Azure Active Directory 服務限制Azure AD service limits and restrictions

本文包含 Azure Active Directory (Azure AD) 服務的使用條件約束和其他服務限制。This article contains the usage constraints and other service limits for the Azure Active Directory (Azure AD) service. 如需完整的 Microsoft Azure 服務限制,請參閱 Azure 訂用帳戶及服務限制、配額與條件約束If you’re looking for the full set of Microsoft Azure service limits, see Azure Subscription and Service Limits, Quotas, and Constraints.

以下是 Azure Active Directory (Azure AD) 服務的使用條件約束和其他服務限制。Here are the usage constraints and other service limits for the Azure Active Directory (Azure AD) service.

CategoryCategory 限制Limits
目錄Directories 單一使用者能以成員或來賓的身分,隸屬於最多 500 個 Azure AD 目錄。A single user can belong to a maximum of 500 Azure AD directories as a member or a guest.
單一使用者最多可以建立 20 個目錄。A single user can create a maximum of 20 directories.
網域Domains 您可以新增 900 個以內的受控網域名稱。You can add no more than 900 managed domain names. 如果您要設定所有網域與內部部署 Active Directory 建立同盟,則可以在每個目錄中新增 450 個以內的網域名稱。If you set up all of your domains for federation with on-premises Active Directory, you can add no more than 450 domain names in each directory.
物件Objects
  • 依照預設,在免費版的 Azure Active Directory 中,最多可以在單一目錄中建立 50,000 個物件。A maximum of 50,000 objects can be created in a single directory by users of the Free edition of Azure Active Directory by default. 如果您有至少一個已驗證的網域,則 Azure AD 中的預設目錄服務配額會擴充至 300,000 個物件。If you have at least one verified domain, the default directory service quota in Azure AD is extended to 300,000 objects.
  • 非系統管理員的使用者最多可以建立 250 個物件。A non-admin user can create no more than 250 objects. 此配額可還原的計數包括作用中的物件和已刪除的物件。Both active objects and deleted objects that are available to restore count toward this quota. 只可還原 30 天內刪除的已刪除物件。Only deleted objects that were deleted fewer than 30 days ago are available to restore. 此配額無法還原的已刪除物件計數值為 30 天的四分之一。Deleted objects that are no longer available to restore count toward this quota at a value of one-quarter for 30 days. 您可以將系統管理員角色指派給非系統管理員使用者,他們會因為需要進行的日常工作而重覆超過此配額。Perhaps assign an administrator role to non-admin users who are likely to repeatedly exceed this quota in the course of their regular duties.
結構描述延伸模組Schema extensions
  • 字串類型延伸模組最多可以包含 256 個字元。String-type extensions can have a maximum of 256 characters.
  • 二進位類型延伸模組受限於 256 個位元組。Binary-type extensions are limited to 256 bytes.
  • 任何單一物件均可寫入 100 個延伸模組值,包括所有 類型和所有 應用程式皆可。Only 100 extension values, across all types and all applications, can be written to any single object.
  • 只能使用「字串」類型或「二進位」類型單一值屬性來擴充 User、Group、TenantDetail、Device、Application 和 ServicePrincipal 實體。Only User, Group, TenantDetail, Device, Application, and ServicePrincipal entities can be extended with string-type or binary-type single-valued attributes.
  • 結構描述延伸模組僅適用於圖形 API 版本 1.21 預覽。Schema extensions are available only in the Graph API version 1.21 preview. 應用程式必須取得寫入權限才能登錄延伸模組。The application must be granted write access to register an extension.
[應用程式]Applications 最多 100 個使用者可以成為單一應用程式的擁有者。A maximum of 100 users can be owners of a single application.
群組Groups
  • 最多 100 個使用者可以成為單一群組的擁有者。A maximum of 100 users can be owners of a single group.
  • 任何數目的物件都可以是單一群組的成員。Any number of objects can be members of a single group.
  • 使用者可以是任意數目群組的成員。A user can be a member of any number of groups.
  • 可以使用 Azure AD Connect 從您的內部部署 Active Directory 同步至 Azure Active Directory 群組中的成員數目限制為 5 萬個成員。The number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members.
應用程式 ProxyApplication Proxy
  • 最多 500 筆的交易,每個應用程式 Proxy 應用程式每秒A maximum of 500 transactions per second per App Proxy application
  • 最多 750 每秒交易數個租用戶A maximum of 750 transactions per second for the tenant

交易被定義為單一 http 要求和回應唯一的資源。A transaction is defined as a single http request and response for a unique resource. 節流時,用戶端會收到 429 的回應 (太多要求)。When throttled, clients will receive a 429 response (too many requests).
存取面板Access Panel
  • 每位使用者在存取面板中可以看到的應用程式數目沒有限制。There's no limit to the number of applications that can be seen in the Access Panel per user. 這適用於已指派 Azure AD Premium 或 Enterprise Mobility Suite 授權的使用者。This applies to users assigned licenses for Azure AD Premium or the Enterprise Mobility Suite.
  • 每位使用者可在存取面板中看到最多 10 個應用程式圖格。A maximum of 10 app tiles can be seen in the Access Panel for each user. 這項限制適用於已指派「免費」或 Azure Active Directory 的 Azure AD Basic 版本授權的使用者。This limit applies to users who are assigned licenses for Free or Azure AD Basic editions of Azure Active Directory. 應用程式圖格範例包括 Box、Salesforce 或 Dropbox。Examples of app tiles include Box, Salesforce, or Dropbox. 此限制不適用於系統管理員帳戶。This limit doesn't apply to administrator accounts.
報告Reports 在任何報告中,最多可以檢視或下載 1000 個資料列。A maximum of 1,000 rows can be viewed or downloaded in any report. 任何其他資料會遭到截斷。Any additional data is truncated.
管理單位Administrative units 物件可以是有不超過 30 個管理單位的成員。An object can be a member of no more than 30 administrative units.
系統管理員角色與權限Admin roles and permissions
  • 群組無法加入成為擁有者A group cannot be added as an owner.
  • 無法將群組指派給角色A group cannot be assigned to a role.
  • 使用者的能力讀取其他使用者的目錄資訊無法限制之外的整個租用戶的切換,以停用所有非系統管理員使用者的存取 (不建議使用) 的所有目錄資訊。Users’ ability to read other users’ directory information cannot be restricted outside of the tenant-wide switch to disable all non-admin users’ access to all directory information (not recommended). 預設權限的更多有關此處More information on default permissions here.
  • 可能需要 15 分鐘,或簽署外/登入之前系統管理員角色成員資格新增項目和撤銷才會生效。It may take up to 15 minutes or signing out/signing in before admin role membership additions and revocations take effect.

後續步驟Next steps