Azure subscription and service limits, quotas, and constraints
This document lists some of the most common Microsoft Azure limits, which are also sometimes called quotas.
To learn more about Azure pricing, see Azure pricing overview. There, you can estimate your costs by using the pricing calculator. You also can go to the pricing details page for a particular service, for example, Windows VMs. For tips to help manage your costs, see Prevent unexpected costs with Azure billing and cost management.
Managing limits
Note
Some services have adjustable limits.
When a service doesn't have adjustable limits, the following tables use the header Limit. In those cases, the default and the maximum limits are the same.
When the limit can be adjusted, the tables include Default limit and Maximum limit headers. The limit can be raised above the default limit but not above the maximum limit.
If you want to raise the limit or quota above the default limit, open an online customer support request at no charge.
The terms soft limit and hard limit often are used informally to describe the current, adjustable limit (soft limit) and the maximum limit (hard limit). If a limit isn't adjustable, there won't be a soft limit, only a hard limit.
Free Trial subscriptions aren't eligible for limit or quota increases. If you have a Free Trial subscription, you can upgrade to a Pay-As-You-Go subscription. For more information, see Upgrade your Azure Free Trial subscription to a Pay-As-You-Go subscription and the Free Trial subscription FAQ.
Some limits are managed at a regional level.
Let's use vCPU quotas as an example. To request a quota increase with support for vCPUs, you must decide how many vCPUs you want to use in which regions. You then make a specific request for Azure resource group vCPU quotas for the amounts and regions that you want. If you need to use 30 vCPUs in West Europe to run your application there, you specifically request 30 vCPUs in West Europe. Your vCPU quota isn't increased in any other region--only West Europe has the 30-vCPU quota.
As a result, decide what your Azure resource group quotas must be for your workload in any one region. Then request that amount in each region into which you want to deploy. For help in how to determine your current quotas for specific regions, see Resolve errors for resource quotas.
General limits
For limits on resource names, see Naming rules and restrictions for Azure resources.
For information about Resource Manager API read and write limits, see Throttling Resource Manager requests.
Management group limits
The following limits apply to management groups.
Resource | Limit |
---|---|
Management groups per Azure AD tenant | 10,000 |
Subscriptions per management group | Unlimited. |
Levels of management group hierarchy | Root level plus 6 levels1 |
Direct parent management group per management group | One |
Management group level deployments per location | 8002 |
1The 6 levels don't include the subscription level.
2If you reach the limit of 800 deployments, delete deployments from the history that are no longer needed. To delete management group level deployments, use Remove-AzManagementGroupDeployment or az deployment mg delete.
Subscription limits
The following limits apply when you use Azure Resource Manager and Azure resource groups.
Resource | Limit |
---|---|
Subscriptions per Azure Active Directory tenant | Unlimited |
Coadministrators per subscription | Unlimited |
Resource groups per subscription | 980 |
Azure Resource Manager API request size | 4,194,304 bytes |
Tags per subscription1 | 50 |
Unique tag calculations per subscription1 | 80,000 |
Subscription-level deployments per location | 8002 |
1You can apply up to 50 tags directly to a subscription. However, the subscription can contain an unlimited number of tags that are applied to resource groups and resources within the subscription. The number of tags per resource or resource group is limited to 50. Resource Manager returns a list of unique tag name and values in the subscription only when the number of tags is 80,000 or less. You still can find a resource by tag when the number exceeds 80,000.
2If you reach the limit of 800 deployments, delete deployments that are no longer needed from the history. To delete subscription-level deployments, use Remove-AzDeployment or az deployment sub delete.
Resource group limits
Resource | Limit |
---|---|
Resources per resource group | Resources aren't limited by resource group. Instead, they're limited by resource type in a resource group. See next row. |
Resources per resource group, per resource type | 800 - Some resource types can exceed the 800 limit. See Resources not limited to 800 instances per resource group. |
Deployments per resource group in the deployment history | 8001 |
Resources per deployment | 800 |
Management locks per unique scope | 20 |
Number of tags per resource or resource group | 50 |
Tag key length | 512 |
Tag value length | 256 |
1Deployments are automatically deleted from the history as you near the limit. Deleting an entry from the deployment history doesn't affect the deployed resources. For more information, see Automatic deletions from deployment history.
Template limits
Value | Limit |
---|---|
Parameters | 256 |
Variables | 256 |
Resources (including copy count) | 800 |
Outputs | 64 |
Template expression | 24,576 chars |
Resources in exported templates | 200 |
Template size | 4 MB |
Parameter file size | 64 KB |
You can exceed some template limits by using a nested template. For more information, see Use linked templates when you deploy Azure resources. To reduce the number of parameters, variables, or outputs, you can combine several values into an object. For more information, see Objects as parameters.
Active Directory limits
Here are the usage constraints and other service limits for the Azure Active Directory (Azure AD) service.
Category | Limit |
---|---|
Tenants | A single user can belong to a maximum of 500 Azure AD tenants as a member or a guest. A single user can create a maximum of 200 directories. |
Domains | You can add no more than 900 managed domain names. If you set up all of your domains for federation with on-premises Active Directory, you can add no more than 450 domain names in each tenant. |
Resources |
|
Schema extensions |
|
Applications |
|
Application Manifest | A maximum of 1200 entries can be added in the Application Manifest. |
Groups |
At this time the following are the supported scenarios with nested groups.
The following scenarios DO NOT supported nested groups:
|
Application Proxy |
A transaction is defined as a single http request and response for a unique resource. When throttled, clients will receive a 429 response (too many requests). |
Access Panel | There's no limit to the number of applications that can be seen in the Access Panel per user regardless of assigned licenses. |
Reports | A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated. |
Administrative units | An Azure AD resource can be a member of no more than 30 administrative units. |
Azure AD roles and permissions |
|
API Management limits
Resource | Limit |
---|---|
Maximum number of scale units | 10 per region1 |
Cache size | 5 GiB per unit2 |
Concurrent back-end connections3 per HTTP authority | 2,048 per unit4 |
Maximum cached response size | 2 MiB |
Maximum policy document size | 256 KiB5 |
Maximum custom gateway domains per service instance6 | 20 |
Maximum number of CA certificates per service instance7 | 10 |
Maximum number of service instances per subscription8 | 20 |
Maximum number of subscriptions per service instance8 | 500 |
Maximum number of client certificates per service instance8 | 50 |
Maximum number of APIs per service instance8 | 50 |
Maximum number of API operations per service instance8 | 1,000 |
Maximum total request duration8 | 30 seconds |
Maximum buffered payload size8 | 2 MiB |
Maximum request URL size9 | 4096 bytes |
Maximum length of URL path segment10 | 260 characters |
Maximum number of self-hosted gateways11 | 25 |
1Scaling limits depend on the pricing tier. For details on the pricing tiers and their scaling limits, see API Management pricing.
2Per unit cache size depends on the pricing tier. To see the pricing tiers and their scaling limits, see API Management pricing.
3Connections are pooled and reused unless explicitly closed by the back end.
4This limit is per unit of the Basic, Standard, and Premium tiers. The Developer tier is limited to 1,024. This limit doesn't apply to the Consumption tier.
5This limit applies to the Basic, Standard, and Premium tiers. In the Consumption tier, policy document size is limited to 16 KiB.
6Multiple custom domains are supported in the Developer and Premium tiers only.
7CA certificates are not supported in the Consumption tier.
8This limit applies to the Consumption tier only. There are no limits in these categories for other tiers.
9Applies to the Consumption tier only. Includes an up to 2048 bytes long query string.
10 To raise this limit please contact support.
11Self-hosted gateways are supported in the Developer and Premium tiers only. The limit applies to the number of self-hosted gateway resources. To raise this limit please contact support. Note, that the number of nodes (or replicas) associated with a self-hosted gateway resource is unlimited in the Premium tier and capped at a single node in the Developer tier.
App Service limits
The following App Service limits include limits for Web Apps, Mobile Apps, and API Apps.
Resource | Free | Shared | Basic | Standard | Premium (v1-v3) | Isolated |
---|---|---|---|---|---|---|
Web, mobile, or API apps per Azure App Service plan1 | 10 | 100 | Unlimited2 | Unlimited2 | Unlimited2 | Unlimited2 |
App Service plan | 10 per region | 10 per resource group | 100 per resource group | 100 per resource group | 100 per resource group | 100 per resource group |
Compute instance type | Shared | Shared | Dedicated3 | Dedicated3 | Dedicated3 | Dedicated3 |
Scale out (maximum instances) | 1 shared | 1 shared | 3 dedicated3 | 10 dedicated3 | 20 dedicated for v1 and v2; 30 dedicated for v3.3 | 100 dedicated4 |
Storage5 | 1 GB5 | 1 GB5 | 10 GB5 | 50 GB5 | 250 GB5 For more than 250 GB, submit a support request. |
1 TB5 The available storage quota is 999 GB. |
CPU time (5 minutes)6 | 3 minutes | 3 minutes | Unlimited, pay at standard rates | Unlimited, pay at standard rates | Unlimited, pay at standard rates | Unlimited, pay at standard rates |
CPU time (day)6 | 60 minutes | 240 minutes | Unlimited, pay at standard rates | Unlimited, pay at standard rates | Unlimited, pay at standard rates | Unlimited, pay at standard rates |
Memory (1 hour) | 1,024 MB per App Service plan | 1,024 MB per app | N/A | N/A | N/A | N/A |
Bandwidth | 165 MB | Unlimited, data transfer rates apply | Unlimited, data transfer rates apply | Unlimited, data transfer rates apply | Unlimited, data transfer rates apply | Unlimited, data transfer rates apply |
Application architecture | 32-bit | 32-bit | 32-bit/64-bit | 32-bit/64-bit | 32-bit/64-bit | 32-bit/64-bit |
Web sockets per instance7 | 5 | 35 | 350 | Unlimited | Unlimited | Unlimited |
IP connections | 600 | 600 | Depends on instance size8 | Depends on instance size8 | Depends on instance size8 | 16,000 |
Concurrent debugger connections per application | 1 | 1 | 1 | 5 | 5 | 5 |
App Service Certificates per subscription9 | Not supported | Not supported | 10 | 10 | 10 | 10 |
Custom domains per app | 0 (azurewebsites.net subdomain only) | 500 | 500 | 500 | 500 | 500 |
Custom domain SSL support | Not supported, wildcard certificate for *.azurewebsites.net available by default | Not supported, wildcard certificate for *.azurewebsites.net available by default | Unlimited SNI SSL connections | Unlimited SNI SSL and 1 IP SSL connections included | Unlimited SNI SSL and 1 IP SSL connections included | Unlimited SNI SSL and 1 IP SSL connections included |
Hybrid connections | 5 per plan | 25 per plan | 200 per app | 200 per app | ||
Virtual Network Integration | X | X | X | |||
Private Endpoints | 100 per app | |||||
Integrated load balancer | X | X | X | X | X10 | |
Access restrictions | 512 rules per app | 512 rules per app | 512 rules per app | 512 rules per app | 512 rules per app | 512 rules per app |
Always On | X | X | X | X | ||
Scheduled backups | Scheduled backups every 2 hours, a maximum of 12 backups per day (manual + scheduled) | Scheduled backups every hour, a maximum of 50 backups per day (manual + scheduled) | Scheduled backups every hour, a maximum of 50 backups per day (manual + scheduled) | |||
Autoscale | X | X | X | |||
WebJobs11 | X | X | X | X | X | X |
Endpoint monitoring | X | X | X | X | ||
Staging slots per app | 5 | 20 | 20 | |||
Testing in Production | X | X | X | |||
Diagnostic Logs | X | X | X | X | X | X |
Kudu | X | X | X | X | X | X |
Authentication and Authorization | X | X | X | X | X | X |
App Service Managed Certificates (Public Preview)12 | X | X | X | X | ||
SLA | 99.95% | 99.95% | 99.95% | 99.95% |
1Apps and storage quotas are per App Service plan unless noted otherwise.
2The actual number of apps that you can host on these machines depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.
3Dedicated instances can be of different sizes. For more information, see App Service pricing.
4More are allowed upon request.
5The storage limit is the total content size across all apps in the same App service plan. The total content size of all apps across all App service plans in a single resource group and region cannot exceed 500GB.
6These resources are constrained by physical resources on the dedicated instances (the instance size and the number of instances).
7If you scale an app in the Basic tier to two instances, you have 350 concurrent connections for each of the two instances. For Standard tier and above, there are no theoretical limits to web sockets, but other factors can limit the number of web sockets. For example, maximum concurrent requests allowed (defined by maxConcurrentRequestsPerCpu
) are: 7,500 per small VM, 15,000 per medium VM (7,500 x 2 cores), and 75,000 per large VM (18,750 x 4 cores).
8The maximum IP connections are per instance and depend on the instance size: 1,920 per B1/S1/P1V3 instance, 3,968 per B2/S2/P2V3 instance, 8,064 per B3/S3/P3V3 instance.
9The App Service Certificate quota limit per subscription can be increased via a support request to a maximum limit of 200.
10App Service Isolated SKUs can be internally load balanced (ILB) with Azure Load Balancer, so there's no public connectivity from the internet. As a result, some features of an ILB Isolated App Service must be used from machines that have direct access to the ILB network endpoint.
11Run custom executables and/or scripts on demand, on a schedule, or continuously as a background task within your App Service instance. Always On is required for continuous WebJobs execution. There's no predefined limit on the number of WebJobs that can run in an App Service instance. There are practical limits that depend on what the application code is trying to do.
12Naked domains are not supported. Only issuing standard certificates (wildcard certificates are not available). Limited to only one free certificate per custom domain.
Automation limits
Process automation
Resource | Limit | Notes |
---|---|---|
Maximum number of new jobs that can be submitted every 30 seconds per Azure Automation account (nonscheduled jobs) | 100 | When this limit is reached, the subsequent requests to create a job fail. The client receives an error response. |
Maximum number of concurrent running jobs at the same instance of time per Automation account (nonscheduled jobs) | 200 | When this limit is reached, the subsequent requests to create a job fail. The client receives an error response. |
Maximum storage size of job metadata for a 30-day rolling period | 10 GB (approximately 4 million jobs) | When this limit is reached, the subsequent requests to create a job fail. |
Maximum job stream limit | 1 MiB | A single stream cannot be larger than 1 MiB. |
Maximum number of modules that can be imported every 30 seconds per Automation account | 5 | |
Maximum size of a module | 100 MB | |
Maximum size of a node configuration file | 1 MB | Applies to state configuration |
Job run time, Free tier | 500 minutes per subscription per calendar month | |
Maximum amount of disk space allowed per sandbox1 | 1 GB | Applies to Azure sandboxes only. |
Maximum amount of memory given to a sandbox1 | 400 MB | Applies to Azure sandboxes only. |
Maximum number of network sockets allowed per sandbox1 | 1,000 | Applies to Azure sandboxes only. |
Maximum runtime allowed per runbook1 | 3 hours | Applies to Azure sandboxes only. |
Maximum number of Automation accounts in a subscription | No limit | |
Maximum number of Hybrid Worker Groups per Automation Account | 4,000 | |
Maximum number of concurrent jobs that can be run on a single Hybrid Runbook Worker | 50 | |
Maximum runbook job parameter size | 512 kilobytes | |
Maximum runbook parameters | 50 | If you reach the 50-parameter limit, you can pass a JSON or XML string to a parameter and parse it with the runbook. |
Maximum webhook payload size | 512 kilobytes | |
Maximum days that job data is retained | 30 days | |
Maximum PowerShell workflow state size | 5 MB | Applies to PowerShell workflow runbooks when checkpointing workflow. |
1A sandbox is a shared environment that can be used by multiple jobs. Jobs that use the same sandbox are bound by the resource limitations of the sandbox.
Change Tracking and Inventory
The following table shows the tracked item limits per machine for change tracking.
Resource | Limit | Notes |
---|---|---|
File | 500 | |
Registry | 250 | |
Windows software | 250 | Doesn't include software updates. |
Linux packages | 1,250 | |
Services | 250 | |
Daemon | 250 |
Update Management
The following table shows the limits for Update Management.
Resource | Limit | Notes |
---|---|---|
Number of machines per update deployment | 1000 |
Azure App Configuration
Resource | Limit |
---|---|
Configuration stores - Free tier | 1 per subscription |
Configuration stores - Standard tier | unlimited per subscription |
Configuration store requests - Free tier | 1,000 requests per day |
Configuration store requests - Standard tier | Throttling starts at 20,000 requests per hour |
Storage - Free tier | 10 MB |
Storage - Standard tier | 1 GB |
keys and values | 10 KB for a single key-value item |
Azure Cache for Redis limits
Resource | Limit |
---|---|
Cache size | 1.2 TB |
Databases | 64 |
Maximum connected clients | 40,000 |
Azure Cache for Redis replicas, for high availability | 1 |
Shards in a premium cache with clustering | 10 |
Azure Cache for Redis limits and sizes are different for each pricing tier. To see the pricing tiers and their associated sizes, see Azure Cache for Redis pricing.
For more information on Azure Cache for Redis configuration limits, see Default Redis server configuration.
Because configuration and management of Azure Cache for Redis instances is done by Microsoft, not all Redis commands are supported in Azure Cache for Redis. For more information, see Redis commands not supported in Azure Cache for Redis.
Azure Cloud Services limits
Resource | Limit |
---|---|
Web or worker roles per deployment1 | 25 |
Instance input endpoints per deployment | 25 |
Input endpoints per deployment | 25 |
Internal endpoints per deployment | 25 |
Hosted service certificates per deployment | 199 |
1Each Azure Cloud Service with web or worker roles can have two deployments, one for production and one for staging. This limit refers to the number of distinct roles, that is, configuration. This limit doesn't refer to the number of instances per role, that is, scaling.
Azure Cognitive Search limits
Pricing tiers determine the capacity and limits of your search service. Tiers include:
- Free multi-tenant service, shared with other Azure subscribers, is intended for evaluation and small development projects.
- Basic provides dedicated computing resources for production workloads at a smaller scale, with up to three replicas for highly available query workloads.
- Standard, which includes S1, S2, S3, and S3 High Density, is for larger production workloads. Multiple levels exist within the Standard tier so that you can choose a resource configuration that best matches your workload profile.
Limits per subscription
You can create multiple services within a subscription. Each one can be provisioned at a specific tier. You're limited only by the number of services allowed at each tier. For example, you could create up to 12 services at the Basic tier and another 12 services at the S1 tier within the same subscription. For more information about tiers, see Choose an SKU or tier for Azure Cognitive Search.
Maximum service limits can be raised upon request. If you need more services within the same subscription, contact Azure Support.
Resource | Free1 | Basic | S1 | S2 | S3 | S3 HD | L1 | L2 |
---|---|---|---|---|---|---|---|---|
Maximum services | 1 | 16 | 16 | 8 | 6 | 6 | 6 | 6 |
Maximum scale in search units (SU)2 | N/A | 3 SU | 36 SU | 36 SU | 36 SU | 36 SU | 36 SU | 36 SU |
1 Free is based on shared, not dedicated, resources. Scale-up is not supported on shared resources.
2 Search units are billing units, allocated as either a replica or a partition. You need both resources for storage, indexing, and query operations. To learn more about SU computations, see Scale resource levels for query and index workloads.
Limits per search service
A search service is constrained by disk space or by a hard limit on the maximum number of indexes or indexers, whichever comes first. The following table documents storage limits. For maximum object limits, see Limits by resource.
Resource | Free | Basic1 | S1 | S2 | S3 | S3 HD | L1 | L2 |
---|---|---|---|---|---|---|---|---|
Service level agreement (SLA)2 | No | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
Storage per partition | 50 MB | 2 GB | 25 GB | 100 GB | 200 GB | 200 GB | 1 TB | 2 TB |
Partitions per service | N/A | 1 | 12 | 12 | 12 | 3 | 12 | 12 |
Partition size | N/A | 2 GB | 25 GB | 100 GB | 200 GB | 200 GB | 1 TB | 2 TB |
Replicas | N/A | 3 | 12 | 12 | 12 | 12 | 12 | 12 |
1 Basic has one fixed partition. Additional search units can be used to add replicas for larger query volumes.
2 Service level agreements are in effect for billable services on dedicated resources. Free services and preview features have no SLA. For billable services, SLAs take effect when you provision sufficient redundancy for your service. Two or more replicas are required for query (read) SLAs. Three or more replicas are required for query and indexing (read-write) SLAs. The number of partitions isn't an SLA consideration.
To learn more about limits on a more granular level, such as document size, queries per second, keys, requests, and responses, see Service limits in Azure Cognitive Search.
Azure Cognitive Services limits
The following limits are for the number of Cognitive Services resources per Azure subscription. Each of the Cognitive Services may have additional limitations, for more information see Azure Cognitive Services.
Type | Limit | Example |
---|---|---|
A mixture of Cognitive Services resources | Maximum of 200 total Cognitive Services resources. | 100 Computer Vision resources in West US 2, 50 Speech Service resources in West US, and 50 Text Analytics resources in East US. |
A single type of Cognitive Services resources. | Maximum of 100 resources per region, with a maximum of 200 total Cognitive Services resources. | 100 Computer Vision resources in West US 2, and 100 Computer Vision resources in East US. |
Azure Cosmos DB limits
For Azure Cosmos DB limits, see Limits in Azure Cosmos DB.
Azure Data Explorer limits
The following table describes the maximum limits for Azure Data Explorer clusters.
Resource | Limit |
---|---|
Clusters per region per subscription | 20 |
Instances per cluster | 1000 |
Number of databases in a cluster | 10,000 |
Number of attached database configurations in a cluster | 70 |
The following table describes the limits on management operations performed on Azure Data Explorer clusters.
Scope | Operation | Limit |
---|---|---|
Cluster | read (for example, get a cluster) | 500 per 5 minutes |
Cluster | write (for example, create a database) | 1000 per hour |
Azure Database for MySQL
For Azure Database for MySQL limits, see Limitations in Azure Database for MySQL.
Azure Database for PostgreSQL
For Azure Database for PostgreSQL limits, see Limitations in Azure Database for PostgreSQL.
Azure Functions limits
Resource | Consumption plan | Premium plan | Dedicated plan | ASE | Kubernetes |
---|---|---|---|---|---|
Default timeout duration (min) | 5 | 30 | 301 | 30 | 30 |
Max timeout duration (min) | 10 | unbounded7 | unbounded2 | unbounded | unbounded |
Max outbound connections (per instance) | 600 active (1200 total) | unbounded | unbounded | unbounded | unbounded |
Max request size (MB)3 | 100 | 100 | 100 | 100 | Depends on cluster |
Max query string length3 | 4096 | 4096 | 4096 | 4096 | Depends on cluster |
Max request URL length3 | 8192 | 8192 | 8192 | 8192 | Depends on cluster |
ACU per instance | 100 | 210-840 | 100-840 | 210-2508 | AKS pricing |
Max memory (GB per instance) | 1.5 | 3.5-14 | 1.75-14 | 3.5 - 14 | Any node is supported |
Function apps per plan | 100 | 100 | unbounded4 | unbounded | unbounded |
App Service plans | 100 per region | 100 per resource group | 100 per resource group | - | - |
Storage5 | 5 TB | 250 GB | 50-1000 GB | 1 TB | n/a |
Custom domains per app | 5006 | 500 | 500 | 500 | n/a |
Custom domain SSL support | unbounded SNI SSL connection included | unbounded SNI SSL and 1 IP SSL connections included | unbounded SNI SSL and 1 IP SSL connections included | unbounded SNI SSL and 1 IP SSL connections included | n/a |
1 By default, the timeout for the Functions 1.x runtime in an App Service plan is unbounded.
2 Requires the App Service plan be set to Always On. Pay at standard rates.
3 These limits are set in the host.
4 The actual number of function apps that you can host depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.
5 The storage limit is the total content size in temporary storage across all apps in the same App Service plan. Consumption plan uses Azure Files for temporary storage.
6 When your function app is hosted in a Consumption plan, only the CNAME option is supported. For function apps in a Premium plan or an App Service plan, you can map a custom domain using either a CNAME or an A record.
7 Guaranteed for up to 60 minutes.
8 Workers are roles that host customer apps. Workers are available in three fixed sizes: One vCPU/3.5 GB RAM; Two vCPU/7 GB RAM; Four vCPU/14 GB RAM.
For more information, see Functions Hosting plans comparison.
Azure Kubernetes Service limits
Resource | Limit |
---|---|
Maximum clusters per subscription | 1000 |
Maximum nodes per cluster with Virtual Machine Availability Sets and Basic Load Balancer SKU | 100 |
Maximum nodes per cluster with Virtual Machine Scale Sets and Standard Load Balancer SKU | 1000 (100 nodes per node pool) |
Maximum pods per node: Basic networking with Kubenet | 110 |
Maximum pods per node: Advanced networking with Azure Container Networking Interface | Azure CLI deployment: 301 Azure Resource Manager template: 301 Portal deployment: 30 |
1When you deploy an Azure Kubernetes Service (AKS) cluster with the Azure CLI or a Resource Manager template, this value is configurable up to 250 pods per node. You can't configure maximum pods per node after you've already deployed an AKS cluster, or if you deploy a cluster by using the Azure portal.
Azure Machine Learning limits
The latest values for Azure Machine Learning Compute quotas can be found in the Azure Machine Learning quota page
Azure Maps limits
The following table shows the usage limit for the Azure Maps S0 pricing tier. Usage limit depends on the pricing tier.
Resource | S0 pricing tier limit |
---|---|
Maximum request rate per subscription | 50 requests per second |
The following table shows the cumulative data size limit for Azure Maps accounts in an Azure subscription. The Azure Maps Data service is available only at the S1 pricing tier.
Resource | Limit |
---|---|
Maximum storage per Azure subscription | 1 GB |
Maximum size per file upload | 100 MB |
For more information on the Azure Maps pricing tiers, see Azure Maps pricing.
Azure Monitor limits
Alerts
Resource | Default limit | Maximum limit |
---|---|---|
Metric alerts (classic) | 100 active alert rules per subscription. | Call support |
Metric alerts | 5,000 active alert rules per subscription in Azure public, Azure China 21Vianet and Azure Government clouds. If you are hitting this limit, explore if you can use same type multi-resource alerts. 5,000 metric time-series per alert rule. |
Call support. |
Activity log alerts | 100 active alert rules per subscription (cannot be increased). | Same as default |
Log alerts | 512 active alert rules per subscription. 200 active alert rules per resource. | Call support |
Alert rules and Action rules description length | Log search alerts 4096 characters All other 2048 characters |
Same as default |
Action groups
Resource | Default limit | Maximum limit |
---|---|---|
Azure app push | 10 Azure app actions per action group. | Same as Default |
1,000 email actions in an action group. No more than 100 emails in an hour. Also see the rate limiting information. |
Same as Default | |
ITSM | 10 ITSM actions in an action group. | Same as Default |
Logic app | 10 logic app actions in an action group. | Same as Default |
Runbook | 10 runbook actions in an action group. | Same as Default |
SMS | 10 SMS actions in an action group. No more than 1 SMS message every 5 minutes. Also see the rate limiting information. |
Same as Default |
Voice | 10 voice actions in an action group. No more than 1 voice call every 5 minutes. Also see the rate limiting information. |
Same as Default |
Webhook | 10 webhook actions in an action group. Maximum number of webhook calls is 1500 per minute per subscription. Other limits are available at action-specific information. | Same as Default |
Autoscale
Resource | Default limit | Maximum limit |
---|---|---|
Autoscale settings | 100 per region per subscription. | Same as default |
Autoscale profiles | 20 profiles per autoscale setting. | Same as default |
Log queries and language
General query limits
Limit | Description |
---|---|
Query language | Azure Monitor uses the same Kusto query language as Azure Data Explorer. See Azure Monitor log query language differences for KQL language elements not supported in Azure Monitor. |
Azure regions | Log queries can experience excessive overhead when data spans Log Analytics workspaces in multiple Azure regions. See Query limits for details. |
Cross resource queries | Maximum number of Application Insights resources and Log Analytics workspaces in a single query limited to 100. Cross-resource query is not supported in View Designer. Cross-resource query in log alerts is supported in the new scheduledQueryRules API. See Cross-resource query limits for details. |
User query throttling
Azure Monitor has several throttling limits to protect against users sending an excessive number of queries. Such behavior can potentially overload the system backend resources and jeopardize service responsiveness. The following limits are designed to protect customers from interruptions and ensure consistent service level. The user throttling and limits are designed to impact only extreme usage scenario and should not be relevant for typical usage.
Measure | Limit per user | Description |
---|---|---|
Concurrent queries | 5 | If there are already 5 queries running for the user, any new queries are placed in a per-user concurrency queue. When one of the running queries ends, the next query will be pulled from the queue and started. This does not include queries from alert rules. |
Time in concurrency queue | 3 minutes | If a query sits in the queue for more than 3 minutes without being started, it will be terminated with an HTTP error response with code 429. |
Total queries in concurrency queue | 200 | Once the number of queries in the queue reaches 200, any additional queries will by rejected with an HTTP error code 429. This number is in addition to the 5 queries that can be running simultaneously. |
Query rate | 200 queries per 30 seconds | This is the overall rate that queries can be submitted by a single user to all workspaces. This limit applies to programmatic queries or queries initiated by visualization parts such as Azure dashboards and the Log Analytics workspace summary page. |
- Optimize your queries as described in Optimize log queries in Azure Monitor.
- Dashboards and workbooks can contain multiple queries in a single view that generate a burst of queries every time they load or refresh. Consider breaking them up into multiple views that load on demand.
- In Power BI, consider extracting only aggregated results rather than raw logs.
Log Analytics workspaces
Data collection volume and retention
Tier | Limit per day | Data retention | Comment |
---|---|---|---|
Current Per GB pricing tier (introduced April 2018) |
No limit | 30 - 730 days | Data retention beyond 31 days is available for additional charges. Learn more about Azure Monitor pricing. |
Legacy Free tiers (introduced April 2016) |
500 MB | 7 days | When your workspace reaches the 500 MB per day limit, data ingestion stops and resumes at the start of the next day. A day is based on UTC. Note that data collected by Azure Security Center is not included in this 500 MB per day limit and will continue to be collected above this limit. |
Legacy Standalone Per GB tier (introduced April 2016) |
No limit | 30 to 730 days | Data retention beyond 31 days is available for additional charges. Learn more about Azure Monitor pricing. |
Legacy Per Node (OMS) (introduced April 2016) |
No limit | 30 to 730 days | Data retention beyond 31 days is available for additional charges. Learn more about Azure Monitor pricing. |
Legacy Standard tier | No limit | 30 days | Retention can't be adjusted |
Legacy Premium tier | No limit | 365 days | Retention can't be adjusted |
Number of workspaces per subscription.
Pricing tier | Workspace limit | Comments |
---|---|---|
Free tier | 10 | This limit can't be increased. |
All other tiers | No limit | You're limited by the number of resources within a resource group and the number of resource groups per subscription. |
Azure portal
Category | Limit | Comments |
---|---|---|
Maximum records returned by a log query | 10,000 | Reduce results using query scope, time range, and filters in the query. |
Data Collector API
Category | Limit | Comments |
---|---|---|
Maximum size for a single post | 30 MB | Split larger volumes into multiple posts. |
Maximum size for field values | 32 KB | Fields longer than 32 KB are truncated. |
Search API
Category | Limit | Comments |
---|---|---|
Maximum records returned in a single query | 500,000 | |
Maximum size of data returned | 64,000,000 bytes (~61 MiB) | |
Maximum query running time | 10 minutes | See Timeouts for details. |
Maximum request rate | 200 requests per 30 seconds per Azure AD user or client IP address | See Rate limits for details. |
Azure Monitor Logs connector | Category | Limit | Comments | |:---|:---|:---| | Max number of records | 500,000 | | | Max query timeout | 110 second | | | Charts | | Visualization in Logs page and the connector are using different charting libraries and some functionality isn't available in the connector currently. |
General workspace limits
Category | Limit | Comments |
---|---|---|
Maximum columns in a table | 500 | |
Maximum characters for column name | 500 |
Azure Monitor is a high scale data service that serves thousands of customers sending terabytes of data each month at a growing pace. The volume rate limit intends to isolate Azure Monitor customers from sudden ingestion spikes in multitenancy environment. A default ingestion volume rate threshold of 500 MB (compressed) is defined in workspaces, this is translated to approximately 6 GB/min uncompressed -- the actual size can vary between data types depending on the log length and its compression ratio. The volume rate limit applies to data ingested from Azure resources via Diagnostic settings. When volume rate limit is reached, a retry mechanism attempts to ingest the data 4 times in a period of 30 minutes and drop it if operation fails. It doesn't apply to data ingested from agents or Data Collector API.
When data sent to your workspace is at a volume rate higher than 80% of the threshold configured in your workspace, an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. When ingested volume rate is higher than threshold, some data is dropped and an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. If your ingestion volume rate continues to exceed the threshold or you are expecting to reach it sometime soon, you can request to increase it in by opening a support request.
See Monitor health of Log Analytics workspace in Azure Monitor to create alert rules to be proactively notified when you reach any ingestion limits.
Note
Depending on how long you've been using Log Analytics, you might have access to legacy pricing tiers. Learn more about Log Analytics legacy pricing tiers.
Application Insights
There are some limits on the number of metrics and events per application, that is, per instrumentation key. Limits depend on the pricing plan that you choose.
Resource | Default limit | Note |
---|---|---|
Total data per day | 100 GB | You can reduce data by setting a cap. If you need more data, you can increase the limit in the portal, up to 1,000 GB. For capacities greater than 1,000 GB, send email to AIDataCap@microsoft.com. |
Throttling | 32,000 events/second | The limit is measured over a minute. |
Data retention Logs | 30 - 730 days | This resource is for Logs. |
Data retention Metrics | 90 days | This resource is for Metrics Explorer. |
Availability multi-step test detailed results retention | 90 days | This resource provides detailed results of each step. |
Maximum telemetry item size | 64 kB | |
Maximum telemetry items per batch | 64 K | |
Property and metric name length | 150 | See type schemas. |
Property value string length | 8,192 | See type schemas. |
Trace and exception message length | 32,768 | See type schemas. |
Availability tests count per app | 100 | |
Profiler data retention | 5 days | |
Profiler data sent per day | 10 GB |
For more information, see About pricing and quotas in Application Insights.
Azure Policy limits
There's a maximum count for each object type for Azure Policy. For definitions, an entry of Scope means the management group or subscription. For assignments and exemptions, an entry of Scope means the management group, subscription, resource group, or individual resource.
Where | What | Maximum count |
---|---|---|
Scope | Policy definitions | 500 |
Scope | Initiative definitions | 200 |
Tenant | Initiative definitions | 2,500 |
Scope | Policy or initiative assignments | 200 |
Scope | Exemptions | 1000 |
Policy definition | Parameters | 20 |
Initiative definition | Policies | 1000 |
Initiative definition | Parameters | 100 |
Policy or initiative assignments | Exclusions (notScopes) | 400 |
Policy rule | Nested conditionals | 512 |
Remediation task | Resources | 500 |
Azure Quantum limits
Provider Limits & Quota
The Azure Quantum Service supports both first and third-party service providers. Third-party providers own their limits and quotas. Users can view offers and limits in the Azure portal when configuring third-party providers in the provider blade.
You can find the published quota limits for Microsoft's first party Optimization Solutions provider below.
Learn & Develop SKU
Resource | Limit |
---|---|
CPU-based concurrent jobs | up to 5 concurrent jobs |
FPGA-based concurrent jobs | up to 2 concurrent jobs |
CPU-based solver hours | 20 hours per month |
FPGA-based solver hours | 1 hour per month |
If you are using the Learn & Develop SKU, you cannot request an increase on your quota limits. Instead you should switch to the Performance at Scale SKU.
Performance at Scale SKU
Resource | Default Limit | Maximum Limit |
---|---|---|
CPU-based concurrent jobs | up to 100 concurrent jobs | same as default limit |
FPGA-based concurrent jobs | up to 10 concurrent jobs | same as default limit |
Solver hours | 1,000 hours per month | up to 50,000 hours per month |
If you need to request a limit increase, please reach out to Azure Support.
For more information, please review the Azure Quantum pricing page. For information on third-party offerings, please review the relevant provider page in the Azure portal.
Azure role-based access control limits
Resource | Limit |
---|---|
Role assignments for Azure resources per Azure subscription | 2,000 |
Role assignments for Azure resources per management group | 500 |
Azure custom roles per tenant | 5,000 |
Azure custom roles per tenant (for Azure Germany and Azure China 21Vianet) |
2,000 |
Azure SignalR Service limits
Resource | Default limit | Maximum limit |
---|---|---|
Azure SignalR Service units per instance for Free tier | 1 | 1 |
Azure SignalR Service units per instance for Standard tier | 100 | 100 |
Azure SignalR Service units per subscription per region for Free tier | 5 | 5 |
Total Azure SignalR Service unit counts per subscription per region | 150 | Unlimited |
Connections per unit per day for Free tier | 20 | 20 |
Connections per unit per day for Standard tier | 1,000 | 1,000 |
Included messages per unit per day for Free tier | 20,000 | 20,000 |
Additional messages per unit per day for Free tier | 0 | 0 |
Included messages per unit per day for Standard tier | 1,000,000 | 1,000,000 |
Additional messages per unit per day for Standard tier | Unlimited | Unlimited |
To request an update to your subscription's default limits, open a support ticket.
Azure VMware Solution limits
The following table describes the maximum limits for Azure VMware Solution.
Resource | Limit |
---|---|
Clusters per private cloud | 4 |
Minimum number of nodes per cluster | 3 |
Maximum number of nodes per cluster | 16 |
Nodes per private cloud | 64 |
vCenter per private cloud | 1 |
HCX site pairings | 3 with Advanced edition, 10 with Enterprise edition |
ExpressRoute limits | 4 SDDCs, 10 SDDCs when Ultra Gateway is used |
Public IPs exposed via vWAN | 256 |
vSAN capacity limits | 75% of total usable (keep 25% available for SLA) |
Backup limits
For a summary of Azure Backup support settings and limitations, see Azure Backup Support Matrices.
Batch limits
Resource | Default limit | Maximum limit |
---|---|---|
Azure Batch accounts per region per subscription | 1-3 | 50 |
Dedicated cores per Batch account | 90-900 | Contact support |
Low-priority cores per Batch account | 10-100 | Contact support |
Active jobs and job schedules per Batch account (completed jobs have no limit) | 100-300 | 1,0001 |
Pools per Batch account | 20-100 | 5001 |
1To request an increase beyond this limit, contact Azure Support.
Note
Default limits vary depending on the type of subscription you use to create a Batch account. Cores quotas shown are for Batch accounts in Batch service mode. View the quotas in your Batch account.
Important
To help us better manage capacity during the global health pandemic, the default core quotas for new Batch accounts in some regions and for some types of subscription have been reduced from the above range of values, in some cases to zero cores. When you create a new Batch account, check your core quota and request a core quota increase, if required. Alternatively, consider reusing Batch accounts that already have sufficient quota.
Classic deployment model limits
If you use classic deployment model instead of the Azure Resource Manager deployment model, the following limits apply.
Resource | Default limit | Maximum limit |
---|---|---|
vCPUs per subscription1 | 20 | 10,000 |
Coadministrators per subscription | 200 | 200 |
Storage accounts per subscription2 | 100 | 100 |
Cloud services per subscription | 20 | 200 |
Local networks per subscription | 10 | 500 |
DNS servers per subscription | 9 | 100 |
Reserved IPs per subscription | 20 | 100 |
Affinity groups per subscription | 256 | 256 |
Subscription name length (characters) | 64 | 64 |
1Extra small instances count as one vCPU toward the vCPU limit despite using a partial CPU core.
2The storage account limit includes both Standard and Premium storage accounts.
Container Instances limits
Resource | Limit |
---|---|
Standard sku container groups per region per subscription | 1001 |
Dedicated sku container groups per region per subscription | 01 |
Number of containers per container group | 60 |
Number of volumes per container group | 20 |
Standard sku cores (CPUs) per region per subscription | 101,2 |
Standard sku cores (CPUs) for K80 GPU per region per subscription | 181,2 |
Standard sku cores (CPUs) for P100 or V100 GPU per region per subscription | 01,2 |
Ports per IP | 5 |
Container instance log size - running instance | 4 MB |
Container instance log size - stopped instance | 16 KB or 1,000 lines |
Container creates per hour | 3001 |
Container creates per 5 minutes | 1001 |
Container deletes per hour | 3001 |
Container deletes per 5 minutes | 1001 |
1To request a limit increase, create an Azure Support request. Free subscriptions including Azure Free Account and Azure for Students aren't eligible for limit or quota increases. If you have a free subscription, you can upgrade to a Pay-As-You-Go subscription.
2Default limit for Pay-As-You-Go subscription. Limit may differ for other category types.
Container Registry limits
The following table details the features and limits of the Basic, Standard, and Premium service tiers.
Resource | Basic | Standard | Premium |
---|---|---|---|
Included storage1 (GiB) | 10 | 100 | 500 |
Storage limit (TiB) | 20 | 20 | 20 |
Maximum image layer size (GiB) | 200 | 200 | 200 |
ReadOps per minute2, 3 | 1,000 | 3,000 | 10,000 |
WriteOps per minute2, 4 | 100 | 500 | 2,000 |
Download bandwidth2 (Mbps) | 30 | 60 | 100 |
Upload bandwidth 2 (Mbps) | 10 | 20 | 50 |
Webhooks | 2 | 10 | 500 |
Geo-replication | N/A | N/A | Supported |
Availability zones | N/A | N/A | Preview |
Content trust | N/A | N/A | Supported |
Private link with private endpoints | N/A | N/A | Supported |
• Private endpoints | N/A | N/A | 10 |
Service endpoint VNet access | N/A | N/A | Preview |
Customer-managed keys | N/A | N/A | Supported |
Repository-scoped permissions | N/A | N/A | Preview |
• Tokens | N/A | N/A | 20,000 |
• Scope maps | N/A | N/A | 20,000 |
• Repositories per scope map | N/A | N/A | 500 |
1 Storage included in the daily rate for each tier. Additional storage may be used, up to the registry storage limit, at an additional daily rate per GiB. For rate information, see Azure Container Registry pricing. If you need storage beyond the registry storage limit, please contact Azure Support.
2ReadOps, WriteOps, and Bandwidth are minimum estimates. Azure Container Registry strives to improve performance as usage requires.
3A docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.
4A docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push
includes ReadOps to retrieve a manifest for an existing image.
Content Delivery Network limits
Resource | Limit |
---|---|
Azure Content Delivery Network profiles | 25 |
Content Delivery Network endpoints per profile | 25 |
Custom domains per endpoint | 25 |
A Content Delivery Network subscription can contain one or more Content Delivery Network profiles. A Content Delivery Network profile can contain one or more Content Delivery Network endpoints. You might want to use multiple profiles to organize your Content Delivery Network endpoints by internet domain, web application, or some other criteria.
Data Factory limits
Azure Data Factory is a multitenant service that has the following default limits in place to make sure customer subscriptions are protected from each other's workloads. To raise the limits up to the maximum for your subscription, contact support.
Version 2
Resource | Default limit | Maximum limit |
---|---|---|
Data factories in an Azure subscription | 800 | 800 |
Total number of entities, such as pipelines, data sets, triggers, linked services, Private Endpoints, and integration runtimes, within a data factory | 5,000 | Contact support. |
Total CPU cores for Azure-SSIS Integration Runtimes under one subscription | 256 | Contact support. |
Concurrent pipeline runs per data factory that's shared among all pipelines in the factory | 10,000 | 10,000 |
Concurrent External activity runs per subscription per Azure Integration Runtime region External activities are managed on integration runtime but execute on linked services, including Databricks, stored procedure, HDInsights, Web, and others. This limit does not apply to Self-hosted IR. |
3,000 | 3,000 |
Concurrent Pipeline activity runs per subscription per Azure Integration Runtime region Pipeline activities execute on integration runtime, including Lookup, GetMetadata, and Delete. This limit does not apply to Self-hosted IR. |
1,000 | 1,000 |
Concurrent authoring operations per subscription per Azure Integration Runtime region Including test connection, browse folder list and table list, preview data. This limit does not apply to Self-hosted IR. |
200 | 200 |
Concurrent Data Integration Units1 consumption per subscription per Azure Integration Runtime region | Region group 12: 6,000 Region group 22: 3,000 Region group 32: 1,500 |
Region group 12: 6,000 Region group 22: 3,000 Region group 32: 1,500 |
Maximum activities per pipeline, which includes inner activities for containers | 40 | 40 |
Maximum number of linked integration runtimes that can be created against a single self-hosted integration runtime | 100 | Contact support. |
Maximum parameters per pipeline | 50 | 50 |
ForEach items | 100,000 | 100,000 |
ForEach parallelism | 20 | 50 |
Maximum queued runs per pipeline | 100 | 100 |
Characters per expression | 8,192 | 8,192 |
Minimum tumbling window trigger interval | 15 min | 15 min |
Maximum timeout for pipeline activity runs | 7 days | 7 days |
Bytes per object for pipeline objects3 | 200 KB | 200 KB |
Bytes per object for dataset and linked service objects3 | 100 KB | 2,000 KB |
Bytes per payload for each activity run4 | 896 KB | 896 KB |
Data Integration Units1 per copy activity run | 256 | 256 |
Write API calls | 1,200/h | 1,200/h This limit is imposed by Azure Resource Manager, not Azure Data Factory. |
Read API calls | 12,500/h | 12,500/h This limit is imposed by Azure Resource Manager, not Azure Data Factory. |
Monitoring queries per minute | 1,000 | 1,000 |
Maximum time of data flow debug session | 8 hrs | 8 hrs |
Concurrent number of data flows per integration runtime | 50 | Contact support. |
Concurrent number of data flow debug sessions per user per factory | 3 | 3 |
Data Flow Azure IR TTL limit | 4 hrs | 4 hrs |
1 The data integration unit (DIU) is used in a cloud-to-cloud copy operation, learn more from Data integration units (version 2). For information on billing, see Azure Data Factory pricing.
2 Azure Integration Runtime is globally available to ensure data compliance, efficiency, and reduced network egress costs.
Region group | Regions |
---|---|
Region group 1 | Central US, East US, East US2, North Europe, West Europe, West US, West US 2 |
Region group 2 | Australia East, Australia Southeast, Brazil South, Central India, Japan East, Northcentral US, Southcentral US, Southeast Asia, West Central US |
Region group 3 | Canada Central, East Asia, France Central, Korea Central, UK South |
3 Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Data Factory. Data Factory is designed to scale to handle petabytes of data.
4 The payload for each activity run includes the activity configuration, the associated dataset(s) and linked service(s) configurations if any, and a small portion of system properties generated per activity type. Limit for this payload size doesn't relate to the amount of data you can move and process with Azure Data Factory. Learn about the symptoms and recommendation if you hit this limit.
Version 1
Resource | Default limit | Maximum limit |
---|---|---|
Pipelines within a data factory | 2,500 | Contact support. |
Data sets within a data factory | 5,000 | Contact support. |
Concurrent slices per data set | 10 | 10 |
Bytes per object for pipeline objects1 | 200 KB | 200 KB |
Bytes per object for data set and linked service objects1 | 100 KB | 2,000 KB |
Azure HDInsight on-demand cluster cores within a subscription2 | 60 | Contact support. |
Cloud data movement units per copy activity run3 | 32 | 32 |
Retry count for pipeline activity runs | 1,000 | MaxInt (32 bit) |
1 Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Data Factory. Data Factory is designed to scale to handle petabytes of data.
2 On-demand HDInsight cores are allocated out of the subscription that contains the data factory. As a result, the previous limit is the Data Factory-enforced core limit for on-demand HDInsight cores. It's different from the core limit that's associated with your Azure subscription.
3 The cloud data movement unit (DMU) for version 1 is used in a cloud-to-cloud copy operation, learn more from Cloud data movement units (version 1). For information on billing, see Azure Data Factory pricing.
Resource | Default lower limit | Minimum limit |
---|---|---|
Scheduling interval | 15 minutes | 15 minutes |
Interval between retry attempts | 1 second | 1 second |
Retry timeout value | 1 second | 1 second |
Web service call limits
Azure Resource Manager has limits for API calls. You can make API calls at a rate within the Azure Resource Manager API limits.
Data Lake Analytics limits
Azure Data Lake Analytics makes the complex task of managing distributed infrastructure and complex code easy. It dynamically provisions resources, and you can use it to do analytics on exabytes of data. When the job completes, it winds down resources automatically. You pay only for the processing power that was used. As you increase or decrease the size of data stored or the amount of compute used, you don't have to rewrite code. To raise the default limits for your subscription, contact support.
Resource | Limit | Comments |
---|---|---|
Maximum number of concurrent jobs | 20 | |
Maximum number of analytics units (AUs) per account | 250 | Use any combination of up to a maximum of 250 AUs across 20 jobs. To increase this limit, contact Microsoft Support. |
Maximum script size for job submission | 3 MB | |
Maximum number of Data Lake Analytics accounts per region per subscription | 5 | To increase this limit, contact Microsoft Support. |
Data Lake Storage limits
Azure Data Lake Storage Gen2 is not a dedicated service or storage account type. It is the latest release of capabilities that are dedicated to big data analytics. These capabilities are available in a general-purpose v2 or BlockBlobStorage storage account, and you can obtain them by enabling the Hierarchical namespace feature of the account. For scale targets, see these articles.
Azure Data Lake Storage Gen1 is a dedicated service. It's an enterprise-wide hyper-scale repository for big data analytic workloads. You can use Data Lake Storage Gen1 to capture data of any size, type, and ingestion speed in one single place for operational and exploratory analytics. There's no limit to the amount of data you can store in a Data Lake Storage Gen1 account.
Resource | Limit | Comments |
---|---|---|
Maximum number of Data Lake Storage Gen1 accounts, per subscription, per region | 10 | To request an increase for this limit, contact support. |
Maximum number of access ACLs, per file or folder | 32 | This is a hard limit. Use groups to manage access with fewer entries. |
Maximum number of default ACLs, per file or folder | 32 | This is a hard limit. Use groups to manage access with fewer entries. |
Data Share limits
Azure Data Share enables organizations to simply and securely share data with their customers and partners.
Resource | Limit |
---|---|
Maximum number of Data Share resources per Azure subscription | 100 |
Maximum number of sent shares per Data Share resource | 200 |
Maximum number of received shares per Data Share resource | 100 |
Maximum number of invitations per sent share | 200 |
Maximum number of share subscriptions per sent share | 200 |
Maximum number of datasets per share | 200 |
Maximum number of snapshot schedules per share | 1 |
Database Migration Service Limits
Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime.
Resource | Limit | Comments |
---|---|---|
Maximum number of services per subscription, per region | 10 | To request an increase for this limit, contact support. |
Digital Twins limits
Note
Some areas of this service have adjustable limits, and others do not. This is represented in the tables below with the Adjustable? column. When the limit can be adjusted, the Adjustable? value is Yes.
Functional limits
The following table lists the functional limits of Azure Digital Twins.
Tip
For modeling recommendations to operate within these functional limits, see Best practices for designing models.
Area | Capability | Default limit | Adjustable? |
---|---|---|---|
Azure resource | Number of Azure Digital Twins instances in a region, per subscription | 10 | Yes |
Digital twins | Number of twins in an Azure Digital Twins instance | 200,000 | Yes |
Digital twins | Number of incoming relationships to a single twin | 5,000 | No |
Digital twins | Number of outgoing relationships from a single twin | 5,000 | No |
Digital twins | Maximum size (of JSON body in a PUT or PATCH request) of a single twin | 32 KB | No |
Digital twins | Maximum request payload size | 32 KB | No |
Routing | Number of endpoints for a single Azure Digital Twins instance | 6 | No |
Routing | Number of routes for a single Azure Digital Twins instance | 6 | Yes |
Models | Number of models within a single Azure Digital Twins instance | 10,000 | Yes |
Models | Number of models that can be uploaded in a single API call | 250 | No |
Models | Maximum size (of JSON body in a PUT or PATCH request) of a single model | 1 MB | No |
Models | Number of items returned in a single page | 100 | No |
Query | Number of items returned in a single page | 100 | Yes |
Query | Number of AND / OR expressions in a query |
50 | Yes |
Query | Number of array items in an IN / NOT IN clause |
50 | Yes |
Query | Number of characters in a query | 8,000 | Yes |
Query | Number of JOINS in a query |
5 | Yes |
Rate limits
The following table reflects the rate limits of different APIs.
API | Capability | Default limit | Adjustable? |
---|---|---|---|
Models API | Number of requests per second | 100 | Yes |
Digital Twins API | Number of requests per second | 2,000 | Yes |
Digital Twins API | Number of create/delete operations per second across all twins and relationships | 50 | Yes |
Digital Twins API | Number of create/update/delete operations per second on a single twin or its relationships | 10 | No |
Query API | Number of requests per second | 500 | Yes |
Query API | Query Units per second | 4,000 | Yes |
Event Routes API | Number of requests per second | 100 | Yes |
Other limits
Limits on data types and fields within DTDL documents for Azure Digital Twins models can be found within its spec documentation in GitHub: Digital Twins Definition Language (DTDL) - version 2.
Query latency details and other query limitations can be found in How-to: Query the twin graph.
Event Grid limits
The following limits apply to Azure Event Grid topics (system, custom, and partner topics).
Resource | Limit |
---|---|
Custom topics per Azure subscription | 100 |
Event subscriptions per topic | 500 |
Publish rate for a custom or a partner topic (ingress) | 5,000 events/sec or 5 MB/sec (whichever is met first) |
Event size | 1 MB |
Private endpoint connections per topic | 64 |
IP Firewall rules per topic | 16 |
The following limits apply to Azure Event Grid domains.
Resource | Limit |
---|---|
Topics per event domain | 100,000 |
Event subscriptions per topic within a domain | 500 |
Domain scope event subscriptions | 50 |
Publish rate for an event domain (ingress) | 5,000 events/sec or 5 MB/sec (whichever is met first) |
Event Domains per Azure Subscription | 100 |
Private endpoint connections per domain | 64 |
IP Firewall rules per domain | 16 |
Event Hubs limits
The following tables provide quotas and limits specific to Azure Event Hubs. For information about Event Hubs pricing, see Event Hubs pricing.
Common limits for all tiers
The following limits are common across all tiers.
Limit | Notes | Value |
---|---|---|
Number of Event Hubs namespaces per subscription | - | 100 |
Number of event hubs per namespace | Subsequent requests for creation of a new event hub are rejected. | 10 |
Number of partitions per event hub | - | 32 |
Size of an event hub name | - | 256 characters |
Size of a consumer group name | - | 256 characters |
Number of non-epoch receivers per consumer group | - | 5 |
Number of authorization rules per namespace | Subsequent requests for authorization rule creation are rejected. | 12 |
Number of calls to the GetRuntimeInformation method | - | 50 per second |
Number of virtual networks (VNet) | - | 128 |
Number of IP Config rules | - | 128 |
Basic vs. standard tiers
The following table shows limits that may be different for basic and standard tiers.
Limit | Notes | Basic | Standard |
---|---|---|---|
Maximum size of Event Hubs event | 256 KB | 1 MB | |
Number of consumer groups per event hub | 1 | 20 | |
Number of AMQP connections per namespace | Subsequent requests for additional connections are rejected, and an exception is received by the calling code. | 100 | 5,000 |
Maximum retention period of event data | 1 day | 1-7 days | |
Maximum throughput units | Exceeding this limit causes your data to be throttled and generates a server busy exception. To request a larger number of throughput units for a Standard tier, file a support request. Additional throughput units are available in blocks of 20 on a committed purchase basis. | 20 | 20 |
Dedicated tier vs. standard tier
The Event Hubs Dedicated offering is billed at a fixed monthly price, with a minimum of 4 hours of usage. The Dedicated tier offers all the features of the Standard plan, but with enterprise scale capacity and limits for customers with demanding workloads.
Refer to this document on how to create dedicated Event Hubs cluster using Azure portal.
Feature | Standard | Dedicated |
---|---|---|
Bandwidth | 20 TUs (up to 40 TUs) | 20 CUs |
Namespaces | 1 | 50 per CU |
Event Hubs | 10 per namespace | 1000 per namespace |
Ingress events | Pay per million events | Included |
Message Size | 1 Million Bytes | 1 Million Bytes |
Partitions | 32 per Event Hub | 1024 per event hub 2000 per CU |
Consumer groups | 20 per Event Hub | No limit per CU, 1000 per event hub |
Brokered connections | 1,000 included, 5,000 max | 100 K included and max |
Message Retention | 7 days, 84 GB included per TU | 90 days, 10 TB included per CU |
Capture | Pay per hour | Included |
Schema registry limitations
Limits that are the same for standard and dedicated tiers
Feature | Limit |
---|---|
Maximum length of a schema group name | 50 |
Maximum length of a schema name | 100 |
Size in bytes per schema | 1 MB |
Number of properties per schema group | 1024 |
Size in bytes per group property key | 256 |
Size in bytes per group property value | 1024 |
Limits that are different for standard and dedicated tiers
Limit | Standard | Dedicated |
---|---|---|
Size of the schema registry (namespace) in mega bytes | 25 | 1024 |
Number of schema groups in a schema registry or namespace | 1 - excluding the default group | 1000 |
Number of schema versions across all schema groups | 25 | 10000 |
IoT Central limits
IoT Central limits the number of applications you can deploy in a subscription to 10. If you need to increase this limit, contact Microsoft support.
IoT Hub limits
The following table lists the limits associated with the different service tiers S1, S2, S3, and F1. For information about the cost of each unit in each tier, see Azure IoT Hub pricing.
Resource | S1 Standard | S2 Standard | S3 Standard | F1 Free |
---|---|---|---|---|
Messages/day | 400,000 | 6,000,000 | 300,000,000 | 8,000 |
Maximum units | 200 | 200 | 10 | 1 |
Note
If you anticipate using more than 200 units with an S1 or S2 tier hub or 10 units with an S3 tier hub, contact Microsoft Support.
The following table lists the limits that apply to IoT Hub resources.
Resource | Limit |
---|---|
Maximum paid IoT hubs per Azure subscription | 50 |
Maximum free IoT hubs per Azure subscription | 1 |
Maximum number of characters in a device ID | 128 |
Maximum number of device identities returned in a single call |
1,000 |
IoT Hub message maximum retention for device-to-cloud messages | 7 days |
Maximum size of device-to-cloud message | 256 KB |
Maximum size of device-to-cloud batch | AMQP and HTTP: 256 KB for the entire batch MQTT: 256 KB for each message |
Maximum messages in device-to-cloud batch | 500 |
Maximum size of cloud-to-device message | 64 KB |
Maximum TTL for cloud-to-device messages | 2 days |
Maximum delivery count for cloud-to-device messages |
100 |
Maximum cloud-to-device queue depth per device | 50 |
Maximum delivery count for feedback messages in response to a cloud-to-device message |
100 |
Maximum TTL for feedback messages in response to a cloud-to-device message |
2 days |
Maximum size of device twin | 8 KB for tags section, and 32 KB for desired and reported properties sections each |
Maximum length of device twin string key | 1 KB |
Maximum length of device twin string value | 4 KB |
Maximum depth of object in device twin | 10 |
Maximum size of direct method payload | 128 KB |
Job history maximum retention | 30 days |
Maximum concurrent jobs | 10 (for S3), 5 for (S2), 1 (for S1) |
Maximum additional endpoints | 10 (for S1, S2, and S3) |
Maximum message routing rules | 100 (for S1, S2, and S3) |
Maximum number of concurrently connected device streams | 50 (for S1, S2, S3, and F1 only) |
Maximum device stream data transfer | 300 MB per day (for S1, S2, S3, and F1 only) |
Note
If you need more than 50 paid IoT hubs in an Azure subscription, contact Microsoft Support.
Note
Currently, the total number of devices plus modules that can be registered to a single IoT hub is capped at 1,000,000. If you want to increase this limit, contact Microsoft Support.
IoT Hub throttles requests when the following quotas are exceeded.
Throttle | Per-hub value |
---|---|
Identity registry operations (create, retrieve, list, update, and delete), individual or bulk import/export |
83.33/sec/unit (5,000/min/unit) (for S3). 1.67/sec/unit (100/min/unit) (for S1 and S2). |
Device connections | 6,000/sec/unit (for S3), 120/sec/unit (for S2), 12/sec/unit (for S1). Minimum of 100/sec. |
Device-to-cloud sends | 6,000/sec/unit (for S3), 120/sec/unit (for S2), 12/sec/unit (for S1). Minimum of 100/sec. |
Cloud-to-device sends | 83.33/sec/unit (5,000/min/unit) (for S3), 1.67/sec/unit (100/min/unit) (for S1 and S2). |
Cloud-to-device receives | 833.33/sec/unit (50,000/min/unit) (for S3), 16.67/sec/unit (1,000/min/unit) (for S1 and S2). |
File upload operations | 83.33 file upload initiations/sec/unit (5,000/min/unit) (for S3), 1.67 file upload initiations/sec/unit (100/min/unit) (for S1 and S2). 10,000 SAS URIs can be out for an Azure Storage account at one time. 10 SAS URIs/device can be out at one time. |
Direct methods | 24 MB/sec/unit (for S3), 480 KB/sec/unit (for S2), 160 KB/sec/unit (for S1). Based on 8-KB throttling meter size. |
Device twin reads | 500/sec/unit (for S3), Maximum of 100/sec or 10/sec/unit (for S2), 100/sec (for S1) |
Device twin updates | 250/sec/unit (for S3), Maximum of 50/sec or 5/sec/unit (for S2), 50/sec (for S1) |
Jobs operations (create, update, list, and delete) |
83.33/sec/unit (5,000/min/unit) (for S3), 1.67/sec/unit (100/min/unit) (for S2), 1.67/sec/unit (100/min/unit) (for S1). |
Jobs per-device operation throughput | 50/sec/unit (for S3), maximum of 10/sec or 1/sec/unit (for S2), 10/sec (for S1). |
Device stream initiation rate | 5 new streams/sec (for S1, S2, S3, and F1 only). |
IoT Hub Device Provisioning Service limits
The following table lists the limits that apply to Azure IoT Hub Device Provisioning Service resources.
Resource | Limit |
---|---|
Maximum device provisioning services per Azure subscription | 10 |
Maximum number of enrollments | 1,000,000 |
Maximum number of registrations | 1,000,000 |
Maximum number of enrollment groups | 100 |
Maximum number of CAs | 25 |
Maximum number of linked IoT hubs | 50 |
Maximum size of message | 96 KB |
Note
To increase the number of enrollments and registrations on your provisioning service, contact Microsoft Support.
Note
Increasing the maximum number of CAs is not supported.
The Device Provisioning Service throttles requests when the following quotas are exceeded.
Throttle | Per-unit value |
---|---|
Operations | 200/min/service |
Device registrations | 200/min/service |
Device polling operation | 5/10 sec/device |
Key Vault limits
Key transactions (maximum transactions allowed in 10 seconds, per vault per region1):
Key type | HSM key CREATE key |
HSM key All other transactions |
Software key CREATE key |
Software key All other transactions |
---|---|---|---|---|
RSA 2,048-bit | 5 | 1,000 | 10 | 2,000 |
RSA 3,072-bit | 5 | 250 | 10 | 500 |
RSA 4,096-bit | 5 | 125 | 10 | 250 |
ECC P-256 | 5 | 1,000 | 10 | 2,000 |
ECC P-384 | 5 | 1,000 | 10 | 2,000 |
ECC P-521 | 5 | 1,000 | 10 | 2,000 |
ECC SECP256K1 | 5 | 1,000 | 10 | 2,000 |
Note
In the previous table, we see that for RSA 2,048-bit software keys, 2,000 GET transactions per 10 seconds are allowed. For RSA 2,048-bit HSM-keys, 1,000 GET transactions per 10 seconds are allowed.
The throttling thresholds are weighted, and enforcement is on their sum. For example, as shown in the previous table, when you perform GET operations on RSA HSM-keys, it's eight times more expensive to use 4,096-bit keys compared to 2,048-bit keys. That's because 1,000/125 = 8.
In a given 10-second interval, an Azure Key Vault client can do only one of the following operations before it encounters a 429
throttling HTTP status code:
- 2,000 RSA 2,048-bit software-key GET transactions
- 1,000 RSA 2,048-bit HSM-key GET transactions
- 125 RSA 4,096-bit HSM-key GET transactions
- 124 RSA 4,096-bit HSM-key GET transactions and 8 RSA 2,048-bit HSM-key GET transactions
Secrets, managed storage account keys, and vault transactions:
Transactions type | Maximum transactions allowed in 10 seconds, per vault per region1 |
---|---|
All transactions | 2,000 |
For information on how to handle throttling when these limits are exceeded, see Azure Key Vault throttling guidance.
1 A subscription-wide limit for all transaction types is five times per key vault limit. For example, HSM-other transactions per subscription are limited to 5,000 transactions in 10 seconds per subscription.
Azure Private Link integration
Note
The number of key vaults with private endpoints enabled per subscription is an adjustable limit. The limit shown below is the default limit. If you would like to request a limit increase for your service, please send an email to akv-privatelink@microsoft.com. We will approve these requests on a case by case basis.
Resource | Limit |
---|---|
Private endpoints per key vault | 64 |
Key vaults with private endpoints per subscription | 400 |
Managed identity limits
Each managed identity counts towards the object quota limit in an Azure AD tenant as described in Azure AD service limits and restrictions.
The rate at which managed identities can be created have the following limits:
- Per Azure AD Tenant per Azure region: 200 create operations per 20 seconds.
- Per Azure Subscription per Azure region : 40 create operations per 20 seconds.
When you create user-assigned managed identities, only alphanumeric characters (0-9, a-z, and A-Z) and the hyphen (-) are supported. For the assignment to a virtual machine or virtual machine scale set to work properly, the name is limited to 24 characters.
Media Services limits
Note
For resources that aren't fixed, open a support ticket to ask for an increase in the quotas. Don't create additional Azure Media Services accounts in an attempt to obtain higher limits.
Account limits
Resource | Default Limit |
---|---|
Media Services accounts in a single subscription | 100 (fixed) |
Asset limits
Resource | Default Limit |
---|---|
Assets per Media Services account | 1,000,000 |
Storage (media) limits
Resource | Default Limit |
---|---|
File size | In some scenarios, there is a limit on the maximum file size supported for processing in Media Services. (1) |
Storage accounts | 100(2) (fixed) |
1 The maximum size supported for a single blob is currently up to 5 TB in Azure Blob Storage. Additional limits apply in Media Services based on the VM sizes that are used by the service. The size limit applies to the files that you upload and also the files that get generated as a result of Media Services processing (encoding or analyzing). If your source file is larger than 260-GB, your Job will likely fail.
The following table shows the limits on the media reserved units S1, S2, and S3. If your source file is larger than the limits defined in the table, your encoding job fails. If you encode 4K resolution sources of long duration, you're required to use S3 media reserved units to achieve the performance needed. If you have 4K content that's larger than the 260-GB limit on the S3 media reserved units, open a support ticket.
Media reserved unit type | Maximum input size (GB) |
---|---|
S1 | 26 |
S2 | 60 |
S3 | 260 |
2 The storage accounts must be from the same Azure subscription.
Jobs (encoding & analyzing) limits
Resource | Default Limit |
---|---|
Jobs per Media Services account | 500,000 (3) (fixed) |
Job inputs per Job | 50 (fixed) |
Job outputs per Job | 20 (fixed) |
Transforms per Media Services account | 100 (fixed) |
Transform outputs in a Transform | 20 (fixed) |
Files per job input | 10 (fixed) |
3 This number includes queued, finished, active, and canceled Jobs. It does not include deleted Jobs.
Any Job record in your account older than 90 days will be automatically deleted, even if the total number of records is below the maximum quota.
Live streaming limits
Resource | Default Limit |
---|---|
Live Events (4) per Media Services account | 5 |
Live Outputs per Live Event | 3 (5) |
Max Live Output duration | Size of the DVR window |
4 For detailed information about Live Event limitations, see Live Event types comparison and limitations.
5 Live Outputs start on creation and stop when deleted.
Packaging & delivery limits
Resource | Default Limit |
---|---|
Streaming Endpoints (stopped or running) per Media Services account | 2 |
Dynamic Manifest Filters | 100 |
Streaming Policies | 100 (6) |
Unique Streaming Locators associated with an Asset at one time | 100(7) (fixed) |
6 When using a custom Streaming Policy, you should design a limited set of such policies for your Media Service account, and re-use them for your StreamingLocators whenever the same encryption options and protocols are needed. You should not be creating a new Streaming Policy for each Streaming Locator.
7 Streaming Locators are not designed for managing per-user access control. To give different access rights to individual users, use Digital Rights Management (DRM) solutions.
Protection limits
Resource | Default Limit |
---|---|
Options per Content Key Policy | 30 |
Licenses per month for each of the DRM types on Media Services key delivery service per account | 1,000,000 |
Support ticket
For resources that are not fixed, you may ask for the quotas to be raised, by opening a support ticket. Include detailed information in the request on the desired quota changes, use-case scenarios, and regions required.
Do not create additional Azure Media Services accounts in an attempt to obtain higher limits.
Media Services v2 (legacy)
For limits specific to Media Services v2 (legacy), see Media Services v2 (legacy)
Mobile Services limits
Tier | Free | Basic | Standard |
---|---|---|---|
API calls | 500,000 | 1.5 million per unit | 15 million per unit |
Active devices | 500 | Unlimited | Unlimited |
Scale | N/A | Up to 6 units | Unlimited units |
Push notifications | Azure Notification Hubs Free tier included, up to 1 million pushes | Notification Hubs Basic tier included, up to 10 million pushes | Notification Hubs Standard tier included, up to 10 million pushes |
Real-time messaging/ Web Sockets |
Limited | 350 per mobile service | Unlimited |
Offline synchronizations | Limited | Included | Included |
Scheduled jobs | Limited | Included | Included |
Azure SQL Database (required) Standard rates apply for additional capacity |
20 MB included | 20 MB included | 20 MB included |
CPU capacity | 60 minutes per day | Unlimited | Unlimited |
Outbound data transfer | 165 MB per day (daily rollover) | Included | Included |
For more information on limits and pricing, see Azure Mobile Services pricing.
Multi-Factor Authentication limits
Resource | Default limit | Maximum limit |
---|---|---|
Maximum number of trusted IP addresses or ranges per subscription | 0 | 50 |
Remember my devices, number of days | 14 | 60 |
Maximum number of app passwords | 0 | No limit |
Allow X attempts during MFA call | 1 | 99 |
Two-way text message timeout seconds | 60 | 600 |
Default one-time bypass seconds | 300 | 1,800 |
Lock user account after X consecutive MFA denials | Not set | 99 |
Reset account lockout counter after X minutes | Not set | 9,999 |
Unlock account after X minutes | Not set | 9,999 |
Networking limits
Networking limits - Azure Resource Manager
The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.
Note
We recently increased all default limits to their maximum limits. If there's no maximum limit column, the resource doesn't have adjustable limits. If you had these limits increased by support in the past and don't see updated limits in the following tables, open an online customer support request at no charge
Resource | Limit |
---|---|
Virtual networks | 1,000 |
Subnets per virtual network | 3,000 |
Virtual network peerings per virtual network | 500 |
Virtual network gateways (VPN gateways) per virtual network | 1 |
Virtual network gateways (ExpressRoute gateways) per virtual network | 1 |
DNS servers per virtual network | 20 |
Private IP addresses per virtual network | 65,536 |
Private IP addresses per network interface | 256 |
Private IP addresses per virtual machine | 256 |
Public IP addresses per network interface | 256 |
Public IP addresses per virtual machine | 256 |
Concurrent TCP or UDP flows per NIC of a virtual machine or role instance | 500,000 |
Network interface cards | 65,536 |
Network Security Groups | 5,000 |
NSG rules per NSG | 1,000 |
IP addresses and ranges specified for source or destination in a security group | 4,000 |
Application security groups | 3,000 |
Application security groups per IP configuration, per NIC | 20 |
IP configurations per application security group | 4,000 |
Application security groups that can be specified within all security rules of a network security group | 100 |
User-defined route tables | 200 |
User-defined routes per route table | 400 |
Point-to-site root certificates per Azure VPN Gateway | 20 |
Virtual network TAPs | 100 |
Network interface TAP configurations per virtual network TAP | 100 |
Public IP address limits
Resource | Default limit | Maximum limit |
---|---|---|
Public IP addresses1 | 10 for Basic. | Contact support. |
Static Public IP addresses1 | 10 for Basic. | Contact support. |
Standard Public IP addresses1 | 10 | Contact support. |
Public IP addresses per Resource Group | 800 | Contact support. |
Public IP Prefixes | limited by number of Standard Public IPs in a subscription | Contact support. |
Public IP prefix length | /28 | Contact support. |
1Default limits for Public IP addresses vary by offer category type, such as Free Trial, Pay-As-You-Go, CSP. For example, the default for Enterprise Agreement subscriptions is 1000.
Load balancer limits
The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.
Standard Load Balancer
Resource | Limit |
---|---|
Load balancers | 1,000 |
Rules (Load Balancer + Inbound NAT) per resource | 1,500 |
Rules per NIC (across all IPs on a NIC) | 300 |
Frontend IP configurations | 600 |
Backend pool size | 1,000 IP configurations, single virtual network |
Backend resources per Load Balancer 1 | 250 |
High-availability ports | 1 per internal frontend |
Outbound rules per Load Balancer | 600 |
Load Balancers per VM | 2 (1 Public and 1 internal) |
1 The limit is up to 150 resources, in any combination of standalone virtual machine resources, availability set resources, and virtual machine scale-set placement groups.
Basic Load Balancer
Resource | Limit |
---|---|
Load balancers | 1,000 |
Rules per resource | 250 |
Rules per NIC (across all IPs on a NIC) | 300 |
Frontend IP configurations 2 | 200 |
Backend pool size | 300 IP configurations, single availability set |
Availability sets per Load Balancer | 1 |
Load Balancers per VM | 2 (1 Public and 1 internal) |
2 The limit for a single discrete resource in a backend pool (standalone virtual machine, availability set, or virtual machine scale-set placement group) is to have up to 250 Frontend IP configurations across a single Basic Public Load Balancer and Basic Internal Load Balancer.
The following limits apply only for networking resources managed through the classic deployment model per subscription. Learn how to view your current resource usage against your subscription limits.
Resource | Default limit | Maximum limit |
---|---|---|
Virtual networks | 100 | 100 |
Local network sites | 20 | 50 |
DNS servers per virtual network | 20 | 20 |
Private IP addresses per virtual network | 4,096 | 4,096 |
Concurrent TCP or UDP flows per NIC of a virtual machine or role instance | 500,000, up to 1,000,000 for two or more NICs. | 500,000, up to 1,000,000 for two or more NICs. |
Network Security Groups (NSGs) | 200 | 200 |
NSG rules per NSG | 200 | 1,000 |
User-defined route tables | 200 | 200 |
User-defined routes per route table | 400 | 400 |
Public IP addresses (dynamic) | 500 | 500 |
Reserved public IP addresses | 500 | 500 |
Public IP per deployment | 5 | Contact support |
Private IP (internal load balancing) per deployment | 1 | 1 |
Endpoint access control lists (ACLs) | 50 | 50 |
ExpressRoute limits
Resource | Limit |
---|---|
ExpressRoute circuits per subscription | 10 |
ExpressRoute circuits per region per subscription, with Azure Resource Manager | 10 |
Maximum number of routes advertised to Azure private peering with ExpressRoute Standard | 4,000 |
Maximum number of routes advertised to Azure private peering with ExpressRoute Premium add-on | 10,000 |
Maximum number of routes advertised from Azure private peering from the VNet address space for an ExpressRoute connection | 200 |
Maximum number of routes advertised to Microsoft peering with ExpressRoute Standard | 200 |
Maximum number of routes advertised to Microsoft peering with ExpressRoute Premium add-on | 200 |
Maximum number of ExpressRoute circuits linked to the same virtual network in the same peering location | 4 |
Maximum number of ExpressRoute circuits linked to the same virtual network in different peering locations | 4 |
Number of virtual network links allowed per ExpressRoute circuit | See the Number of virtual networks per ExpressRoute circuit table. |
Number of virtual networks per ExpressRoute circuit
Circuit size | Number of virtual network links for Standard | Number of virtual network links with Premium add-on |
---|---|---|
50 Mbps | 10 | 20 |
100 Mbps | 10 | 25 |
200 Mbps | 10 | 25 |
500 Mbps | 10 | 40 |
1 Gbps | 10 | 50 |
2 Gbps | 10 | 60 |
5 Gbps | 10 | 75 |
10 Gbps | 10 | 100 |
40 Gbps* | 10 | 100 |
100 Gbps* | 10 | 100 |
*100 Gbps ExpressRoute Direct Only
Note
Global Reach connections count against the limit of virtual network connections per ExpressRoute Circuit. For example, a 10 Gbps Premium Circuit would allow for 5 Global Reach connections and 95 connections to the ExpressRoute Gateways or 95 Global Reach connections and 5 connections to the ExpressRoute Gateways or any other combination up to the limit of 100 connections for the circuit.
Virtual Network Gateway limits
Resource | Limit |
---|---|
VNet Address Prefixes | 600 per VPN gateway |
Aggregate BGP routes | 4,000 per VPN gateway |
Local Network Gateway address prefixes | 1000 per local network gateway |
S2S connections | Depends on the gateway SKU |
P2S connections | Depends on the gateway SKU |
P2S route limit - IKEv2 | 256 for non-Windows / 25 for Windows |
P2S route limit - OpenVPN | 1000 |
Max. flows | 100K for VpnGw1/AZ / 512K for VpnGw2-4/AZ |
NAT Gateway limits
Resource | Limit |
---|---|
Public IP addresses | 16 per NAT gateway |
Virtual WAN limits
Resource | Limit |
---|---|
Virtual WAN hubs per region | 1 |
Virtual WAN hubs per virtual wan | Azure regions |
VPN (branch) connections per hub | 1,000 |
Aggregate throughput per Virtual WAN Site-to-site VPN gateway | 20 Gbps |
Throughput per Virtual WAN VPN connection (2 tunnels) | 2 Gbps with 1 Gbps/IPsec tunnel |
Point-to-Site users per hub | 10,000 |
Aggregate throughput per Virtual WAN User VPN (Point-to-site) gateway | 20 Gbps |
Aggregate throughput per Virtual WAN ExpressRoute gateway | 20 Gbps |
ExpressRoute Circuit connections per hub | 4 |
VNet connections per hub | 500 minus total number of hubs in Virtual WAN |
Aggregate throughput per Virtual WAN Hub Router | 50 Gbps for VNet to VNet transit |
VM workload across all VNets connected to a single Virtual WAN hub | 2000 |
Application Gateway limits
The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated.
Resource | Limit | Note |
---|---|---|
Azure Application Gateway | 1,000 per subscription | |
Front-end IP configurations | 2 | 1 public and 1 private |
Front-end ports | 1001 | |
Back-end address pools | 1001 | |
Back-end servers per pool | 1,200 | |
HTTP listeners | 2001 | Limited to 100 active listeners that are routing traffic. Active listeners = total number of listeners - listeners not active. If a default configuration inside a routing rule is set to route traffic (for example, it has a listener, a backend pool, and HTTP settings) then that also counts as a listener. |
HTTP load-balancing rules | 1001 | |
Back-end HTTP settings | 1001 | |
Instances per gateway | V1 SKU - 32 V2 SKU - 125 |
|
SSL certificates | 1001 | 1 per HTTP listener |
Maximum SSL certificate size | V1 SKU - 10 KB V2 SKU - 16 KB |
|
Authentication certificates | 100 | |
Trusted root certificates | 100 | |
Request timeout minimum | 1 second | |
Request timeout maximum | 24 hours | |
Number of sites | 1001 | 1 per HTTP listener |
URL maps per listener | 1 | |
Maximum path-based rules per URL map | 100 | |
Redirect configurations | 1001 | |
Number of rewrite rule sets | 400 | |
Number of Header or URL configuration per rewrite rule set | 40 | |
Number of conditions per rewrite rule set | 40 | |
Concurrent WebSocket connections | Medium gateways 20k Large gateways 50k |
|
Maximum URL length | 32KB | |
Maximum header size for HTTP/2 | 4KB | |
Maximum file upload size, Standard | 2 GB | |
Maximum file upload size WAF | V1 Medium WAF gateways, 100 MB V1 Large WAF gateways, 500 MB V2 WAF, 750 MB |
|
WAF body size limit, without files | 128 KB | |
Maximum WAF custom rules | 100 | |
Maximum WAF exclusions per Application Gateway | 40 |
1 In case of WAF-enabled SKUs, you must limit the number of resources to 40.
Network Watcher limits
Resource | Limit | Note |
---|---|---|
Azure Network Watcher | 1 per region | Network Watcher is created to enable access to the service. Only one instance of Network Watcher is required per subscription per region. |
Packet capture sessions | 10,000 per region | Number of sessions only, not saved captures. |
Private Link limits
The following limits apply to Azure private link:
Resource | Limit |
---|---|
Number of private endpoints per virtual network | 1000 |
Number of private endpoints per subscription | 64000 |
Number of private link services per subscription | 800 |
Number of IP Configurations on a private link service | 8 (This number is for the NAT IP addresses used per PLS) |
Number of private endpoints on the same private link service | 1000 |
Number of private endpoints per key vault | 64 |
Number of key vaults with private endpoints per subscription | 400 |
Number of private DNS zone groups that can be linked to a private endpoint | 1 |
Number of DNS zones in each group | 5 |
Purview limits
The latest values for Azure Purview quotas can be found in the Azure Purview quota page
Traffic Manager limits
Resource | Limit |
---|---|
Profiles per subscription | 200 |
Endpoints per profile | 200 |
Azure Bastion limits
Resource | Limit |
---|---|
Concurrent RDP connections | 25* |
Concurrent SSH connections | 50** |
*May vary due to other on-going RDP sessions or other on-going SSH sessions.
**May vary if there are existing RDP connections or usage from other on-going SSH sessions.
Azure DNS limits
Public DNS zones
Resource | Limit |
---|---|
Public DNS Zones per subscription | 250 1 |
Record sets per public DNS zone | 10,000 1 |
Records per record set in public DNS zone | 20 |
Number of Alias records for a single Azure resource | 20 |
1If you need to increase these limits, contact Azure Support.
Private DNS zones
Resource | Limit |
---|---|
Private DNS zones per subscription | 1000 |
Record sets per private DNS zone | 25000 |
Records per record set for private DNS zones | 20 |
Virtual Network Links per private DNS zone | 1000 |
Virtual Networks Links per private DNS zones with auto-registration enabled | 100 |
Number of private DNS zones a virtual network can get linked to with auto-registration enabled | 1 |
Number of private DNS zones a virtual network can get linked | 1000 |
Number of DNS queries a virtual machine can send to Azure DNS resolver, per second | 1000 1 |
Maximum number of DNS queries queued (pending response) per virtual machine | 200 1 |
1These limits are applied to every individual virtual machine and not at the virtual network level. DNS queries exceeding these limits are dropped.
Azure Firewall limits
Resource | Limit |
---|---|
Data throughput | 30 Gbps1 |
Rules | 10,000. All rule types combined. |
Maximum DNAT rules | 298 for a single public IP address. Any additional public IP addresses contribute to the available SNAT ports, but reduce the number of the available DNAT rules. For example, two public IP addresses allow for 297 DNAT rules. If a rule's protocol is configured for both TCP and UDP, it counts as two rules. |
Minimum AzureFirewallSubnet size | /26 |
Port range in network and application rules | 1 - 65535 |
Public IP addresses | 250 maximum. All public IP addresses can be used in DNAT rules and they all contribute to available SNAT ports. |
IP addresses in IP Groups | Maximum of 100 IP Groups per firewall. Maximum 5000 individual IP addresses or IP prefixes per each IP Group. |
Route table | By default, AzureFirewallSubnet has a 0.0.0.0/0 route with the NextHopType value set to Internet. Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override that with a 0.0.0.0/0 UDR with the NextHopType value set as Internet to maintain direct Internet connectivity. By default, Azure Firewall doesn't support forced tunneling to an on-premises network. However, if your configuration requires forced tunneling to an on-premises network, Microsoft will support it on a case by case basis. Contact Support so that we can review your case. If accepted, we'll allow your subscription and ensure the required firewall Internet connectivity is maintained. |
FQDNs in network rules | For good performance, do not exceed more than 1000 FQDNs across all network rules per firewall. |
1If you need to increase these limits, contact Azure Support.
Azure Front Door Service limits
Resource | Limit |
---|---|
Azure Front Door resources per subscription | 100 |
Front-end hosts, which includes custom domains per resource | 500 |
Routing rules per resource | 500 |
Back-end pools per resource | 50 |
Back ends per back-end pool | 100 |
Path patterns to match for a routing rule | 25 |
URLs in a single cache purge call | 100 |
Custom web application firewall rules per policy | 100 |
Web application firewall policy per subscription | 100 |
Web application firewall match conditions per custom rule | 10 |
Web application firewall IP address ranges per match condition | 600 |
Web application firewall string match values per match condition | 10 |
Web application firewall string match value length | 256 |
Web application firewall POST body parameter name length | 256 |
Web application firewall HTTP header name length | 256 |
Web application firewall cookie name length | 256 |
Web application firewall HTTP request body size inspected | 128 KB |
Web application firewall custom response body length | 2 KB |
Azure Front Door Standard/Premium (Preview) Service Limits
*** Maximum 500 total Standard and Premium profiles per subscription.
Resource | Standard SKU Limit | Premium SKU Limit |
---|---|---|
Maximum endpoint per profile | 10 | 25 |
Maximum custom domain per profile | 100 | 200 |
Maximum origin group per profile | 100 | 200 |
Maximum secrets per profile | 100 | 200 |
Maximum security policy per profile | 100 | 200 |
Maximum rule set per profile | 100 | 200 |
Maximum rules per rule set | 100 | 100 |
Maximum origin per origin group | 50 | 50 |
Maximum routes per endpoint | 100 | 200 |
Web application firewall match conditions per custom rule | 10 | 10 |
Web application firewall IP address ranges per match condition | 600 | 600 |
Web application firewall string match values per match condition | 10 | 10 |
Web application firewall string match value length | 256 | 256 |
Web application firewall POST body parameter name length | 256 | 256 |
Web application firewall HTTP header name length | 256 | 256 |
Web application firewall cookie name length | 256 | 256 |
Web application firewall HTTP request body size inspected | 128 KB | 128 KB |
Web application firewall custom response body length | 2 KB | 2 KB |
Timeout values
Client to Front Door
- Front Door has an idle TCP connection timeout of 61 seconds.
Front Door to application back-end
- If the response is a chunked response, a 200 is returned if or when the first chunk is received.
- After the HTTP request is forwarded to the back end, Front Door waits for 30 seconds for the first packet from the back end. Then it returns a 503 error to the client. This value is configurable via the field sendRecvTimeoutSeconds in the API.
- For caching scenarios, this timeout is not configurable and so, if a request is cached and it takes more than 30 seconds for the first packet from Front Door or from the backend, then a 504 error is returned to the client.
- After the first packet is received from the back end, Front Door waits for 30 seconds in an idle timeout. Then it returns a 503 error to the client. This timeout value is not configurable.
- Front Door to the back-end TCP session timeout is 90 seconds.
Upload and download data limit
With chunked transfer encoding (CTE) | Without HTTP chunking | |
---|---|---|
Download | There's no limit on the download size. | There's no limit on the download size. |
Upload | There's no limit as long as each CTE upload is less than 2 GB. | The size can't be larger than 2 GB. |
Other limits
- Maximum URL size - 8,192 bytes - Specifies maximum length of the raw URL (scheme + hostname + port + path + query string of the URL)
- Maximum Query String size - 4,096 bytes - Specifies the maximum length of the query string, in bytes.
- Maximum HTTP response header size from health probe URL - 4,096 bytes - Specified the maximum length of all the response headers of health probes.
Notification Hubs limits
Tier | Free | Basic | Standard |
---|---|---|---|
Included pushes | 1 million | 10 million | 10 million |
Active devices | 500 | 200,000 | 10 million |
Tag quota per installation or registration | 60 | 60 | 60 |
For more information on limits and pricing, see Notification Hubs pricing.
Service Bus limits
The following table lists quota information specific to Azure Service Bus messaging. For information about pricing and other quotas for Service Bus, see Service Bus pricing.
Quota name | Scope | Notes | Value |
---|---|---|---|
Maximum number of Basic or Standard namespaces per Azure subscription | Namespace | Subsequent requests for additional Basic or Standard namespaces are rejected by the Azure portal. | 100 |
Maximum number of Premium namespaces per Azure subscription | Namespace | Subsequent requests for additional Premium namespaces are rejected by the portal. | 100 |
Queue or topic size | Entity | Defined upon creation of the queue or topic. Subsequent incoming messages are rejected, and an exception is received by the calling code. |
1, 2, 3, 4 GB or 5 GB. In the Premium SKU, and the Standard SKU with partitioning enabled, the maximum queue or topic size is 80 GB. |
Number of concurrent connections on a namespace | Namespace | Subsequent requests for additional connections are rejected, and an exception is received by the calling code. REST operations don't count toward concurrent TCP connections. | Net Messaging: 1,000. AMQP: 5,000. |
Number of concurrent receive requests on a queue, topic, or subscription entity | Entity | Subsequent receive requests are rejected, and an exception is received by the calling code. This quota applies to the combined number of concurrent receive operations across all subscriptions on a topic. | 5,000 |
Number of topics or queues per namespace | Namespace | Subsequent requests for creation of a new topic or queue on the namespace are rejected. As a result, if configured through the Azure portal, an error message is generated. If called from the management API, an exception is received by the calling code. | 10,000 for the Basic or Standard tier. The total number of topics and queues in a namespace must be less than or equal to 10,000. For the Premium tier, 1,000 per messaging unit (MU). |
Number of partitioned topics or queues per namespace | Namespace | Subsequent requests for creation of a new partitioned topic or queue on the namespace are rejected. As a result, if configured through the Azure portal, an error message is generated. If called from the management API, the exception QuotaExceededException is received by the calling code. | Basic and Standard tiers: 100. Partitioned entities aren't supported in the Premium tier. Each partitioned queue or topic counts toward the quota of 1,000 entities per namespace. |
Maximum size of any messaging entity path: queue or topic | Entity | - | 260 characters. |
Maximum size of any messaging entity name: namespace, subscription, or subscription rule | Entity | - | 50 characters. |
Maximum size of a message ID | Entity | - | 128 |
Maximum size of a message session ID | Entity | - | 128 |
Message size for a queue, topic, or subscription entity | Entity | Incoming messages that exceed these quotas are rejected, and an exception is received by the calling code. | Maximum message size: 256 KB for Standard tier, 1 MB for Premium tier. Due to system overhead, this limit is less than these values. Maximum header size: 64 KB. Maximum number of header properties in property bag: byte/int.MaxValue. Maximum size of property in property bag: No explicit limit. Limited by maximum header size. |
Message property size for a queue, topic, or subscription entity | Entity | The exception SerializationException is generated. |
Maximum message property size for each property is 32,000. Cumulative size of all properties can't exceed 64,000. This limit applies to the entire header of the brokered message, which has both user properties and system properties, such as sequence number, label, and message ID. |
Number of subscriptions per topic | Entity | Subsequent requests for creating additional subscriptions for the topic are rejected. As a result, if configured through the portal, an error message is shown. If called from the management API, an exception is received by the calling code. | 2,000 per-topic for the Standard tier and Premium tier. |
Number of SQL filters per topic | Entity | Subsequent requests for creation of additional filters on the topic are rejected, and an exception is received by the calling code. | 2,000 |
Number of correlation filters per topic | Entity | Subsequent requests for creation of additional filters on the topic are rejected, and an exception is received by the calling code. | 100,000 |
Size of SQL filters or actions | Namespace | Subsequent requests for creation of additional filters are rejected, and an exception is received by the calling code. | Maximum length of filter condition string: 1,024 (1 K). Maximum length of rule action string: 1,024 (1 K). Maximum number of expressions per rule action: 32. |
Number of shared access authorization rules per namespace, queue, or topic | Entity, namespace | Subsequent requests for creation of additional rules are rejected, and an exception is received by the calling code. | Maximum number of rules per entity type: 12. Rules that are configured on a Service Bus namespace apply to all types: queues, topics. |
Number of messages per transaction | Transaction | Additional incoming messages are rejected, and an exception stating "Cannot send more than 100 messages in a single transaction" is received by the calling code. | 100 For both Send() and SendAsync() operations. |
Number of virtual network and IP filter rules | Namespace | 128 |
Site Recovery limits
The following limits apply to Azure Site Recovery.
Limit identifier | Limit |
---|---|
Number of vaults per subscription | 500 |
Number of servers per Recovery Services vault | 250 |
Number of protection groups per Recovery Services vault | No limit |
Number of recovery plans per Recovery Services vault | No limit |
Number of servers per protection group | No limit |
Number of servers per recovery plan | 100 |
SQL Database limits
For SQL Database limits, see SQL Database resource limits for single databases, SQL Database resource limits for elastic pools and pooled databases, and SQL Database resource limits for SQL Managed Instance.
Azure Synapse Analytics limits
For Azure Synapse Analytics limits, see Azure Synapse resource limits.
Azure Files and Azure File Sync
To learn more about the limits for Azure Files and File Sync, see Azure Files scalability and performance targets.
Storage limits
The following table describes default limits for Azure general-purpose v1, v2, Blob storage, and block blob storage accounts. The ingress limit refers to all data that is sent to a storage account. The egress limit refers to all data that is received from a storage account.
Note
You can request higher capacity and ingress limits. To request an increase, contact Azure Support.
Resource | Limit |
---|---|
Number of storage accounts per region per subscription, including standard, and premium storage accounts. | 250 |
Maximum storage account capacity | 5 PiB 1 |
Maximum number of blob containers, blobs, file shares, tables, queues, entities, or messages per storage account | No limit |
Maximum request rate1 per storage account | 20,000 requests per second |
Maximum ingress1 per storage account (US, Europe regions) | 10 Gbps |
Maximum ingress1 per storage account (regions other than US and Europe) | 5 Gbps if RA-GRS/GRS is enabled, 10 Gbps for LRS/ZRS2 |
Maximum egress for general-purpose v2 and Blob storage accounts (all regions) | 50 Gbps |
Maximum egress for general-purpose v1 storage accounts (US regions) | 20 Gbps if RA-GRS/GRS is enabled, 30 Gbps for LRS/ZRS2 |
Maximum egress for general-purpose v1 storage accounts (non-US regions) | 10 Gbps if RA-GRS/GRS is enabled, 15 Gbps for LRS/ZRS2 |
Maximum number of virtual network rules per storage account | 200 |
Maximum number of IP address rules per storage account | 200 |
1 Azure Storage standard accounts support higher capacity limits and higher limits for ingress by request. To request an increase in account limits, contact Azure Support.
2 If your storage account has read-access enabled with geo-redundant storage (RA-GRS) or geo-zone-redundant storage (RA-GZRS), then the egress targets for the secondary location are identical to those of the primary location. For more information, see Azure Storage replication.
Note
Microsoft recommends that you use a general-purpose v2 storage account for most scenarios. You can easily upgrade a general-purpose v1 or an Azure Blob storage account to a general-purpose v2 account with no downtime and without the need to copy data. For more information, see Upgrade to a general-purpose v2 storage account.
All storage accounts run on a flat network topology regardless of when they were created. For more information on the Azure Storage flat network architecture and on scalability, see Microsoft Azure Storage: A Highly Available Cloud Storage Service with Strong Consistency.
For more information on limits for standard storage accounts, see Scalability targets for standard storage accounts.
Storage resource provider limits
The following limits apply only when you perform management operations by using Azure Resource Manager with Azure Storage.
Resource | Limit |
---|---|
Storage account management operations (read) | 800 per 5 minutes |
Storage account management operations (write) | 10 per second / 1200 per hour |
Storage account management operations (list) | 100 per 5 minutes |
Azure Blob storage limits
Resource | Target | Target (Preview) |
---|---|---|
Maximum size of single blob container | Same as maximum storage account capacity | |
Maximum number of blocks in a block blob or append blob | 50,000 blocks | |
Maximum size of a block in a block blob | 100 MiB | 4000 MiB (preview) |
Maximum size of a block blob | 50,000 X 100 MiB (approximately 4.75 TiB) | 50,000 X 4000 MiB (approximately 190.7 TiB) (preview) |
Maximum size of a block in an append blob | 4 MiB | |
Maximum size of an append blob | 50,000 x 4 MiB (approximately 195 GiB) | |
Maximum size of a page blob | 8 TiB2 | |
Maximum number of stored access policies per blob container | 5 | |
Target request rate for a single blob | Up to 500 requests per second | |
Target throughput for a single page blob | Up to 60 MiB per second2 | |
Target throughput for a single block blob | Up to storage account ingress/egress limits1 |
1 Throughput for a single blob depends on several factors, including, but not limited to: concurrency, request size, performance tier, speed of source for uploads, and destination for downloads. To take advantage of the performance enhancements of high-throughput block blobs, upload larger blobs or blocks. Specifically, call the Put Blob or Put Block operation with a blob or block size that is greater than 4 MiB for standard storage accounts. For premium block blob or for Data Lake Storage Gen2 storage accounts, use a block or blob size that is greater than 256 KiB.
2 Page blobs are not yet supported in accounts that have the Hierarchical namespace setting on them.
The following table describes the maximum block and blob sizes permitted by service version.
Service version | Maximum block size (via Put Block) | Maximum blob size (via Put Block List) | Maximum blob size via single write operation (via Put Blob) |
---|---|---|---|
Version 2019-12-12 and later | 4000 MiB (preview) | Approximately 190.7 TiB (4000 MiB X 50,000 blocks) (preview) | 5000 MiB (preview) |
Version 2016-05-31 through version 2019-07-07 | 100 MiB | Approximately 4.75 TiB (100 MiB X 50,000 blocks) | 256 MiB |
Versions prior to 2016-05-31 | 4 MiB | Approximately 195 GiB (4 MiB X 50,000 blocks) | 64 MiB |
Azure Queue storage limits
Resource | Target |
---|---|
Maximum size of a single queue | 500 TiB |
Maximum size of a message in a queue | 64 KiB |
Maximum number of stored access policies per queue | 5 |
Maximum request rate per storage account | 20,000 messages per second, which assumes a 1-KiB message size |
Target throughput for a single queue (1-KiB messages) | Up to 2,000 messages per second |
Azure Table storage limits
The following table describes capacity, scalability, and performance targets for Table storage.
Resource | Target |
---|---|
Number of tables in an Azure storage account | Limited only by the capacity of the storage account |
Number of partitions in a table | Limited only by the capacity of the storage account |
Number of entities in a partition | Limited only by the capacity of the storage account |
Maximum size of a single table | 500 TiB |
Maximum size of a single entity, including all property values | 1 MiB |
Maximum number of properties in a table entity | 255 (including the three system properties, PartitionKey, RowKey, and Timestamp) |
Maximum total size of an individual property in an entity | Varies by property type. For more information, see Property Types in Understanding the Table Service Data Model. |
Size of the PartitionKey | A string up to 1 KiB in size |
Size of the RowKey | A string up to 1 KiB in size |
Size of an entity group transaction | A transaction can include at most 100 entities and the payload must be less than 4 MiB in size. An entity group transaction can include an update to an entity only once. |
Maximum number of stored access policies per table | 5 |
Maximum request rate per storage account | 20,000 transactions per second, which assumes a 1-KiB entity size |
Target throughput for a single table partition (1 KiB-entities) | Up to 2,000 entities per second |
Virtual machine disk limits
You can attach a number of data disks to an Azure virtual machine. Based on the scalability and performance targets for a VM's data disks, you can determine the number and type of disk that you need to meet your performance and capacity requirements.
Important
For optimal performance, limit the number of highly utilized disks attached to the virtual machine to avoid possible throttling. If all attached disks aren't highly utilized at the same time, the virtual machine can support a larger number of disks.
For Azure managed disks:
The following table illustrates the default and maximum limits of the number of resources per region per subscription. The limits remain the same irrespective of disks encrypted with either platform-managed keys or customer-managed keys. There is no limit for the number of Managed Disks, snapshots and images per resource group.
Resource Limit Standard managed disks 50,000 Standard SSD managed disks 50,000 Premium managed disks 50,000 Standard_LRS snapshots 50,000 Standard_ZRS snapshots 50,000 Managed image 50,000
For Standard storage accounts: A Standard storage account has a maximum total request rate of 20,000 IOPS. The total IOPS across all of your virtual machine disks in a Standard storage account should not exceed this limit.
You can roughly calculate the number of highly utilized disks supported by a single Standard storage account based on the request rate limit. For example, for a Basic tier VM, the maximum number of highly utilized disks is about 66, which is 20,000/300 IOPS per disk. The maximum number of highly utilized disks for a Standard tier VM is about 40, which is 20,000/500 IOPS per disk.
For Premium storage accounts: A Premium storage account has a maximum total throughput rate of 50 Gbps. The total throughput across all of your VM disks should not exceed this limit.
For more information, see Virtual machine sizes.
Disk encryption sets
There's a limitation of 1000 disk encryption sets per region, per subscription. For more information, see the encryption documentation for Linux or Windows virtual machines. If you need to increase the quota, contact Azure support.
Managed virtual machine disks
Standard HDD managed disks
Standard Disk Type | S4 | S6 | S10 | S15 | S20 | S30 | S40 | S50 | S60 | S70 | S80 |
---|---|---|---|---|---|---|---|---|---|---|---|
Disk size in GiB | 32 | 64 | 128 | 256 | 512 | 1,024 | 2,048 | 4,096 | 8,192 | 16,384 | 32,767 |
IOPS per disk | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 1,300 | Up to 2,000 | Up to 2,000 |
Throughput per disk | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 300 MB/sec | Up to 500 MB/sec | Up to 500 MB/sec |
Standard SSD managed disks
Standard SSD sizes | E1 | E2 | E3 | E4 | E6 | E10 | E15 | E20 | E30 | E40 | E50 | E60 | E70 | E80 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Disk size in GiB | 4 | 8 | 16 | 32 | 64 | 128 | 256 | 512 | 1,024 | 2,048 | 4,096 | 8,192 | 16,384 | 32,767 |
IOPS per disk | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 500 | Up to 2,000 | Up to 4,000 | Up to 6,000 |
Throughput per disk | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 60 MB/sec | Up to 400 MB/sec | Up to 600 MB/sec | Up to 750 MB/sec |
Premium SSD managed disks: Per-disk limits
Premium SSD sizes | P1 | P2 | P3 | P4 | P6 | P10 | P15 | P20 | P30 | P40 | P50 | P60 | P70 | P80 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Disk size in GiB | 4 | 8 | 16 | 32 | 64 | 128 | 256 | 512 | 1,024 | 2,048 | 4,096 | 8,192 | 16,384 | 32,767 |
Provisioned IOPS per disk | 120 | 120 | 120 | 120 | 240 | 500 | 1,100 | 2,300 | 5,000 | 7,500 | 7,500 | 16,000 | 18,000 | 20,000 |
Provisioned Throughput per disk | 25 MB/sec | 25 MB/sec | 25 MB/sec | 25 MB/sec | 50 MB/sec | 100 MB/sec | 125 MB/sec | 150 MB/sec | 200 MB/sec | 250 MB/sec | 250 MB/sec | 500 MB/sec | 750 MB/sec | 900 MB/sec |
Max burst IOPS per disk | 3,500 | 3,500 | 3,500 | 3,500 | 3,500 | 3,500 | 3,500 | 3,500 | ||||||
Max burst throughput per disk | 170 MB/sec | 170 MB/sec | 170 MB/sec | 170 MB/sec | 170 MB/sec | 170 MB/sec | 170 MB/sec | 170 MB/sec | ||||||
Max burst duration | 30 min | 30 min | 30 min | 30 min | 30 min | 30 min | 30 min | 30 min | ||||||
Eligible for reservation | No | No | No | No | No | No | No | No | Yes, up to one year | Yes, up to one year | Yes, up to one year | Yes, up to one year | Yes, up to one year | Yes, up to one year |
Premium SSD managed disks: Per-VM limits
Resource | Limit |
---|---|
Maximum IOPS Per VM | 80,000 IOPS with GS5 VM |
Maximum throughput per VM | 2,000 MB/s with GS5 VM |
Unmanaged virtual machine disks
Standard unmanaged virtual machine disks: Per-disk limits
VM tier | Basic tier VM | Standard tier VM |
---|---|---|
Disk size | 4,095 GB | 4,095 GB |
Maximum 8-KB IOPS per persistent disk | 300 | 500 |
Maximum number of disks that perform the maximum IOPS | 66 | 40 |
Premium unmanaged virtual machine disks: Per-account limits
Resource | Limit |
---|---|
Total disk capacity per account | 35 TB |
Total snapshot capacity per account | 10 TB |
Maximum bandwidth per account (ingress + egress)1 | <=50 Gbps |
1Ingress refers to all data from requests that are sent to a storage account. Egress refers to all data from responses that are received from a storage account.
Premium unmanaged virtual machine disks: Per-disk limits
Premium storage disk type | P10 | P20 | P30 | P40 | P50 |
---|---|---|---|---|---|
Disk size | 128 GiB | 512 GiB | 1,024 GiB (1 TB) | 2,048 GiB (2 TB) | 4,095 GiB (4 TB) |
Maximum IOPS per disk | 500 | 2,300 | 5,000 | 7,500 | 7,500 |
Maximum throughput per disk | 100 MB/sec | 150 MB/sec | 200 MB/sec | 250 MB/sec | 250 MB/sec |
Maximum number of disks per storage account | 280 | 70 | 35 | 17 | 8 |
Premium unmanaged virtual machine disks: Per-VM limits
Resource | Limit |
---|---|
Maximum IOPS per VM | 80,000 IOPS with GS5 VM |
Maximum throughput per VM | 2,000 MB/sec with GS5 VM |
StorSimple System limits
Limit identifier | Limit | Comments |
---|---|---|
Maximum number of storage account credentials | 64 | |
Maximum number of volume containers | 64 | |
Maximum number of volumes | 255 | |
Maximum number of schedules per bandwidth template | 168 | A schedule for every hour, every day of the week. |
Maximum size of a tiered volume on physical devices | 64 TB for StorSimple 8100 and StorSimple 8600 | StorSimple 8100 and StorSimple 8600 are physical devices. |
Maximum size of a tiered volume on virtual devices in Azure | 30 TB for StorSimple 8010 64 TB for StorSimple 8020 |
StorSimple 8010 and StorSimple 8020 are virtual devices in Azure that use Standard storage and Premium storage, respectively. |
Maximum size of a locally pinned volume on physical devices | 9 TB for StorSimple 8100 24 TB for StorSimple 8600 |
StorSimple 8100 and StorSimple 8600 are physical devices. |
Maximum number of iSCSI connections | 512 | |
Maximum number of iSCSI connections from initiators | 512 | |
Maximum number of access control records per device | 64 | |
Maximum number of volumes per backup policy | 24 | |
Maximum number of backups retained per backup policy | 64 | |
Maximum number of schedules per backup policy | 10 | |
Maximum number of snapshots of any type that can be retained per volume | 256 | This amount includes local snapshots and cloud snapshots. |
Maximum number of snapshots that can be present in any device | 10,000 | |
Maximum number of volumes that can be processed in parallel for backup, restore, or clone | 16 |
|
Restore and clone recover time for tiered volumes | <2 minutes |
|
Restore recover time for locally pinned volumes | <2 minutes |
|
Thin-restore availability | Last failover | |
Maximum client read/write throughput, when served from the SSD tier* | 920/720 MB/sec with a single 10-gigabit Ethernet network interface | Up to two times with MPIO and two network interfaces. |
Maximum client read/write throughput, when served from the HDD tier* | 120/250 MB/sec | |
Maximum client read/write throughput, when served from the cloud tier* | 11/41 MB/sec | Read throughput depends on clients generating and maintaining sufficient I/O queue depth. |
*Maximum throughput per I/O type was measured with 100 percent read and 100 percent write scenarios. Actual throughput might be lower and depends on I/O mix and network conditions.
Stream Analytics limits
Limit identifier | Limit | Comments |
---|---|---|
Maximum number of streaming units per subscription per region | 500 | To request an increase in streaming units for your subscription beyond 500, contact Microsoft Support. |
Maximum number of inputs per job | 60 | There's a hard limit of 60 inputs per Azure Stream Analytics job. |
Maximum number of outputs per job | 60 | There's a hard limit of 60 outputs per Stream Analytics job. |
Maximum number of functions per job | 60 | There's a hard limit of 60 functions per Stream Analytics job. |
Maximum number of streaming units per job | 192 | There's a hard limit of 192 streaming units per Stream Analytics job. |
Maximum number of jobs per region | 1,500 | Each subscription can have up to 1,500 jobs per geographical region. |
Reference data blob MB | 300 | Reference data blobs can't be larger than 300 MB each. |
Maximum number of characters in a query | 512000 | There's a hard limit of 512k characters in an Azure Stream Analytics job query. |
Virtual Machines limits
Virtual Machines limits
Resource | Limit |
---|---|
Virtual machines per cloud service 1 | 50 |
Input endpoints per cloud service 2 | 150 |
1 Virtual machines created by using the classic deployment model instead of Azure Resource Manager are automatically stored in a cloud service. You can add more virtual machines to that cloud service for load balancing and availability.
2 Input endpoints allow communications to a virtual machine from outside the virtual machine's cloud service. Virtual machines in the same cloud service or virtual network can automatically communicate with each other.
Virtual Machines limits - Azure Resource Manager
The following limits apply when you use Azure Resource Manager and Azure resource groups.
Resource | Limit |
---|---|
VMs per subscription | 25,0001 per region. |
VM total cores per subscription | 201 per region. Contact support to increase limit. |
Azure Spot VM total cores per subscription | 201 per region. Contact support to increase limit. |
VM per series, such as Dv2 and F, cores per subscription | 201 per region. Contact support to increase limit. |
Availability sets per subscription | 2,500 per region. |
Virtual machines per availability set | 200 |
Proximity placement groups per resource group | 800 |
Certificates per availability set | 1992 |
Certificates per subscription | Unlimited3 |
1 Default limits vary by offer category type, such as Free Trial and Pay-As-You-Go, and by series, such as Dv2, F, and G. For example, the default for Enterprise Agreement subscriptions is 350.
2 Properties such as SSH public keys are also pushed as certificates and count towards this limit. To bypass this limit, use the Azure Key Vault extension for Windows or the Azure Key Vault extension for Linux to install certificates.
3 With Azure Resource Manager, certificates are stored in the Azure Key Vault. The number of certificates is unlimited for a subscription. There's a 1-MB limit of certificates per deployment, which consists of either a single VM or an availability set.
Note
Virtual machine cores have a regional total limit. They also have a limit for regional per-size series, such as Dv2 and F. These limits are separately enforced. For example, consider a subscription with a US East total VM core limit of 30, an A series core limit of 30, and a D series core limit of 30. This subscription can deploy 30 A1 VMs, or 30 D1 VMs, or a combination of the two not to exceed a total of 30 cores. An example of a combination is 10 A1 VMs and 20 D1 VMs.
Shared Image Gallery limits
There are limits, per subscription, for deploying resources using Shared Image Galleries:
- 100 shared image galleries, per subscription, per region
- 1,000 image definitions, per subscription, per region
- 10,000 image versions, per subscription, per region
Virtual machine scale sets limits
Resource | Limit |
---|---|
Maximum number of VMs in a scale set | 1,000 |
Maximum number of VMs based on a custom VM image in a scale set | 600 |
Maximum number of scale sets in a region | 2,500 |