact only extreme usage scenario and should not be relevant for typical usage.

• Optimize your queries as described in Optimize log queries in Azure Monitor.
• Dashboards and workbooks can contain multiple queries in a single view that generate a burst of queries every time they load or refresh. Consider breaking them up into multiple views that load on demand.
• In Power BI, consider extracting only aggregated results rather than raw logs.

Log Analytics workspaces

Data collection volume and retention

Number of workspaces per subscription.

Azure portal

Data Collector API

Search API

Azure Monitor Logs connector | Category | Limit | Comments | |:---|:---|:---| | Max number of records | 500,000 | | | Max query timeout | 110 second | | | Charts | | Visualization in Logs page and the connector are using different charting libraries and some functionality isn't available in the connector currently. |

General workspace limits

Data ingestion volume rate

Azure Monitor is a high scale data service that serves thousands of customers sending terabytes of data each month at a growing pace. The volume rate limit intends to isolate Azure Monitor customers from sudden ingestion spikes in multitenancy environment. A default ingestion volume rate threshold of 500 MB (compressed) is defined in workspaces, this is translated to approximately 6 GB/min uncompressed -- the actual size can vary between data types depending on the log length and its compression ratio. The volume rate limit applies to data ingested from Azure resources via Diagnostic settings. When volume rate limit is reached, a retry mechanism attempts to ingest the data 4 times in a period of 30 minutes and drop it if operation fails. It doesn't apply to data ingested from agents or Data Collector API.

When data sent to your workspace is at a volume rate higher than 80% of the threshold configured in your workspace, an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. When ingested volume rate is higher than threshold, some data is dropped and an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. If your ingestion volume rate continues to exceed the threshold or you are expecting to reach it sometime soon, you can request to increase it in by opening a support request.

See Monitor health of Log Analytics workspace in Azure Monitor to create alert rules to be proactively notified when you reach any ingestion limits.

Application Insights

There are some limits on the number of metrics and events per application, that is, per instrumentation key. Limits depend on the pricing plan that you choose.

For more information, see About pricing and quotas in Application Insights.

Azure Policy limits

There's a maximum count for each object type for Azure Policy. For definitions, an entry of Scope means the management group or subscription. For assignments and exemptions, an entry of Scope means the management group, subscription, resource group, or individual resource.

Azure Quantum limits

Provider Limits & Quota

The Azure Quantum Service supports both first and third-party service providers. Third-party providers own their limits and quotas. Users can view offers and limits in the Azure portal when configuring third-party providers in the provider blade.

You can find the published quota limits for Microsoft's first party Optimization Solutions provider below.

Learn & Develop SKU

If you are using the Learn & Develop SKU, you cannot request an increase on your quota limits. Instead you should switch to the Performance at Scale SKU.

Performance at Scale SKU

If you need to request a limit increase, please reach out to Azure Support.

For more information, please review the Azure Quantum pricing page. For information on third-party offerings, please review the relevant provider page in the Azure portal.

Azure role-based access control limits

Azure SignalR Service limits

To request an update to your subscription's default limits, open a support ticket.

Azure VMware Solution limits

The following table describes the maximum limits for Azure VMware Solution.

Backup limits

For a summary of Azure Backup support settings and limitations, see Azure Backup Support Matrices.

Batch limits

¹To request an increase beyond this limit, contact Azure Support.

Classic deployment model limits

If you use classic deployment model instead of the Azure Resource Manager deployment model, the following limits apply.

¹Extra small instances count as one vCPU toward the vCPU limit despite using a partial CPU core.

²The storage account limit includes both Standard and Premium storage accounts.

Container Instances limits

¹To request a limit increase, create an Azure Support request. Free subscriptions including Azure Free Account and Azure for Students aren't eligible for limit or quota increases. If you have a free subscription, you can upgrade to a Pay-As-You-Go subscription.
²Default limit for Pay-As-You-Go subscription. Limit may differ for other category types.

Container Registry limits

The following table details the features and limits of the Basic, Standard, and Premium service tiers.

¹ Storage included in the daily rate for each tier. Additional storage may be used, up to the registry storage limit, at an additional daily rate per GiB. For rate information, see Azure Container Registry pricing. If you need storage beyond the registry storage limit, please contact Azure Support.

²ReadOps, WriteOps, and Bandwidth are minimum estimates. Azure Container Registry strives to improve performance as usage requires.

³A docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.

⁴A docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.

Content Delivery Network limits

A Content Delivery Network subscription can contain one or more Content Delivery Network profiles. A Content Delivery Network profile can contain one or more Content Delivery Network endpoints. You might want to use multiple profiles to organize your Content Delivery Network endpoints by internet domain, web application, or some other criteria.

Data Factory limits

Azure Data Factory is a multitenant service that has the following default limits in place to make sure customer subscriptions are protected from each other's workloads. To raise the limits up to the maximum for your subscription, contact support.

Version 2

¹ The data integration unit (DIU) is used in a cloud-to-cloud copy operation, learn more from Data integration units (version 2). For information on billing, see Azure Data Factory pricing.

² Azure Integration Runtime is globally available to ensure data compliance, efficiency, and reduced network egress costs.

³ Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Data Factory. Data Factory is designed to scale to handle petabytes of data.

⁴ The payload for each activity run includes the activity configuration, the associated dataset(s) and linked service(s) configurations if any, and a small portion of system properties generated per activity type. Limit for this payload size doesn't relate to the amount of data you can move and process with Azure Data Factory. Learn about the symptoms and recommendation if you hit this limit.

Version 1

¹ Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Data Factory. Data Factory is designed to scale to handle petabytes of data.

² On-demand HDInsight cores are allocated out of the subscription that contains the data factory. As a result, the previous limit is the Data Factory-enforced core limit for on-demand HDInsight cores. It's different from the core limit that's associated with your Azure subscription.

³ The cloud data movement unit (DMU) for version 1 is used in a cloud-to-cloud copy operation, learn more from Cloud data movement units (version 1). For information on billing, see Azure Data Factory pricing.

Web service call limits

Azure Resource Manager has limits for API calls. You can make API calls at a rate within the Azure Resource Manager API limits.

Data Lake Analytics limits

Azure Data Lake Analytics makes the complex task of managing distributed infrastructure and complex code easy. It dynamically provisions resources, and you can use it to do analytics on exabytes of data. When the job completes, it winds down resources automatically. You pay only for the processing power that was used. As you increase or decrease the size of data stored or the amount of compute used, you don't have to rewrite code. To raise the default limits for your subscription, contact support.

Data Lake Storage limits

Azure Data Lake Storage Gen2 is not a dedicated service or storage account type. It is the latest release of capabilities that are dedicated to big data analytics. These capabilities are available in a general-purpose v2 or BlockBlobStorage storage account, and you can obtain them by enabling the Hierarchical namespace feature of the account. For scale targets, see these articles.

• Scale targets for Blob storage.
• Scale targets for standard storage accounts.

Azure Data Lake Storage Gen1 is a dedicated service. It's an enterprise-wide hyper-scale repository for big data analytic workloads. You can use Data Lake Storage Gen1 to capture data of any size, type, and ingestion speed in one single place for operational and exploratory analytics. There's no limit to the amount of data you can store in a Data Lake Storage Gen1 account.

Data Share limits

Azure Data Share enables organizations to simply and securely share data with their customers and partners.

Database Migration Service Limits

Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime.

Digital Twins limits

Functional limits

The following table lists the functional limits of Azure Digital Twins.

Rate limits

The following table reflects the rate limits of different APIs.

Other limits

Limits on data types and fields within DTDL documents for Azure Digital Twins models can be found within its spec documentation in GitHub: Digital Twins Definition Language (DTDL) - version 2.

Query latency details and other query limitations can be found in How-to: Query the twin graph.

Event Grid limits

The following limits apply to Azure Event Grid topics (system, custom, and partner topics).

The following limits apply to Azure Event Grid domains.

Event Hubs limits

The following tables provide quotas and limits specific to Azure Event Hubs. For information about Event Hubs pricing, see Event Hubs pricing.

Common limits for all tiers

The following limits are common across all tiers.

Basic vs. standard tiers

The following table shows limits that may be different for basic and standard tiers.

Dedicated tier vs. standard tier

The Event Hubs Dedicated offering is billed at a fixed monthly price, with a minimum of 4 hours of usage. The Dedicated tier offers all the features of the Standard plan, but with enterprise scale capacity and limits for customers with demanding workloads.

Refer to this document on how to create dedicated Event Hubs cluster using Azure portal.

Schema registry limitations

Limits that are the same for standard and dedicated tiers

Limits that are different for standard and dedicated tiers

IoT Central limits

IoT Central limits the number of applications you can deploy in a subscription to 10. If you need to increase this limit, contact Microsoft support.

IoT Hub limits

The following table lists the limits associated with the different service tiers S1, S2, S3, and F1. For information about the cost of each unit in each tier, see Azure IoT Hub pricing.

The following table lists the limits that apply to IoT Hub resources.

IoT Hub throttles requests when the following quotas are exceeded.

IoT Hub Device Provisioning Service limits

The following table lists the limits that apply to Azure IoT Hub Device Provisioning Service resources.

The Device Provisioning Service throttles requests when the following quotas are exceeded.

Key Vault limits

Key transactions (maximum transactions allowed in 10 seconds, per vault per region¹):

Secrets, managed storage account keys, and vault transactions:

For information on how to handle throttling when these limits are exceeded, see Azure Key Vault throttling guidance.

¹ A subscription-wide limit for all transaction types is five times per key vault limit. For example, HSM-other transactions per subscription are limited to 5,000 transactions in 10 seconds per subscription.

Azure Private Link integration

Managed identity limits

• Each managed identity counts towards the object quota limit in an Azure AD tenant as described in Azure AD service limits and restrictions.

• The rate at which managed identities can be created have the following limits:

  1. Per Azure AD Tenant per Azure region: 200 create operations per 20 seconds.
  2. Per Azure Subscription per Azure region : 40 create operations per 20 seconds.

• When you create user-assigned managed identities, only alphanumeric characters (0-9, a-z, and A-Z) and the hyphen (-) are supported. For the assignment to a virtual machine or virtual machine scale set to work properly, the name is limited to 24 characters.

Media Services limits

Account limits

Asset limits

Storage (media) limits

¹ The maximum size supported for a single blob is currently up to 5 TB in Azure Blob Storage. Additional limits apply in Media Services based on the VM sizes that are used by the service. The size limit applies to the files that you upload and also the files that get generated as a result of Media Services processing (encoding or analyzing). If your source file is larger than 260-GB, your Job will likely fail.

The following table shows the limits on the media reserved units S1, S2, and S3. If your source file is larger than the limits defined in the table, your encoding job fails. If you encode 4K resolution sources of long duration, you're required to use S3 media reserved units to achieve the performance needed. If you have 4K content that's larger than the 260-GB limit on the S3 media reserved units, open a support ticket.

² The storage accounts must be from the same Azure subscription.

Jobs (encoding & analyzing) limits

³ This number includes queued, finished, active, and canceled Jobs. It does not include deleted Jobs.

Any Job record in your account older than 90 days will be automatically deleted, even if the total number of records is below the maximum quota.

Live streaming limits

⁴ For detailed information about Live Event limitations, see Live Event types comparison and limitations.

⁵ Live Outputs start on creation and stop when deleted.

Packaging & delivery limits

⁶ When using a custom Streaming Policy, you should design a limited set of such policies for your Media Service account, and re-use them for your StreamingLocators whenever the same encryption options and protocols are needed. You should not be creating a new Streaming Policy for each Streaming Locator.

⁷ Streaming Locators are not designed for managing per-user access control. To give different access rights to individual users, use Digital Rights Management (DRM) solutions.

Protection limits

Support ticket

For resources that are not fixed, you may ask for the quotas to be raised, by opening a support ticket. Include detailed information in the request on the desired quota changes, use-case scenarios, and regions required.
Do not create additional Azure Media Services accounts in an attempt to obtain higher limits.

Media Services v2 (legacy)

For limits specific to Media Services v2 (legacy), see Media Services v2 (legacy)

Mobile Services limits

For more information on limits and pricing, see Azure Mobile Services pricing.

Multi-Factor Authentication limits

Networking limits

Networking limits - Azure Resource Manager

The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.

Public IP address limits

¹Default limits for Public IP addresses vary by offer category type, such as Free Trial, Pay-As-You-Go, CSP. For example, the default for Enterprise Agreement subscriptions is 1000.

Load balancer limits

The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.

Standard Load Balancer

¹ The limit is up to 150 resources, in any combination of standalone virtual machine resources, availability set resources, and virtual machine scale-set placement groups.

Basic Load Balancer

² The limit for a single discrete resource in a backend pool (standalone virtual machine, availability set, or virtual machine scale-set placement group) is to have up to 250 Frontend IP configurations across a single Basic Public Load Balancer and Basic Internal Load Balancer.

The following limits apply only for networking resources managed through the classic deployment model per subscription. Learn how to view your current resource usage against your subscription limits.

ExpressRoute limits

Number of virtual networks per ExpressRoute circuit

*100 Gbps ExpressRoute Direct Only

Virtual Network Gateway limits

NAT Gateway limits

Virtual WAN limits

Application Gateway limits

The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated.

¹ In case of WAF-enabled SKUs, you must limit the number of resources to 40.

Network Watcher limits

Private Link limits

The following limits apply to Azure private link:

Purview limits

The latest values for Azure Purview quotas can be found in the Azure Purview quota page

Traffic Manager limits

Azure Bastion limits

*May vary due to other on-going RDP sessions or other on-going SSH sessions.
**May vary if there are existing RDP connections or usage from other on-going SSH sessions.

Azure DNS limits

Public DNS zones

¹If you need to increase these limits, contact Azure Support.

Private DNS zones

¹These limits are applied to every individual virtual machine and not at the virtual network level. DNS queries exceeding these limits are dropped.

Azure Firewall limits

¹If you need to increase these limits, contact Azure Support.

Azure Front Door Service limits

Azure Front Door Standard/Premium (Preview) Service Limits

*** Maximum 500 total Standard and Premium profiles per subscription.

Timeout values

Client to Front Door

• Front Door has an idle TCP connection timeout of 61 seconds.

Front Door to application back-end

• If the response is a chunked response, a 200 is returned if or when the first chunk is received.
• After the HTTP request is forwarded to the back end, Front Door waits for 30 seconds for the first packet from the back end. Then it returns a 503 error to the client. This value is configurable via the field sendRecvTimeoutSeconds in the API.
  • For caching scenarios, this timeout is not configurable and so, if a request is cached and it takes more than 30 seconds for the first packet from Front Door or from the backend, then a 504 error is returned to the client.
• After the first packet is received from the back end, Front Door waits for 30 seconds in an idle timeout. Then it returns a 503 error to the client. This timeout value is not configurable.
• Front Door to the back-end TCP session timeout is 90 seconds.

Upload and download data limit

Other limits

• Maximum URL size - 8,192 bytes - Specifies maximum length of the raw URL (scheme + hostname + port + path + query string of the URL)
• Maximum Query String size - 4,096 bytes - Specifies the maximum length of the query string, in bytes.
• Maximum HTTP response header size from health probe URL - 4,096 bytes - Specified the maximum length of all the response headers of health probes.

Notification Hubs limits

For more information on limits and pricing, see Notification Hubs pricing.

Service Bus limits

The following table lists quota information specific to Azure Service Bus messaging. For information about pricing and other quotas for Service Bus, see Service Bus pricing.

Site Recovery limits

The following limits apply to Azure Site Recovery.

SQL Database limits

For SQL Database limits, see SQL Database resource limits for single databases, SQL Database resource limits for elastic pools and pooled databases, and SQL Database resource limits for SQL Managed Instance.

Azure Synapse Analytics limits

For Azure Synapse Analytics limits, see Azure Synapse resource limits.

Azure Files and Azure File Sync

To learn more about the limits for Azure Files and File Sync, see Azure Files scalability and performance targets.

Storage limits

The following table describes default limits for Azure general-purpose v1, v2, Blob storage, and block blob storage accounts. The ingress limit refers to all data that is sent to a storage account. The egress limit refers to all data that is received from a storage account.

¹ Azure Storage standard accounts support higher capacity limits and higher limits for ingress by request. To request an increase in account limits, contact Azure Support.

² If your storage account has read-access enabled with geo-redundant storage (RA-GRS) or geo-zone-redundant storage (RA-GZRS), then the egress targets for the secondary location are identical to those of the primary location. For more information, see Azure Storage replication.

All storage accounts run on a flat network topology regardless of when they were created. For more information on the Azure Storage flat network architecture and on scalability, see Microsoft Azure Storage: A Highly Available Cloud Storage Service with Strong Consistency.

For more information on limits for standard storage accounts, see Scalability targets for standard storage accounts.

Storage resource provider limits

The following limits apply only when you perform management operations by using Azure Resource Manager with Azure Storage.

Azure Blob storage limits

¹ Throughput for a single blob depends on several factors, including, but not limited to: concurrency, request size, performance tier, speed of source for uploads, and destination for downloads. To take advantage of the performance enhancements of high-throughput block blobs, upload larger blobs or blocks. Specifically, call the Put Blob or Put Block operation with a blob or block size that is greater than 4 MiB for standard storage accounts. For premium block blob or for Data Lake Storage Gen2 storage accounts, use a block or blob size that is greater than 256 KiB.

² Page blobs are not yet supported in accounts that have the Hierarchical namespace setting on them.

The following table describes the maximum block and blob sizes permitted by service version.

Azure Queue storage limits

Azure Table storage limits

The following table describes capacity, scalability, and performance targets for Table storage.

Virtual machine disk limits

You can attach a number of data disks to an Azure virtual machine. Based on the scalability and performance targets for a VM's data disks, you can determine the number and type of disk that you need to meet your performance and capacity requirements.

For Azure managed disks:

The following table illustrates the default and maximum limits of the number of resources per region per subscription. The limits remain the same irrespective of disks encrypted with either platform-managed keys or customer-managed keys. There is no limit for the number of Managed Disks, snapshots and images per resource group.

Resource	Limit
Standard managed disks	50,000
Standard SSD managed disks	50,000
Premium managed disks	50,000
Standard_LRS snapshots	50,000
Standard_ZRS snapshots	50,000
Managed image	50,000

For Standard storage accounts: A Standard storage account has a maximum total request rate of 20,000 IOPS. The total IOPS across all of your virtual machine disks in a Standard storage account should not exceed this limit.

You can roughly calculate the number of highly utilized disks supported by a single Standard storage account based on the request rate limit. For example, for a Basic tier VM, the maximum number of highly utilized disks is about 66, which is 20,000/300 IOPS per disk. The maximum number of highly utilized disks for a Standard tier VM is about 40, which is 20,000/500 IOPS per disk.

For Premium storage accounts: A Premium storage account has a maximum total throughput rate of 50 Gbps. The total throughput across all of your VM disks should not exceed this limit.

For more information, see Virtual machine sizes.

Disk encryption sets

There's a limitation of 1000 disk encryption sets per region, per subscription. For more information, see the encryption documentation for Linux or Windows virtual machines. If you need to increase the quota, contact Azure support.

Managed virtual machine disks

Standard HDD managed disks

Standard SSD managed disks

Premium SSD managed disks: Per-disk limits

Premium SSD managed disks: Per-VM limits

Unmanaged virtual machine disks

Standard unmanaged virtual machine disks: Per-disk limits

Premium unmanaged virtual machine disks: Per-account limits

¹Ingress refers to all data from requests that are sent to a storage account. Egress refers to all data from responses that are received from a storage account.

Premium unmanaged virtual machine disks: Per-disk limits

Premium unmanaged virtual machine disks: Per-VM limits

StorSimple System limits

*Maximum throughput per I/O type was measured with 100 percent read and 100 percent write scenarios. Actual throughput might be lower and depends on I/O mix and network conditions.

Stream Analytics limits

Virtual Machines limits

Virtual Machines limits

¹ Virtual machines created by using the classic deployment model instead of Azure Resource Manager are automatically stored in a cloud service. You can add more virtual machines to that cloud service for load balancing and availability.

² Input endpoints allow communications to a virtual machine from outside the virtual machine's cloud service. Virtual machines in the same cloud service or virtual network can automatically communicate with each other.

Virtual Machines limits - Azure Resource Manager

The following limits apply when you use Azure Resource Manager and Azure resource groups.

¹ Default limits vary by offer category type, such as Free Trial and Pay-As-You-Go, and by series, such as Dv2, F, and G. For example, the default for Enterprise Agreement subscriptions is 350.

² Properties such as SSH public keys are also pushed as certificates and count towards this limit. To bypass this limit, use the Azure Key Vault extension for Windows or the Azure Key Vault extension for Linux to install certificates.

³ With Azure Resource Manager, certificates are stored in the Azure Key Vault. The number of certificates is unlimited for a subscription. There's a 1-MB limit of certificates per deployment, which consists of either a single VM or an availability set.

Shared Image Gallery limits

There are limits, per subscription, for deploying resources using Shared Image Galleries:

• 100 shared image galleries, per subscription, per region
• 1,000 image definitions, per subscription, per region
• 10,000 image versions, per subscription, per region

Virtual machine scale sets limits

See also

• Understand Azure limits and increases
• Virtual machine and cloud service sizes for Azure
• Sizes for Azure Cloud Services
• Naming rules and restrictions for Azure resources