Azure subscription and service limits, quotas, and constraints

This document lists some of the most common Azure limits, which are also sometimes called quotas.

To learn more about Azure pricing, see Azure pricing overview. There, you can estimate your costs by using the pricing calculator. You also can go to the pricing details page for a particular service, for example, Windows VMs. For tips to help manage your costs, see Prevent unexpected costs with Azure billing and cost management.

Managing limits

Note

Some services have adjustable limits.

When a service doesn't have adjustable limits, the following tables use the header Limit. In those cases, the default and the maximum limits are the same.

When the limit can be adjusted, the tables include Default limit and Maximum limit headers. The limit can be raised above the default limit but not above the maximum limit.

If you want to raise the limit or quota above the default limit, open an online customer support request at no charge.

The terms soft limit and hard limit often are used informally to describe the current, adjustable limit (soft limit) and the maximum limit (hard limit). If a limit isn't adjustable, there won't be a soft limit, only a hard limit.

Trial subscriptions.

Some limits are managed at a regional level.

Let's use vCPU quotas as an example. To request a quota increase with support for vCPUs, you must decide how many vCPUs you want to use in which regions. You then request an increase in vCPU quotas for the amounts and regions that you want. If you need to use 30 vCPUs in China North to run your application there, you specifically request 30 vCPUs in China North. Your vCPU quota isn't increased in any other region--only China North has the 30-vCPU quota.

As a result, decide what your quotas must be for your workload in any one region. Then request that amount in each region into which you want to deploy. For help in how to determine your current quotas for specific regions, see Resolve errors for resource quotas.

General limits

For limits on resource names, see Naming rules and restrictions for Azure resources.

For information about Resource Manager API read and write limits, see Throttling Resource Manager requests.

Management group limits

The following limits apply to management groups.

Resource Limit
Management groups per Azure AD tenant 10,000
Subscriptions per management group Unlimited.
Levels of management group hierarchy Root level plus 6 levels1
Direct parent management group per management group One
Management group level deployments per location 8002

1The 6 levels don't include the subscription level.

2If you reach the limit of 800 deployments, delete deployments from the history that are no longer needed. To delete management group level deployments, use Remove-AzManagementGroupDeployment or az deployment mg delete.

Subscription limits

The following limits apply when you use Azure Resource Manager and Azure resource groups.

Resource Limit
Subscriptions associated with an Azure Active Directory tenant Unlimited
Coadministrators per subscription Unlimited.
Resource groups per subscription 980
Azure Resource Manager API request size 4,194,304 bytes
Tags per subscription1 50
Unique tag calculations per subscription1 80,000
Subscription-level deployments per location 8002

1You can apply up to 50 tags directly to a subscription. However, the subscription can contain an unlimited number of tags that are applied to resource groups and resources within the subscription. The number of tags per resource or resource group is limited to 50. Resource Manager returns a list of unique tag name and values in the subscription only when the number of tags is 80,000 or less. You still can find a resource by tag when the number exceeds 80,000.

2If you reach the limit of 800 deployments, delete deployments that are no longer needed from the history. To delete subscription-level deployments, use Remove-AzDeployment or az deployment sub delete.

Resource group limits

Resource Limit
Resources per resource group Resources aren't limited by resource group. Instead, they're limited by resource type in a resource group. See next row.
Resources per resource group, per resource type 800 - Some resource types can exceed the 800 limit. See Resources not limited to 800 instances per resource group.
Deployments per resource group in the deployment history 8001
Resources per deployment 800
Management locks per unique scope 20
Number of tags per resource or resource group 50
Tag key length 512
Tag value length 256

1Deployments are automatically deleted from the history as you near the limit. Deleting an entry from the deployment history doesn't affect the deployed resources. For more information, see Automatic deletions from deployment history.

Template limits

Value Limit
Parameters 256
Variables 256
Resources (including copy count) 800
Outputs 64
Template expression 24,576 chars
Resources in exported templates 200
Template size 4 MB
Parameter file size 64 KB

You can exceed some template limits by using a nested template. For more information, see Use linked templates when you deploy Azure resources. To reduce the number of parameters, variables, or outputs, you can combine several values into an object.

Active Directory limits

Here are the usage constraints and other service limits for the Azure AD service.

Category Limit
Tenants
  • A single user can belong to a maximum of 500 Azure AD tenants as a member or a guest.
  • A single user can create a maximum of 200 directories.
  • Domains
  • You can add no more than 5,000 managed domain names.
  • If you set up all of your domains for federation with on-premises Active Directory, you can add no more than 2,500 domain names in each tenant.
  • Resources
    • By default, a maximum of 50,000 Azure AD resources can be created in a single tenant by users of the Azure Active Directory Free edition. If you have at least one verified domain, the default Azure AD service quota for your organization is extended to 300,000 Azure AD resources.
      The Azure AD service quota for organizations created by self-service sign-up remains 50,000 Azure AD resources, even after you perform an internal admin takeover and the organization is converted to a managed tenant with at least one verified domain. This service limit is unrelated to the pricing tier limit of 500,000 resources on the Azure AD pricing page.
      To go beyond the default quota, you must contact Microsoft Support.
    • A non-admin user can create no more than 250 Azure AD resources. Both active resources and deleted resources that are available to restore count toward this quota. Only deleted Azure AD resources that were deleted fewer than 30 days ago are available to restore. Deleted Azure AD resources that are no longer available to restore count toward this quota at a value of one-quarter for 30 days.
      If you have developers who are likely to repeatedly exceed this quota in the course of their regular duties, you can create and assign a custom role with permission to create a limitless number of app registrations.
    Schema extensions
    • String-type extensions can have a maximum of 256 characters.
    • Binary-type extensions are limited to 256 bytes.
    • Only 100 extension values, across all types and all applications, can be written to any single Azure AD resource.
    • Only User, Group, TenantDetail, Device, Application, and ServicePrincipal entities can be extended with string-type or binary-type single-valued attributes.
    Applications
    • A maximum of 100 users and service principals can be owners of a single application.
    • A user, group, or service principal can have a maximum of 1,500 app role assignments. The limitation is on the service principal, user, or group across all app roles and not on the number of assignments on a single app role.
    • An app configured for password-based single sign-on can have a maximum of 48 groups assigned with credentials configured.
    • A user can have credentials configured for a maximum of 48 apps using password-based single sign-on. This limit only applies for credentials configured when the user is directly assigned the app, not when the user is a member of a group which is assigned.
    • See additional limits in Validation differences by supported account types.
    Application manifest A maximum of 1,200 entries can be added to the application manifest.
    See additional limits in Validation differences by supported account types.
    Groups
    • A non-admin user can create a maximum of 250 groups in an Azure AD organization. Any Azure AD admin who can manage groups in the organization can also create an unlimited number of groups (up to the Azure AD object limit). If you assign a role to a user to remove the limit for that user, assign a less privileged, built-in role such as User Administrator or Groups Administrator.
    • An Azure AD organization can have a maximum of 5,000 dynamic groups.
    • A maximum of 500 role-assignable groups can be created in a single Azure AD organization (tenant).
    • A maximum of 100 users can be owners of a single group.
    • Any number of Azure AD resources can be members of a single group.
    • A user can be a member of any number of groups. When security groups are being used in combination with SharePoint Online, a user can be a part of 2,049 security groups in total. This includes both direct and indirect group memberships. When this limit is exceeded, authentication and search results become unpredictable.
    • By default, the number of members in a group that you can synchronize from your on-premises Active Directory to Azure Active Directory by using Azure AD Connect is limited to 50,000 members. If you need to sync a group membership that's over this limit, you must onboard the Azure AD Connect Sync V2 endpoint API.
    • Nested groups in Azure AD are not supported within all scenarios.
    • When you select a list of groups, you can assign a group expiration policy to a maximum of 500 Microsoft 365 groups. There is no limit when the policy is applied to all Microsoft 365 groups.

    At this time, the following scenarios are supported with nested groups:
    • One group can be added as a member of another group, and you can achieve group nesting.
    • Group membership claims. When an app is configured to receive group membership claims in the token, nested groups in which the signed-in user is a member are included.
    • Conditional access (when a conditional access policy has a group scope).
    • Restricting access to self-serve password reset.
    • Restricting which users can do Azure AD Join and device registration.

    The following scenarios are not supported with nested groups:
    • App role assignment, for both access and provisioning. Assigning groups to an app is supported, but any groups nested within the directly assigned group won't have access.
    • Group-based licensing (assigning a license automatically to all members of a group).
    • Microsoft 365 Groups.
    Application Proxy
    • A maximum of 500 transactions* per second per Application Proxy application.
    • A maximum of 750 transactions per second for the Azure AD organization.

      *A transaction is defined as a single HTTP request and response for a unique resource. When clients are throttled, they'll receive a 429 response (too many requests).
    Access Panel There's no limit to the number of applications per user that can be displayed in the Access Panel, regardless of the number of assigned licenses.
    Reports A maximum of 1,000 rows can be viewed or downloaded in any report. Any additional data is truncated.
    Administrative units An Azure AD resource can be a member of no more than 30 administrative units.
    Azure AD roles and permissions
    • A maximum of 30 Azure AD custom roles can be created in an Azure AD organization.
    • A maximum of 100 Azure AD custom role assignments for a single principal at tenant scope.
    • A maximum of 100 Azure AD built-in role assignments for a single principal at non-tenant scope (such as an administrative unit or Azure AD object). There is no limit to Azure AD built-in role assignments at tenant scope.
    • A group can't be added as a group owner.
    • A user's ability to read other users' tenant information can be restricted only by the Azure AD organization-wide switch to disable all non-admin users' access to all tenant information (not recommended). For more information, see To restrict the default permissions for member users.
    • It might take up to 15 minutes or you might have to sign out and sign back in before admin role membership additions and revocations take effect.

    API Management limits

    Resource Limit
    Maximum number of scale units 10 per region1
    Cache size 5 GiB per unit2
    Concurrent back-end connections3 per HTTP authority 2,048 per unit4
    Maximum cached response size 2 MiB
    Maximum policy document size 256 KiB5
    Maximum custom gateway domains per service instance6 20
    Maximum number of CA certificates per service instance 10
    Maximum number of service instances per subscription7 20
    Maximum number of subscriptions per service instance7 500
    Maximum number of client certificates per service instance7 50
    Maximum number of APIs per service instance7 50
    Maximum number of API operations per service instance7 1,000
    Maximum total request duration7 30 seconds
    Maximum buffered payload size7 2 MiB
    Maximum request URL size8 4096 bytes

    1Scaling limits depend on the pricing tier. To see the pricing tiers and their scaling limits, see API Management pricing.
    2Per unit cache size depends on the pricing tier. To see the pricing tiers and their scaling limits, see API Management pricing.
    3Connections are pooled and reused unless explicitly closed by the back end.
    4This limit is per unit of the Basic, Standard, and Premium tiers. The Developer tier is limited to 1,024. This limit doesn't apply to the Consumption tier.
    5This limit applies to the Basic, Standard, and Premium tiers. In the Consumption tier, policy document size is limited to 16 KiB.
    6This resource is available in the Premium tier only.
    7This resource applies to the Consumption tier only.
    8Applies to the Consumption tier only. Includes an up to 2048 bytes long query string.

    App Service limits

    Resource Free Shared Basic Standard Premium (v1-v3) Isolated
    Web, mobile, or API apps per Azure App Service plan1 10 100 Unlimited2 Unlimited2 Unlimited2 Unlimited2
    App Service plan 10 per region 10 per resource group 100 per resource group 100 per resource group 100 per resource group 100 per resource group
    Compute instance type Shared Shared Dedicated3 Dedicated3 Dedicated3

    Dedicated3
    Scale out (maximum instances) 1 shared 1 shared 3 dedicated3 10 dedicated3 20 dedicated for v1; 30 dedicated for v2 and v3.3 100 dedicated4
    Storage5 1 GB5 1 GB5 10 GB5 50 GB5 250 GB5 1 TB13

    The available storage quota is 999 GB.
    CPU time (5 minutes)6 3 minutes 3 minutes Unlimited, pay at standard rates Unlimited, pay at standard rates Unlimited, pay at standard rates Unlimited, pay at standard rates
    CPU time (day)6 60 minutes 240 minutes Unlimited, pay at standard rates Unlimited, pay at standard rates Unlimited, pay at standard rates Unlimited, pay at standard rates
    Memory (1 hour) 1,024 MB per App Service plan 1,024 MB per app N/A N/A N/A N/A
    Bandwidth 165 MB Unlimited, data transfer rates apply Unlimited, data transfer rates apply Unlimited, data transfer rates apply Unlimited, data transfer rates apply Unlimited, data transfer rates apply
    Application architecture 32-bit 32-bit 32-bit/64-bit 32-bit/64-bit 32-bit/64-bit 32-bit/64-bit
    Web sockets per instance7 5 35 350 Unlimited Unlimited Unlimited
    Outbound IP connections per instance 600 600 Depends on instance size8 Depends on instance size8 Depends on instance size8 16,000
    Concurrent debugger connections per application 1 1 1 5 5 5
    App Service Certificates per subscription9 Not supported Not supported 10 10 10 10
    Custom domains per app 0 (chinacloudsites.cn subdomain only) 500 500 500 500 500
    Custom domain SSL support Not supported, wildcard certificate for *.chinacloudsites.cn available by default Not supported, wildcard certificate for *.chinacloudsites.cn available by default Unlimited SNI SSL connections Unlimited SNI SSL and 1 IP SSL connections included Unlimited SNI SSL and 1 IP SSL connections included Unlimited SNI SSL and 1 IP SSL connections included
    Hybrid connections 5 per plan 25 per plan 220 per app 220 per app
    Virtual Network Integration X X X
    Private Endpoints 100 per app
    Integrated load balancer X X X X X10
    Access restrictions 512 rules per app 512 rules per app 512 rules per app 512 rules per app 512 rules per app 512 rules per app
    Always On X X X X
    Scheduled backups Scheduled backups every 2 hours, a maximum of 12 backups per day (manual + scheduled) Scheduled backups every hour, a maximum of 50 backups per day (manual + scheduled) Scheduled backups every hour, a maximum of 50 backups per day (manual + scheduled)
    Autoscale X X X
    Endpoint monitoring X X X X
    Staging slots per app 5 20 20
    Testing in Production X X X
    Diagnostic Logs X X X X X X
    Kudu X X X X X X
    Authentication and Authorization X X X X X X
    App Service Managed Certificates (Public Preview)12 X X X X
    SLA 99.95% 99.95% 99.95% 99.95%

    1 Apps and storage quotas are per App Service plan unless noted otherwise.

    2 The actual number of apps that you can host on these machines depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.

    3 Dedicated instances can be of different sizes. For more information, see App Service pricing.

    4 More are allowed upon request.

    5 The storage limit is the total content size across all apps in the same App service plan. The total content size of all apps across all App service plans in a single resource group and region cannot exceed 500 GB. The file system quota for App Service hosted apps is determined by the aggregate of App Service plans created in a region and resource group.

    6 These resources are constrained by physical resources on the dedicated instances (the instance size and the number of instances).

    7 If you scale an app in the Basic tier to two instances, you have 350 concurrent connections for each of the two instances. For Standard tier and above, there are no theoretical limits to web sockets, but other factors can limit the number of web sockets. For example, maximum concurrent requests allowed (defined by maxConcurrentRequestsPerCpu) are: 7,500 per small VM, 15,000 per medium VM (7,500 x 2 cores), and 75,000 per large VM (18,750 x 4 cores).

    8 The maximum IP connections are per instance and depend on the instance size: 1,920 per B1/S1/P1V3 instance, 3,968 per B2/S2/P2V3 instance, 8,064 per B3/S3/P3V3 instance.

    9 The App Service Certificate quota limit per subscription can be increased via a support request to a maximum limit of 200.

    10 App Service Isolated SKUs can be internally load balanced (ILB) with Azure Load Balancer, so there's no public connectivity from the internet. As a result, some features of an ILB Isolated App Service must be used from machines that have direct access to the ILB network endpoint.

    11 Run custom executables and/or scripts on demand, on a schedule, or continuously as a background task within your App Service instance. Always On is required for continuous WebJobs execution. There's no predefined limit on the number of WebJobs that can run in an App Service instance. There are practical limits that depend on what the application code is trying to do.

    12 Naked domains aren't supported. Only issuing standard certificates (wildcard certificates aren't available). Limited to only one free certificate per custom domain.

    13 Total storage usage across all apps deployed in a single App Service Environment (regardless of how they're allocated across different resource groups).

    Automation limits

    Process automation

    Resource Limit Notes
    Maximum number of new jobs that can be submitted every 30 seconds per Azure Automation account (nonscheduled jobs) 100 When this limit is reached, the subsequent requests to create a job fail. The client receives an error response.
    Maximum number of concurrent running jobs at the same instance of time per Automation account (nonscheduled jobs) 200 When this limit is reached, the subsequent requests to create a job fail. The client receives an error response.
    Maximum storage size of job metadata for a 30-day rolling period 10 GB (approximately 4 million jobs) When this limit is reached, the subsequent requests to create a job fail.
    Maximum job stream limit 1 MiB A single stream cannot be larger than 1 MiB.
    Maximum number of modules that can be imported every 30 seconds per Automation account 5
    Maximum size of a module 100 MB
    Maximum size of a node configuration file 1 MB Applies to state configuration
    Job run time, Free tier 500 minutes per subscription per calendar month
    Maximum amount of disk space allowed per sandbox1 1 GB Applies to Azure sandboxes only.
    Maximum amount of memory given to a sandbox1 400 MB Applies to Azure sandboxes only.
    Maximum number of network sockets allowed per sandbox1 1,000 Applies to Azure sandboxes only.
    Maximum runtime allowed per runbook1 3 hours Applies to Azure sandboxes only.
    Maximum number of Automation accounts in a subscription No limit
    Maximum number of system hybrid runbook workers per Automation Account 4,000
    Maximum number of user hybrid runbook workers per Automation Account 4,000
    Maximum number of concurrent jobs that can be run on a single Hybrid Runbook Worker 50
    Maximum runbook job parameter size 512 kilobytes
    Maximum runbook parameters 50 If you reach the 50-parameter limit, you can pass a JSON or XML string to a parameter and parse it with the runbook.
    Maximum webhook payload size 512 kilobytes
    Maximum days that job data is retained 30 days
    Maximum PowerShell workflow state size 5 MB Applies to PowerShell workflow runbooks when checkpointing workflow.
    Maximum number of tags supported by an Automation account 15

    1A sandbox is a shared environment that can be used by multiple jobs. Jobs that use the same sandbox are bound by the resource limitations of the sandbox.

    Update Management

    The following table shows the limits for Update Management.

    Resource Limit Notes
    Number of machines per update deployment 1000
    Number of dynamic groups per update deployment 500

    Azure App Configuration

    Resource Limit
    Configuration stores - Free tier 1 per subscription
    Configuration stores - Standard tier unlimited per subscription
    Configuration store requests - Free tier 1,000 requests per day
    Configuration store requests - Standard tier Throttling starts at 20,000 requests per hour
    Storage - Free tier 10 MB
    Storage - Standard tier 1 GB
    keys and values 10 KB for a single key-value item

    Azure Cache for Redis limits

    Resource Limit
    Cache size 1.2 TB
    Databases 64
    Maximum connected clients 40,000
    Azure Cache for Redis replicas, for high availability 3
    Shards in a premium cache with clustering 10

    Azure Cache for Redis limits and sizes are different for each pricing tier. To see the pricing tiers and their associated sizes, see Azure Cache for Redis pricing.

    For more information on Azure Cache for Redis configuration limits, see Default Redis server configuration.

    Because configuration and management of Azure Cache for Redis instances is done by Microsoft, not all Redis commands are supported in Azure Cache for Redis. For more information, see Redis commands not supported in Azure Cache for Redis.

    Azure Cloud Services limits

    Resource Limit
    Web or worker roles per deployment1 25
    Instance input endpoints per deployment 25
    Input endpoints per deployment 25
    Internal endpoints per deployment 25
    Hosted service certificates per deployment 199

    1Each Azure Cloud Service with web or worker roles can have two deployments, one for production and one for staging. This limit refers to the number of distinct roles, that is, configuration. This limit doesn't refer to the number of instances per role, that is, scaling.

    Azure Cognitive Search limits

    Pricing tiers determine the capacity and limits of your search service. Tiers include:

    • Free multi-tenant service, shared with other Azure subscribers, is intended for evaluation and small development projects.
    • Basic provides dedicated computing resources for production workloads at a smaller scale, with up to three replicas for highly available query workloads.
    • Standard, which includes S1, S2, S3, and S3 High Density, is for larger production workloads. Multiple levels exist within the Standard tier so that you can choose a resource configuration that best matches your workload profile.

    Limits per subscription

    You can create multiple services within a subscription. Each one can be provisioned at a specific tier. You're limited only by the number of services allowed at each tier. For example, you could create up to 12 services at the Basic tier and another 12 services at the S1 tier within the same subscription. For more information about tiers, see Choose an SKU or tier for Azure Cognitive Search.

    Maximum service limits can be raised upon request. If you need more services within the same subscription, contact Azure Support.

    Resource Free1 Basic S1 S2 S3 S3 HD L1 L2
    Maximum services 1 16 16 8 6 6 6 6
    Maximum scale in search units (SU)2 N/A 3 SU 36 SU 36 SU 36 SU 36 SU 36 SU 36 SU

    1 Free is based on shared, not dedicated, resources. Scale-up is not supported on shared resources.

    2 Search units are billing units, allocated as either a replica or a partition. You need both resources for storage, indexing, and query operations. To learn more about SU computations, see Scale resource levels for query and index workloads.

    Limits per search service

    A search service is constrained by disk space or by a hard limit on the maximum number of indexes or indexers, whichever comes first. The following table documents storage limits. For maximum object limits, see Limits by resource.

    Resource Free Basic1 S1 S2 S3 S3 HD L1 L2
    Service level agreement (SLA)2 No Yes Yes Yes Yes Yes Yes Yes
    Storage per partition 50 MB 2 GB 25 GB 100 GB 200 GB 200 GB 1 TB 2 TB
    Partitions per service N/A 1 12 12 12 3 12 12
    Partition size N/A 2 GB 25 GB 100 GB 200 GB 200 GB 1 TB 2 TB
    Replicas N/A 3 12 12 12 12 12 12

    1 Basic has one fixed partition. Additional search units can be used to add replicas for larger query volumes.

    2 Service level agreements are in effect for billable services on dedicated resources. Free services and preview features have no SLA. For billable services, SLAs take effect when you provision sufficient redundancy for your service. Two or more replicas are required for query (read) SLAs. Three or more replicas are required for query and indexing (read-write) SLAs. The number of partitions isn't an SLA consideration.

    To learn more about limits on a more granular level, such as document size, queries per second, keys, requests, and responses, see Service limits in Azure Cognitive Search.

    Azure Cognitive Services limits

    The following limits are for the number of Cognitive Services resources per Azure subscription. There is a limit of only one allowed 'Free' account, per Cognitive Service type, per subscription. Each of the Cognitive Services may have other limitations, for more information, see Azure Cognitive Services.

    Type Limit Example
    A mixture of Cognitive Services resources Maximum of 200 total Cognitive Services resources per region. 100 Computer Vision resources in China East 2, 50 Speech Service resources in China East 2, and 50 Text Analytics resources in China East 2.
    A single type of Cognitive Services resources. Maximum of 100 resources per region 100 Computer Vision resources in China East 2, and 100 Computer Vision resources in China North.

    Azure Cosmos DB limits

    For Azure Cosmos DB limits, see Limits in Azure Cosmos DB.

    Azure Data Explorer limits

    The following table describes the maximum limits for Azure Data Explorer clusters.

    Resource Limit
    Clusters per region per subscription 20
    Instances per cluster 1000
    Number of databases in a cluster 10,000
    Number of follower clusters (data share consumers) per leader cluster (data share producer) 70

    The following table describes the limits on management operations performed on Azure Data Explorer clusters.

    Scope Operation Limit
    Cluster read (for example, get a cluster) 500 per 5 minutes
    Cluster write (for example, create a database) 1000 per hour

    Azure Database for MySQL

    For Azure Database for MySQL limits, see Limitations in Azure Database for MySQL.

    Azure Database for PostgreSQL

    For Azure Database for PostgreSQL limits, see Limitations in Azure Database for PostgreSQL.

    Azure Functions limits

    Resource Consumption plan Premium plan Dedicated plan ASE Kubernetes
    Default timeout duration (min) 5 30 301 30 30
    Max timeout duration (min) 10 unbounded7 unbounded2 unbounded unbounded
    Max outbound connections (per instance) 600 active (1200 total) unbounded unbounded unbounded unbounded
    Max request size (MB)3 100 100 100 100 Depends on cluster
    Max query string length3 4096 4096 4096 4096 Depends on cluster
    Max request URL length3 8192 8192 8192 8192 Depends on cluster
    ACU per instance 100 210-840 100-840 210-2508 AKS pricing
    Max memory (GB per instance) 1.5 3.5-14 1.75-14 3.5 - 14 Any node is supported
    Max instance count (Windows/Linux) 200/100 100/20 varies by SKU9 1009 Depends on cluster
    Function apps per plan 100 100 unbounded4 unbounded unbounded
    App Service plans 100 per region 100 per resource group 100 per resource group - -
    Deployment slots per app10 2 3 1-209 20 n/a
    Storage5 5 TB 250 GB 50-1000 GB 1 TB n/a
    Custom domains per app 5006 500 500 500 n/a
    Custom domain SSL support unbounded SNI SSL connection included unbounded SNI SSL and 1 IP SSL connections included unbounded SNI SSL and 1 IP SSL connections included unbounded SNI SSL and 1 IP SSL connections included n/a

    1 By default, the timeout for the Functions 1.x runtime in an App Service plan is unbounded.
    2 Requires the App Service plan be set to Always On. Pay at standard rates.
    3 These limits are set in the host.
    4 The actual number of function apps that you can host depends on the activity of the apps, the size of the machine instances, and the corresponding resource utilization.
    5 The storage limit is the total content size in temporary storage across all apps in the same App Service plan. Consumption plan uses Azure Files for temporary storage.
    6 When your function app is hosted in a Consumption plan, only the CNAME option is supported. For function apps in a Premium plan or an App Service plan, you can map a custom domain using either a CNAME or an A record.
    7 Guaranteed for up to 60 minutes.
    8 Workers are roles that host customer apps. Workers are available in three fixed sizes: One vCPU/3.5 GB RAM; Two vCPU/7 GB RAM; Four vCPU/14 GB RAM.
    9 See App Service limits for details.
    10 Including the production slot.

    For more information, see Functions Hosting plans comparison.

    Azure Health Data Services

    Azure Health Data Services limits

    Health Data Services is a set of managed API services based on open standards and frameworks. Health Data Services enables workflows to improve healthcare and offers scalable and secure healthcare solutions. Health Data Services includes Fast Healthcare Interoperability Resources (FHIR) service, the Digital Imaging and Communications in Medicine (DICOM) service, and MedTech service.

    FHIR service is an implementation of the FHIR specification within Health Data Services. It enables you to combine in a single workspace one or more FHIR service instances with optional DICOM and MedTech service instances. Azure API for FHIR is generally available as a stand-alone service offering.

    FHIR service in Azure Health Data Services has a limit of 4 TB for structured storage.

    Quota Name Default Limit Maximum Limit Notes
    Workspace 10 Contact support Limit per subscription
    FHIR 10 Contact support Limit per workspace
    DICOM 10 Contact support Limit per workspace
    MedTech 10 N/A Limit per workspace, can't be increased

    Azure API for FHIR service limits

    Azure API for FHIR is a managed, standards-based, compliant API for clinical health data that enables solutions for actionable analytics and machine learning.

    Quota Name Default Limit Maximum Limit Notes
    Request Units (RUs) 10,000 RUs Contact support Maximum available is 1,000,000. You need a minimum of 400 RUs or 40 RUs/GB, whichever is larger.
    Concurrent connections 15 concurrent connections on two instances (for a total of 30 concurrent requests) Contact support
    Azure API for FHIR Service Instances per Subscription 10 Contact support

    Azure Kubernetes Service limits

    Resource Limit
    Maximum clusters per subscription 5000
    Maximum nodes per cluster with Virtual Machine Availability Sets and Basic Load Balancer SKU 100
    Maximum nodes per cluster with Virtual Machine Scale Sets and Standard Load Balancer SKU 1000 (across all node pools)
    Maximum node pools per cluster 100
    Maximum pods per node: Basic networking with Kubenet Maximum: 250
    Azure CLI default: 110
    Azure Resource Manager template default: 110
    Azure portal deployment default: 30
    Maximum pods per node: Advanced networking with Azure Container Networking Interface Maximum: 250
    Default: 30
    Kubernetes Control Plane tier Limit
    Paid tier Automatically scales out based on the load
    Free tier Limited resources with inflight requests limit of 50 mutating and 100 read-only calls

    Azure Machine Learning limits

    The latest values for Azure Machine Learning Compute quotas can be found in the Azure Machine Learning quota page

    Azure Monitor limits

    Alerts

    Resource Default limit Maximum limit
    Metric alerts (classic) 100 active alert rules per subscription. Call support
    Metric alerts 5,000 active alert rules per subscription in Azure China. If you are hitting this limit, explore if you can use same type multi-resource alerts.
    5,000 metric time-series per alert rule.
    Call support.
    Activity log alerts 100 active alert rules per subscription (cannot be increased). Same as default
    Log alerts 5000 active alert rules per subscription. Out of which 100 active alert rules with 1-minute frequency.
    1000 active alert rules per resource.
    6000 time series per alert rule.
    Call support
    Alert processing rules 1000 active rules per subscription. Call support
    Alert rules and alert processing rules description length Log search alerts 4096 characters
    All other 2048 characters
    Same as default

    Alerts API

    Azure Monitor Alerts have several throttling limits to protect against users making an excessive number of calls. Such behavior can potentially overload the system backend resources and jeopardize service responsiveness. The following limits are designed to protect customers from interruptions and ensure consistent service level. The user throttling and limits are designed to impact only extreme usage scenario and should not be relevant for typical usage.

    Resource Default limit Maximum limit
    Alerts - Get Summary 50 calls per minute per subscription Same as default
    Alerts - Get All (not "Get By Id") 100 calls per minute per subscription Same as default
    All other alerts calls 1000 calls per minute per subscription Same as default

    Action groups

    You may have an unlimited number of action groups in a subscription.

    Resource Default limit Maximum limit
    Email 1,000 email actions in an action group.
    No more than 100 emails in an hour.
    Also see the rate limiting information.
    Same as Default
    Email ARM role 10 Email ARM role actions per action group. Same as Default
    Event Hub 10 Event Hub actions per action group. Same as Default
    Logic app 10 logic app actions in an action group. Same as Default
    Runbook 10 runbook actions in an action group. Same as Default
    Secure Webhook 10 secure webhook actions in an action group. Maximum number of webhook calls is 1500 per minute per subscription. Other limits are available at action-specific information. Same as Default
    SMS 10 SMS actions in an action group.
    No more than 1 SMS message every 5 minutes.
    Also see the rate limiting information.
    Same as Default
    Webhook 10 webhook actions in an action group. Maximum number of webhook calls is 1500 per minute per subscription. Other limits are available at action-specific information. Same as Default

    Autoscale

    Resource Default limit Maximum limit
    Autoscale settings 100 per region per subscription. Same as default
    Autoscale profiles 20 profiles per autoscale setting. Same as default

    Log queries and language

    General query limits

    Limit Description
    Query language Azure Monitor uses the same Kusto query language as Azure Data Explorer. See Azure Monitor log query language differences for KQL language elements not supported in Azure Monitor.
    Azure regions Log queries can experience excessive overhead when data spans Log Analytics workspaces in multiple Azure regions. See Query limits for details.
    Cross resource queries Maximum number of Application Insights resources and Log Analytics workspaces in a single query limited to 100.
    Cross-resource query is not supported in View Designer.
    Cross-resource query in log alerts is supported in the new scheduledQueryRules API.
    See Cross-resource query limits for details.

    User query throttling

    Azure Monitor has several throttling limits to protect against users sending an excessive number of queries. Such behavior can potentially overload the system backend resources and jeopardize service responsiveness. The following limits are designed to protect customers from interruptions and ensure consistent service level. The user throttling and limits are designed to impact only extreme usage scenario and should not be relevant for typical usage.

    Measure Limit per user Description
    Concurrent queries 5 A user can run up to 5 concurrent queries, any additional query will be added to a queue. When one of the running queries finishes, the first query in the queue is pulled from the queue and starts running. Note: Alerts queries are not part of this limit.
    Time in concurrency queue 3 minutes If a query sits in the queue for more than 3 minutes without being started, it will be terminated with an HTTP error response with code 429.
    Total queries in concurrency queue 200 Once the number of queries in the queue reach 200, the next query will be rejected with an HTTP error code 429. This number is in addition to the five queries that can be running simultaneously.
    Query rate 200 queries per 30 seconds Overall rate of queries that can be submitted by a single user to all workspaces. This limit applies to programmatic queries or queries initiated by visualization parts such as Azure dashboards and the Log Analytics workspace summary page.
    • Optimize your queries as described in Optimize log queries in Azure Monitor.
    • Dashboards and workbooks can contain multiple queries in a single view that generate a burst of queries every time they load or refresh. Consider breaking them up into multiple views that load on demand.
    • In Power BI, consider extracting only aggregated results rather than raw logs.

    Log Analytics workspaces

    Data collection volume and retention

    Pricing tier Limit per day Data retention Comment
    Pay-as-you-go
    (introduced April 2018)
    No limit up to 730 days interactive retention /
    up to 7 years data archive
    Data retention beyond 31 days is available for additional charges. Learn more about Azure Monitor pricing.
    Commitment tiers
    (introduced November 2019)
    No limit up to 730 days interactive retention /
    up to 7 years data archive
    Data retention beyond 31 days is available for additional charges. Learn more about Azure Monitor pricing.

    Number of workspaces per subscription.

    Pricing tier Workspace limit Comments
    Legacy Free tier 10 This limit can't be increased. Creating new workspaces in, or moving existing workspaces into, the legacy 1rmb-trial pricing tier is possible only until July 1, 2022.
    All other tiers No limit You're limited by the number of resources within a resource group and the number of resource groups per subscription.

    Azure portal

    Category Limit Comments
    Maximum records returned by a log query 30,000 Reduce results using query scope, time range, and filters in the query.

    Data Collector API

    Category Limit Comments
    Maximum size for a single post 30 MB Split larger volumes into multiple posts.
    Maximum size for field values 32 KB Fields longer than 32 KB are truncated.

    Query API

    Category Limit Comments
    Maximum records returned in a single query 500,000
    Maximum size of data returned ~104 MB (~100 MiB) The API returns up to 64 MB of compressed data, which translates to up to 100 MB of raw data.
    Maximum query running time 10 minutes See Timeouts for details.
    Maximum request rate 200 requests per 30 seconds per Azure AD user or client IP address See Log queries and language.

    Azure Monitor Logs connector

    Category Limit Comments
    Max size of data ~16.7 MB (~16 MiB) The connector infrastructure dictates that limit is set lower than query API limit
    Max number of records 500,000
    Max connector timeout 110 second
    Max query timeout 100 second
    Charts The Logs page and the connector use different charting libraries for visualization. Some functionality isn't currently available in the connector.

    General workspace limits

    Category Limit Comments
    Maximum columns in a table 500
    Maximum characters for column name 45

    Data ingestion volume rate

    Azure Monitor is a high scale data service that serves thousands of customers sending terabytes of data each month at a growing pace. The volume rate limit intends to isolate Azure Monitor customers from sudden ingestion spikes in multitenancy environment. A default ingestion volume rate threshold of 500 MB (compressed) is defined in workspaces, this is translated to approximately 6 GB/min uncompressed -- the actual size can vary between data types depending on the log length and its compression ratio. The volume rate limit applies to data ingested from Azure resources via Diagnostic settings. When volume rate limit is reached, a retry mechanism attempts to ingest the data four times in a period of 30 minutes and drop it if operation fails. It doesn't apply to data ingested from agents or Data Collector API.

    When data sent to your workspace is at a volume rate higher than 80% of the threshold configured in your workspace, an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. When ingested volume rate is higher than threshold, some data is dropped and an event is sent to the Operation table in your workspace every 6 hours while the threshold continues to be exceeded. If your ingestion volume rate continues to exceed the threshold or you're expecting to reach it sometime soon, you can request to increase it in by opening a support request.

    See Monitor health of Log Analytics workspace in Azure Monitor to create alert rules to be proactively notified when you reach any ingestion limits.

    Note

    Depending on how long you've been using Log Analytics, you might have access to legacy pricing tiers. Learn more about Log Analytics legacy pricing tiers.

    Application Insights

    There are some limits on the number of metrics and events per application, that is, per instrumentation key. Limits depend on the pricing plan that you choose.

    Resource Default limit Maximum limit Notes
    Total data per day 100 GB Contact support. You can reduce data by setting a cap. If you need more data, you can increase the limit in the portal, up to 1,000 GB. For capacities greater than 1,000 GB, send email to AIDataCap@microsoft.com.
    Throttling 32,000 events/second Contact support. The limit is measured over a minute.
    Data retention logs 30 to 730 days 730 days This resource is for Logs.
    Data retention metrics 90 days 90 days This resource is for Metrics Explorer.
    Maximum telemetry item size 64 KB 64 KB
    Maximum telemetry items per batch 64,000 64,000
    Property and metric name length 150 150 See type schemas.
    Property value string length 8,192 8,192 See type schemas.
    Trace and exception message length 32,768 32,768 See type schemas.
    Availability tests count per app 100 100
    Profiler and Snapshot data retention Two weeks Contact support. Maximum retention limit is six months.
    Profiler data sent per day No limit No limit
    Snapshot data sent per day 30 snapshots per day per monitored app No limit The number of snapshots collected per application can be modified through configuration.

    For more information about pricing and quotas, see Application Insights billing.

    Azure Data Factory limits

    Azure Data Factory is a multitenant service that has the following default limits in place to make sure customer subscriptions are protected from each other's workloads. To raise the limits up to the maximum for your subscription, contact support.

    Version 2

    Resource Default limit Maximum limit
    Total number of entities, such as pipelines, data sets, triggers, linked services, Private Endpoints, and integration runtimes, within a data factory 5,000 Contact support.
    Total CPU cores for Azure-SSIS Integration Runtimes under one subscription 256 Contact support.
    Concurrent pipeline runs per data factory that's shared among all pipelines in the factory 10,000 10,000
    Concurrent External activity runs per subscription per Azure Integration Runtime region
    External activities are managed on integration runtime but execute on linked services, including Databricks, stored procedure, Web, and others. This limit does not apply to Self-hosted IR.
    3,000 3,000
    Concurrent Pipeline activity runs per subscription per Azure Integration Runtime region
    Pipeline activities execute on integration runtime, including Lookup, GetMetadata, and Delete. This limit does not apply to Self-hosted IR.
    1,000 1,000
    Concurrent authoring operations per subscription per Azure Integration Runtime region
    Including test connection, browse folder list and table list, preview data. This limit does not apply to Self-hosted IR.
    200 200
    Concurrent Data Integration Units1 consumption per subscription per Azure Integration Runtime region
    Maximum activities per pipeline, which includes inner activities for containers 40 40
    Maximum number of linked integration runtimes that can be created against a single self-hosted integration runtime 100 Contact support.
    Maximum number of node that can be created against a single self-hosted integration runtime 4 Contact support
    Maximum parameters per pipeline 50 50
    ForEach items 100,000 100,000
    ForEach parallelism 20 50
    Maximum queued runs per pipeline 100 100
    Characters per expression 8,192 8,192
    Minimum tumbling window trigger interval 5 min 15 min
    Maximum timeout for pipeline activity runs 7 days 7 days
    Bytes per object for pipeline objects3 200 KB 200 KB
    Bytes per object for dataset and linked service objects3 100 KB 2,000 KB
    Bytes per payload for each activity run4 896 KB 896 KB
    Data Integration Units1 per copy activity run 256 256
    Write API calls 1,200/h 1,200/h

    This limit is imposed by Azure Resource Manager, not Azure Data Factory.
    Read API calls 12,500/h 12,500/h

    This limit is imposed by Azure Resource Manager, not Azure Data Factory.
    Monitoring queries per minute 1,000 1,000
    Maximum time of data flow debug session 8 hrs 8 hrs
    Concurrent number of data flows per integration runtime 50 Contact support.
    Concurrent number of data flows per integration runtime in managed vNet 20 Contact support.
    Concurrent number of data flow debug sessions per user per factory 3 3
    Data Flow Azure IR TTL limit 4 hrs 4 hrs
    Meta Data Entity Size limit in a factory 2 GB Contact support.

    1 The data integration unit (DIU) is used in a cloud-to-cloud copy operation, learn more from Data integration units (version 2). For information on billing, see Azure Data Factory pricing.

    2 Azure Integration Runtime is globally available to ensure data compliance, efficiency, and reduced network egress costs.

    3 Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Data Factory. Data Factory is designed to scale to handle petabytes of data.

    4 The payload for each activity run includes the activity configuration, the associated dataset(s) and linked service(s) configurations if any, and a small portion of system properties generated per activity type. Limit for this payload size doesn't relate to the amount of data you can move and process with Azure Data Factory. Learn about the symptoms and recommendation if you hit this limit.

    Web service call limits

    Azure Resource Manager has limits for API calls. You can make API calls at a rate within the Azure Resource Manager API limits.

    Azure Policy limits

    There's a maximum count for each object type for Azure Policy. For definitions, an entry of Scope means the management group or subscription. For assignments and exemptions, an entry of Scope means the management group, subscription, resource group, or individual resource.

    Where What Maximum count
    Scope Policy definitions 500
    Scope Initiative definitions 200
    Tenant Initiative definitions 2,500
    Scope Policy or initiative assignments 200
    Scope Exemptions 1000
    Policy definition Parameters 20
    Initiative definition Policies 1000
    Initiative definition Parameters 300
    Policy or initiative assignments Exclusions (notScopes) 400
    Policy rule Nested conditionals 512
    Remediation task Resources 500

    Azure RBAC limits

    The following limits apply to Azure role-based access control (Azure RBAC).

    Resource Limit
    Role assignments for Azure resources per Azure subscription 2,000
    Role assignments for Azure resources per management group 500
    Azure custom roles per tenant 5,000
    Azure custom roles per tenant
    (for Azure China 21Vianet)
    2,000

    Azure SignalR Service limits

    Resource Default limit Maximum limit
    Azure SignalR Service units per instance for Free tier 1 1
    Azure SignalR Service units per instance for Standard tier 100 100
    Azure SignalR Service units per subscription per region for Free tier 5 5
    Total Azure SignalR Service unit counts per subscription per region 150 Unlimited
    Concurrent connections per unit for Free tier 20 20
    Concurrent connections per unit for Standard tier 1,000 1,000
    Included messages per unit per day for Free tier 20,000 20,000
    Additional messages per unit per day for Free tier 0 0
    Included messages per unit per day for Standard tier 1,000,000 1,000,000
    Additional messages per unit per day for Standard tier Unlimited Unlimited

    To request an update to your subscription's default limits, open a support ticket.

    For more information about how connections and messages are counted, see Messages and connections in Azure SignalR Service.

    If your requirements exceed the limits, switch from Free tier to Standard tier and add units. For more information, see How to scale an Azure SignalR Service instance?.

    If your requirements exceed the limits of a single instance, add instances. For more information, see How to scale SignalR Service with multiple instances?.

    Backup limits

    For a summary of Azure Backup support settings and limitations, see Azure Backup Support Matrices.

    Batch limits

    Resource Default limit Maximum limit
    Azure Batch accounts per region per subscription 1-3 50
    Dedicated cores per Batch account 90-900 Contact support
    Active jobs and job schedules per Batch account (completed jobs have no limit) 100-300 1,0001
    Pools per Batch account 20-100 5001

    1To request an increase beyond this limit, contact Azure Support.

    Note

    Default limits vary depending on the type of subscription you use to create a Batch account. Cores quotas shown are for Batch accounts in Batch service mode. View the quotas in your Batch account.

    Important

    To help us better manage capacity during the global health pandemic, the default core quotas for new Batch accounts in some regions and for some types of subscription have been reduced from the above range of values, in some cases to zero cores. When you create a new Batch account, check your core quota and request a core quota increase, if required. Alternatively, consider reusing Batch accounts that already have sufficient quota.

    Classic deployment model limits

    If you use classic deployment model instead of the Azure Resource Manager deployment model, the following limits apply.

    Resource Default limit Maximum limit
    vCPUs per subscription 1 20 10,000
    Coadministrators per subscription 200 200
    Storage accounts per subscription2 100 100
    Cloud services per subscription 20 200
    Local networks per subscription 10 500
    DNS servers per subscription 9 100
    Reserved IPs per subscription 20 100
    Affinity groups per subscription 256 256
    Subscription name length (characters) 64 64

    1Extra small instances count as one vCPU toward the vCPU limit despite using a partial CPU core.

    2The storage account limit includes both Standard and Premium storage accounts.

    Container Instances limits

    Resource Limit
    Standard sku container groups per region per subscription 1001
    Dedicated sku container groups per region per subscription 01
    Number of containers per container group 60
    Number of volumes per container group 20
    Standard sku cores (CPUs) per region per subscription 101,2
    Standard sku cores (CPUs) for V100 GPU per region per subscription 01,2
    Ports per IP 5
    Container instance log size - running instance 4 MB
    Container instance log size - stopped instance 16 KB or 1,000 lines
    Container creates per hour 3001
    Container creates per 5 minutes 1001
    Container deletes per hour 3001
    Container deletes per 5 minutes 1001

    1To request a limit increase, create an Azure Support request. Free subscriptions including Trial Subscription to a Standard Pay-in-Advance Offer subscription.
    2Default limit for Standard Pay-in-Advance Offer subscription. Limit may differ for other category types.

    Container Registry limits

    The following table details the features and limits of the Basic, Standard, and Premium service tiers.

    Resource Basic Standard Premium
    Included storage1 (GiB) 10 100 500
    Storage limit (TiB) 20 20 20
    Maximum image layer size (GiB) 200 200 200
    Maximum manifest size (MiB) 4 4 4
    ReadOps per minute2, 3 1,000 3,000 10,000
    WriteOps per minute2, 4 100 500 2,000
    Download bandwidth2 (Mbps) 30 60 100
    Upload bandwidth 2 (Mbps) 10 20 50
    Webhooks 2 10 500
    Geo-replication N/A N/A Supported
    Availability zones N/A N/A Supported
    Content trust N/A N/A Supported
    Private link with private endpoints N/A N/A Supported
    • Private endpoints N/A N/A 200
    Public IP network rules N/A N/A 100
    Customer-managed keys N/A N/A Supported
    Repository-scoped permissions N/A N/A Preview
    • Tokens N/A N/A 20,000
    • Scope maps N/A N/A 20,000
    • Repositories per scope map N/A N/A 500

    1 Storage included in the daily rate for each tier. Additional storage may be used, up to the registry storage limit, at an additional daily rate per GiB. For rate information, see Azure Container Registry pricing. If you need storage beyond the registry storage limit, please contact Azure Support.

    2ReadOps, WriteOps, and Bandwidth are minimum estimates. Azure Container Registry strives to improve performance as usage requires.

    3A docker pull translates to multiple read operations based on the number of layers in the image, plus the manifest retrieval.

    4A docker push translates to multiple write operations, based on the number of layers that must be pushed. A docker push includes ReadOps to retrieve a manifest for an existing image.

    5 Individual actions of content/delete, content/read, content/write, metadata/read, metadata/write corresponds to the limit of Repositories per scope map.

    Content Delivery Network limits

    Resource Soft limit
    CDN profiles 8
    CDN endpoints per profile 10
    Custom domains per endpoint 10

    Request an update to your subscription's soft limits by opening a support ticket.

    Data Lake Storage limits

    Azure Data Lake Storage Gen2 is not a dedicated service or storage account type. It is the latest release of capabilities that are dedicated to big data analytics. These capabilities are available in a general-purpose v2 or BlockBlobStorage storage account, and you can obtain them by enabling the Hierarchical namespace feature of the account. For scale targets, see these articles.

    Database Migration Service Limits

    Azure Database Migration Service is a fully managed service designed to enable seamless migrations from multiple database sources to Azure data platforms with minimal downtime.

    Resource Limit Comments
    Maximum number of services per subscription, per region 10 To request an increase for this limit, contact support.

    Event Grid limits

    The following limits apply to Azure Event Grid topics (system, custom, and partner topics).

    Note

    These limits are per region.

    Resource Limit
    Custom topics per Azure subscription 100.
    When the limit is reached, you can consider a different region or consider using domains, which can support 100,000 topics.
    Event subscriptions per topic 500
    This limit can't be increased.
    Publish rate for a custom or a partner topic (ingress) 5,000 events/sec or 5 MB/sec (whichever is met first)
    Event size 1 MB
    This limit can't be increased.
    Number of incoming events per batch 5,000
    This limit can't be increased.
    Private endpoint connections per topic 64
    This limit can't be increased.
    IP Firewall rules per topic 16

    The following limits apply to Azure Event Grid domains.

    Resource Limit
    Topics per event domain 100,000
    Event subscriptions per topic within a domain 500
    This limit can't be increased.
    Domain scope event subscriptions 50
    This limit can't be increased.
    Publish rate for an event domain (ingress) 5,000 events/sec or 5 MB/sec (whichever is met first)
    Event Domains per Azure Subscription 100
    Private endpoint connections per domain 64
    IP Firewall rules per domain 16

    Event Hubs limits

    The following tables provide quotas and limits specific to Azure Event Hubs. For information about Event Hubs pricing, see Event Hubs pricing.

    Common limits for all tiers

    The following limits are common across all tiers.

    Limit Notes Value
    Size of an event hub name - 256 characters
    Size of a consumer group name Kafka protocol doesn't require the creation of a consumer group.

    Kafka: 256 characters

    AMQP: 50 characters

    Number of non-epoch receivers per consumer group - 5
    Number of authorization rules per namespace Subsequent requests for authorization rule creation are rejected. 12
    Number of calls to the GetRuntimeInformation method - 50 per second
    Number of virtual networks (VNet) - 128
    Number of IP Config rules - 128
    Maximum length of a schema group name 50
    Maximum length of a schema name 100
    Size in bytes per schema 1 MB
    Number of properties per schema group 1024
    Size in bytes per schema group property key 256
    Size in bytes per schema group property value 1024

    Basic vs. standard vs. dedicated tiers

    The following table shows limits that may be different for basic, standard, and dedicated tiers. In the table CU is capacity unit and TU is throughput unit.

    Limit Basic Standard Dedicated
    Maximum size of Event Hubs publication 256 KB 1 MB 1 MB
    Number of consumer groups per event hub 1 20 No limit per CU, 1000 per event hub
    Number of AMQP connections per namespace 100 5,000 100 K included and max
    Maximum retention period of event data 1 day 1-7 days 90 days, 10 TB included per CU
    Maximum TUs or CUs 20 TUs 20 TUs 20 CUs
    Number of partitions per event hub 32 32 1024 per event hub
    2000 per CU
    Number of namespaces per subscription 100 100 100 (50 per CU)
    Number of event hubs per namespace 10 10 1000
    Ingress events Pay per million events Included
    Capture N/A Pay per hour Included
    Size of the schema registry (namespace) in mega bytes N/A 25 1024
    Number of schema groups in a schema registry or namespace N/A 1 - excluding the default group 1000
    Number of schema versions across all schema groups N/A 25 10000

    Note

    You can publish events individually or batched. The publication limit (according to SKU) applies regardless of whether it is a single event or a batch. Publishing events larger than the maximum threshold will be rejected.

    IoT Hub limits

    The following table lists the limits associated with the different service tiers S1, S2, S3, and F1. For information about the cost of each unit in each tier, see Azure IoT Hub pricing.

    Resource S1 Standard S2 Standard S3 Standard F1 Free
    Messages/day 400,000 6,000,000 300,000,000 8,000
    Maximum units 200 200 10 1

    Note

    If you anticipate using more than 200 units with an S1 or S2 tier hub or 10 units with an S3 tier hub, contact Azure Support.

    The following table lists the limits that apply to IoT Hub resources.

    Resource Limit
    Maximum paid IoT hubs per Azure subscription 50
    Maximum free IoT hubs per Azure subscription 1
    Maximum number of characters in a device ID 128
    Maximum number of device identities
    returned in a single call
    1,000
    IoT Hub message maximum retention for device-to-cloud messages 7 days
    Maximum size of device-to-cloud message 256 KB
    Maximum size of device-to-cloud batch AMQP and HTTP: 256 KB for the entire batch
    MQTT: 256 KB for each message
    Maximum messages in device-to-cloud batch 500
    Maximum size of cloud-to-device message 64 KB
    Maximum TTL for cloud-to-device messages 2 days
    Maximum delivery count for cloud-to-device
    messages
    100
    Maximum cloud-to-device queue depth per device 50
    Maximum delivery count for feedback messages
    in response to a cloud-to-device message
    100
    Maximum TTL for feedback messages in
    response to a cloud-to-device message
    2 days
    Maximum size of device twin 8 KB for tags section, and 32 KB for desired and reported properties sections each
    Maximum length of device twin string key 1 KB
    Maximum length of device twin string value 4 KB
    Maximum depth of object in device twin 10
    Maximum size of direct method payload 128 KB
    Job history maximum retention 30 days
    Maximum concurrent jobs 10 (for S3), 5 for (S2), 1 (for S1)
    Maximum additional endpoints (beyond built-in endpoints) 10 (for S1, S2, and S3)
    Maximum message routing rules 100 (for S1, S2, and S3)
    Maximum number of concurrently connected device streams 50 (for S1, S2, S3, and F1 only)
    Maximum device stream data transfer 300 MB per day (for S1, S2, S3, and F1 only)

    Note

    If you need more than 50 paid IoT hubs in an Azure subscription, contact Azure Support.

    Note

    Currently, the total number of devices plus modules that can be registered to a single IoT hub is capped at 1,000,000. If you want to increase this limit, contact Azure Support.

    IoT Hub throttles requests when the following quotas are exceeded.

    Throttle Per-hub value
    Identity registry operations
    (create, retrieve, list, update, and delete),
    individual or bulk import/export
    83.33/sec/unit (5,000/min/unit) (for S3).
    1.67/sec/unit (100/min/unit) (for S1 and S2).
    Device connections 6,000/sec/unit (for S3), 120/sec/unit (for S2), 12/sec/unit (for S1).
    Minimum of 100/sec.
    Device-to-cloud sends 6,000/sec/unit (for S3), 120/sec/unit (for S2), 12/sec/unit (for S1).
    Minimum of 100/sec.
    Cloud-to-device sends 83.33/sec/unit (5,000/min/unit) (for S3), 1.67/sec/unit (100/min/unit) (for S1 and S2).
    Cloud-to-device receives 833.33/sec/unit (50,000/min/unit) (for S3), 16.67/sec/unit (1,000/min/unit) (for S1 and S2).
    File upload operations 83.33 file upload initiations/sec/unit (5,000/min/unit) (for S3), 1.67 file upload initiations/sec/unit (100/min/unit) (for S1 and S2).
    10 concurrent file uploads per device.
    Direct methods 24 MB/sec/unit (for S3), 480 KB/sec/unit (for S2), 160 KB/sec/unit (for S1).
    Based on 8-KB throttling meter size.
    Device twin reads 500/sec/unit (for S3), Maximum of 100/sec or 10/sec/unit (for S2), 100/sec (for S1)
    Device twin updates 250/sec/unit (for S3), Maximum of 50/sec or 5/sec/unit (for S2), 50/sec (for S1)
    Jobs operations
    (create, update, list, and delete)
    83.33/sec/unit (5,000/min/unit) (for S3), 1.67/sec/unit (100/min/unit) (for S2), 1.67/sec/unit (100/min/unit) (for S1).
    Jobs per-device operation throughput 50/sec/unit (for S3), maximum of 10/sec or 1/sec/unit (for S2), 10/sec (for S1).
    Device stream initiation rate 5 new streams/sec (for S1, S2, S3, and F1 only).

    IoT Hub Device Provisioning Service limits

    Note

    Some areas of this service have adjustable limits. This is represented in the tables below with the Adjustable? column. When the limit can be adjusted, the Adjustable? value is Yes.

    The actual value to which a limit can be adjusted may vary based on each customer�s deployment. Multiple instances of DPS may be required for very large deployments.

    If your business requires raising an adjustable limit or quota above the default limit, you can submit a request for additional resources by opening a support ticket. Requesting an increase does not guarantee that it will be granted, as it needs to be reviewed on a case-by-case basis. Please contact Azure support as early as possible during your implementation, to be able to determine if your request could be approved and plan accordingly.

    The following table lists the limits that apply to Azure IoT Hub Device Provisioning Service resources.

    Resource Limit Adjustable?
    Maximum device provisioning services per Azure subscription 10 Yes
    Maximum number of registrations 1,000,000 Yes
    Maximum number of individual enrollments 1,000,000 Yes
    Maximum number of enrollment groups (X.509 certificate) 100 Yes
    Maximum number of enrollment groups (symmetric key) 100 No
    Maximum number of CAs 25 No
    Maximum number of linked IoT hubs 50 No
    Maximum size of message 96 KB No

    Tip

    If the hard limit on symmetric key enrollment groups is a blocking issue, it is recommended to use individual enrollments as a workaround.

    The Device Provisioning Service has the following rate limits.

    Rate Per-unit value Adjustable?
    Operations 200/min/service Yes
    Device registrations 200/min/service Yes
    Device polling operation 5/10 sec/device No

    Key Vault limits

    Key transactions (maximum transactions allowed in 10 seconds, per vault per region1):

    Key type Software key
    CREATE key
    Software-key
    All other transactions
    RSA 2,048-bit 20 4,000
    RSA 3,072-bit 20 1,000
    RSA 4,096-bit 20 500
    ECC P-256 20 4,000
    ECC P-384 20 4,000
    ECC P-521 20 4,000
    ECC SECP256K1 20 4,000

    Note

    In the previous table, we see that for RSA 2,048-bit software keys, 4,000 GET transactions per 10 seconds are allowed.

    The throttling thresholds are weighted, and enforcement is on their sum. For example, as shown in the previous table, when you perform GET operations on RSA Software-keys, it's eight times more expensive to use 4,096-bit keys compared to 2,048-bit keys. That's because 2,000/250 = 8.

    In a given 10-second interval, an Azure Key Vault client can do only one of the following operations before it encounters a 429 throttling HTTP status code:

    • 4,000 RSA 2,048-bit software-key GET transactions
    • 250 RSA 4,096-bit Software-key GET transactions
    • 249 RSA 4,096-bit Software-key GET transactions and 8 RSA 2,048-bit Software-key GET transactions

    Secrets, managed storage account keys, and vault transactions:

    Transactions type Maximum transactions allowed in 10 seconds, per vault per region1
    All transactions 4,000

    For information on how to handle throttling when these limits are exceeded, see Azure Key Vault throttling guidance.

    1 A subscription-wide limit for all transaction types is five times per key vault limit.

    Backup keys, secrets, certificates

    When you back up a key vault object, such as a secret, key, or certificate, the backup operation will download the object as an encrypted blob. This blob cannot be decrypted outside of Azure. To get usable data from this blob, you must restore the blob into a key vault within the same Azure subscription and Azure geography

    Transactions type Maximum key vault object versions allowed
    Back up individual key, secret, certificate 500

    Note

    Attempting to backup a key, secret, or certificate object with more versions than above limit will result in an error. It is not possible to delete previous versions of a key, secret, or certificate.

    Limits on count of keys, secrets and certificates:

    Key Vault does not restrict the number of keys, secrets or certificates that can be stored in a vault. The transaction limits on the vault should be taken into account to ensure that operations are not throttled.

    Key Vault does not restrict the number of versions on a secret, key or certificate, but storing a large number of versions (500+) can impact the performance of backup operations. See Azure Key Vault Backup.

    Object limits

    Item Limits
    Number of versions per key 100
    Number of role assignments at each individual key scope 10

    Managed identity limits

    • Each managed identity counts towards the object quota limit in an Azure AD tenant as described in Azure AD service limits and restrictions.

    • The rate at which managed identities can be created have the following limits:

      1. Per Azure AD Tenant per Azure region: 200 create operations per 20 seconds.
      2. Per Azure Subscription per Azure region : 40 create operations per 20 seconds.
    • When you create user-assigned managed identities, only alphanumeric characters (0-9, a-z, and A-Z) and the hyphen (-) are supported. For the assignment to a virtual machine or virtual machine scale set to work properly, the name is limited to 24 characters.

    Media Services limits

    Note

    For resources that aren't fixed, open a support ticket to ask for an increase in the quotas. Don't create additional Azure Media Services accounts in an attempt to obtain higher limits.

    Account limits

    Resource Default Limit
    Media Services accounts in a single subscription 100 (fixed)

    Asset limits

    Resource Default Limit
    Assets per Media Services account 1,000,000

    Storage (media) limits

    Resource Default Limit
    File size In some scenarios, there is a limit on the maximum file size supported for processing in Media Services. (1)
    Storage accounts 100(2) (fixed)

    1 The maximum size supported for a single blob is currently up to 5 TB in Azure Blob Storage. Additional limits apply in Media Services based on the VM sizes that are used by the service. The size limit applies to the files that you upload and also the files that get generated as a result of Media Services processing (encoding or analyzing). If your source file is larger than 260-GB, your Job will likely fail.

    2 The storage accounts must be from the same Azure subscription.

    Jobs (encoding & analyzing) limits

    Resource Default Limit
    Jobs per Media Services account 500,000 (3) (fixed)
    Job inputs per Job 50 (fixed)
    Job outputs per Job 20 (fixed)
    Transforms per Media Services account 100 (fixed)
    Transform outputs in a Transform 20 (fixed)
    Files per job input 10 (fixed)

    3 This number includes queued, finished, active, and canceled Jobs. It does not include deleted Jobs.

    Any Job record in your account older than 90 days will be automatically deleted, even if the total number of records is below the maximum quota.

    Live streaming limits

    Resource Default Limit
    Live Events (4) per Media Services account 5
    Live Outputs per Live Event 3 (5)
    Max Live Output duration Size of the DVR window

    4 For detailed information about Live Event limitations, see Live Event types comparison and limitations.

    5 Live Outputs start on creation and stop when deleted.

    Packaging & delivery limits

    Resource Default Limit
    Streaming Endpoints (stopped or running) per Media Services account 2
    Dynamic Manifest Filters 100
    Streaming Policies 100 (6)
    Unique Streaming Locators associated with an Asset at one time 100(7) (fixed)

    6 When using a custom Streaming Policy, you should design a limited set of such policies for your Media Service account, and re-use them for your StreamingLocators whenever the same encryption options and protocols are needed. You should not be creating a new Streaming Policy for each Streaming Locator.

    7 Streaming Locators are not designed for managing per-user access control. To give different access rights to individual users, use Digital Rights Management (DRM) solutions.

    Protection limits

    Resource Default Limit
    Options per Content Key Policy 30
    Licenses per month for each of the DRM types on Media Services key delivery service per account 1,000,000

    Support ticket

    For resources that are not fixed, you may ask for the quotas to be raised, by opening a support ticket. Include detailed information in the request on the desired quota changes, use-case scenarios, and regions required.
    Do not create additional Azure Media Services accounts in an attempt to obtain higher limits.

    Media Services v2 (legacy)

    For limits specific to Media Services v2 (legacy), see Media Services v2 (legacy)

    Mobile Services limits

    TIER: FREE BASIC STANDARD
    API Calls 500 K 1.5 M / unit 15 M / unit
    Active Devices 500 Unlimited Unlimited
    Scale N/A Up to 6 units Unlimited units
    Push Notifications Notification Hubs Free Tier included, up to 1 M pushes Notification Hubs Basic Tier included, up to 10 M pushes Notification Hubs Standard Tier included, up to 10 M pushes
    Real time messaging/
    Web Sockets
    Limited 350 / mobile service Unlimited
    Offline synchronizations Limited Included Included
    Scheduled jobs Limited Included Included
    SQL Database (required)
    Standard rates apply for additional capacity
    20 MB included 20 MB included 20 MB included
    CPU capacity 60 minutes / day Unlimited Unlimited
    Outbound data transfer 165 MB per day (daily Rollover) Included Included

    For additional details on these limits and for information on pricing, see Mobile Services Pricing.

    Multi-Factor Authentication limits

    Resource Default limit Maximum limit
    Maximum number of trusted IP addresses or ranges per subscription 0 50
    Remember my devices, number of days 14 60
    Maximum number of app passwords 0 No limit
    Allow X attempts during MFA call 1 99
    Two-way text message timeout seconds 60 600
    Default one-time bypass seconds 300 1,800
    Lock user account after X consecutive MFA denials Not set 99
    Reset account lockout counter after X minutes Not set 9,999
    Unlock account after X minutes Not set 9,999

    Networking limits

    Networking limits - Azure Resource Manager

    The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.

    Note

    We recently increased all default limits to their maximum limits. If there's no maximum limit column, the resource doesn't have adjustable limits. If you had these limits increased by support in the past and don't see updated limits in the following tables, open an online customer support request at no charge

    Resource Limit
    Virtual networks 1,000
    Subnets per virtual network 3,000
    Virtual network peerings per virtual network 500
    Virtual network gateways (VPN gateways) per virtual network 1
    Virtual network gateways (ExpressRoute gateways) per virtual network 1
    DNS servers per virtual network 20
    Private IP addresses per virtual network 65,536
    Total Private Addresses for a group of Peered Virtual networks 128,000
    Private IP addresses per network interface 256
    Private IP addresses per virtual machine 256
    Public IP addresses per network interface 256
    Public IP addresses per virtual machine 256
    Concurrent TCP or UDP flows per NIC of a virtual machine or role instance 500,000
    Network interface cards 65,536
    Network Security Groups 5,000
    NSG rules per NSG 1,000
    IP addresses and ranges specified for source or destination in a security group 4,000
    Application security groups 3,000
    Application security groups per IP configuration, per NIC 20
    IP configurations per application security group 4,000
    Application security groups that can be specified within all security rules of a network security group 100
    User-defined route tables 200
    User-defined routes per route table 400
    Point-to-site root certificates per Azure VPN Gateway 20
    Point-to-site revoked client certificates per Azure VPN Gateway 300

    Public IP address limits

    Resource Default limit Maximum limit
    Public IP addresses1,2 10 for Basic. Contact support.
    Static Public IP addresses1 10 for Basic. Contact support.
    Standard Public IP addresses1 10 Contact support.
    Public IP addresses per Resource Group 800 Contact support.
    Public IP Prefixes limited by number of Standard Public IPs in a subscription Contact support.
    Public IP prefix length /28 Contact support.

    1Default limits for Public IP addresses vary by offer category type, such as Trial, Standard Pay-in-Advance Offer, CSP. For example, the default for Enterprise Agreement subscriptions is 1000.

    2Public IP addresses limit refers to the total amount of Public IP addresses, including Basic and Standard.

    Load balancer limits

    The following limits apply only for networking resources managed through Azure Resource Manager per region per subscription. Learn how to view your current resource usage against your subscription limits.

    Standard Load Balancer

    Resource Limit
    Load balancers 1,000
    Rules (Load Balancer + Inbound NAT) per resource 1,500
    Rules per NIC (across all IPs on a NIC) 300
    Frontend IP configurations 600
    Backend pool size 1,000 IP configurations, single virtual network
    Backend resources per Load Balancer 1 1,200
    High-availability ports rule 1 per internal frontend
    Outbound rules per Load Balancer 600
    Load Balancers per VM 2 2 (1 Public and 1 internal)

    1 The limit is up to 1,200 resources, in any combination of standalone virtual machine resources, availability set resources, and virtual machine scale-set placement groups.

    2 An exception to this limit is that 2 public load balancers can be in front of a VM if an IPv4 address config is used for one load balancer and IPv6 address config is used for the second.

    Gateway Load Balancer

    Resource Limit
    Resources chained per Load Balancer (LB frontend configurations or VM NIC IP configurations combined) 100

    Basic Load Balancer

    Resource Limit
    Load balancers 1,000
    Rules per resource 250
    Rules per NIC (across all IPs on a NIC) 300
    Frontend IP configurations 3 200
    Backend pool size 300 IP configurations, single availability set
    Availability sets per Load Balancer 1
    Load Balancers per VM 2 (1 Public and 1 internal)

    3 The limit for a single discrete resource in a backend pool (standalone virtual machine, availability set, or virtual machine scale-set placement group) is to have up to 250 Frontend IP configurations across a single Basic Public Load Balancer and Basic Internal Load Balancer.

    The following limits apply only for networking resources managed through the classic deployment model per subscription. Learn how to view your current resource usage against your subscription limits.

    Resource Default limit Maximum limit
    Virtual networks 100 100
    Local network sites 20 50
    DNS servers per virtual network 20 20
    Private IP addresses per virtual network 4,096 4,096
    Concurrent TCP or UDP flows per NIC of a virtual machine or role instance 500,000, up to 1,000,000 for two or more NICs. 500,000, up to 1,000,000 for two or more NICs.
    Network Security Groups (NSGs) 200 200
    NSG rules per NSG 200 1,000
    User-defined route tables 200 200
    User-defined routes per route table 400 400
    Public IP addresses (dynamic) 500 500
    Reserved public IP addresses 500 500
    Public IP per deployment 5 Contact support
    Private IP (internal load balancing) per deployment 1 1
    Endpoint access control lists (ACLs) 50 50

    Application Gateway limits

    The following table applies to v1, v2, Standard, and WAF SKUs unless otherwise stated.

    Resource Limit Note
    Azure Application Gateway 1,000 per subscription
    Front-end IP configurations 2 1 public and 1 private
    Front-end ports 1001
    Back-end address pools 1001
    Back-end servers per pool 1,200
    HTTP listeners 2001 Limited to 100 active listeners that are routing traffic. Active listeners = total number of listeners - listeners not active.
    If a default configuration inside a routing rule is set to route traffic (for example, it has a listener, a backend pool, and HTTP settings) then that also counts as a listener. See Frequently asked questions about Application Gateway for additional details.
    HTTP load-balancing rules 4001
    Back-end HTTP settings 1001
    Instances per gateway V1 SKU - 32
    V2 SKU - 125
    SSL certificates 1001 1 per HTTP listener
    Maximum SSL certificate size V1 SKU - 10 KB
    V2 SKU - 16 KB
    Authentication certificates 100
    Trusted root certificates 100
    Request timeout minimum 1 second
    Request timeout maximum to private backend 24 hours
    Request timeout maximum to external backend 4 minutes
    Number of sites 1001 1 per HTTP listener
    URL maps per listener 1
    Maximum path-based rules per URL map 100
    Redirect configurations 1001
    Number of rewrite rule sets 400
    Number of Header or URL configuration per rewrite rule set 40
    Number of conditions per rewrite rule set 40
    Concurrent WebSocket connections Medium gateways 20k2
    Large gateways 50k2
    Maximum URL length 32KB
    Maximum header size 32KB
    Maximum header field size for HTTP/2 8KB
    Maximum header size for HTTP/2 16KB
    Maximum file upload size (Standard SKU) V2 - 4 GB
    V1 - 2GB
    Maximum file upload size (WAF SKU) V1 Medium - 100 MB
    V1 Large - 500 MB
    V2 - 750 MB
    V2 (with CRS 3.2 or newer) - 4GB3
    WAF body size limit (without files) V1 or V2 (with CRS 3.1 and older) - 128KB
    V2 (with CRS 3.2 or newer) - 2MB3
    Maximum WAF custom rules 100
    Maximum WAF exclusions per Application Gateway 40

    1 In case of WAF-enabled SKUs, you must limit the number of resources to 40.

    2 Limit is per Application Gateway instance not per Application Gateway resource.

    3 Must define the value via WAF Policy for Application Gateway

    Azure Bastion limits

    Resource Limit
    Concurrent RDP connections 25*
    Concurrent SSH connections 50**

    *May vary due to other on-going RDP sessions or other on-going SSH sessions.
    **May vary if there are existing RDP connections or usage from other on-going SSH sessions.

    Azure DNS limits

    Public DNS zones

    Resource Limit
    Public DNS Zones per subscription 250 1
    Record sets per public DNS zone 10,000 1
    Records per record set in public DNS zone 20
    Number of Alias records for a single Azure resource 20

    1If you need to increase these limits, contact Azure Support.

    Private DNS zones

    Resource Limit
    Private DNS zones per subscription 1000
    Record sets per private DNS zone 25000
    Records per record set for private DNS zones 20
    Virtual Network Links per private DNS zone 1000
    Virtual Networks Links per private DNS zones with auto-registration enabled 100
    Number of private DNS zones a virtual network can get linked to with auto-registration enabled 1
    Number of private DNS zones a virtual network can get linked 1000
    Number of DNS queries a virtual machine can send to Azure DNS resolver, per second 1000 1
    Maximum number of DNS queries queued (pending response) per virtual machine 200 1

    1These limits are applied to every individual virtual machine and not at the virtual network level. DNS queries exceeding these limits are dropped.

    Azure Firewall limits

    Resource Limit
    Data throughput 30 Gbps
    Rule limits 10,000 unique source/destinations in network rules
    Maximum DNAT rules 298 for a single public IP address.
    Any additional public IP addresses contribute to the available SNAT ports, but reduce the number of the available DNAT rules. For example, two public IP addresses allow for 297 DNAT rules. If a rule's protocol is configured for both TCP and UDP, it counts as two rules.
    Minimum AzureFirewallSubnet size /26
    Port range in network and application rules 1 - 65535
    Public IP addresses 250 maximum. All public IP addresses can be used in DNAT rules and they all contribute to available SNAT ports.
    IP addresses in IP Groups Maximum of 100 IP Groups per firewall.
    Maximum 5000 individual IP addresses or IP prefixes per each IP Group.
    Route table By default, AzureFirewallSubnet has a 0.0.0.0/0 route with the NextHopType value set to Internet.

    Azure Firewall must have direct Internet connectivity. If your AzureFirewallSubnet learns a default route to your on-premises network via BGP, you must override that with a 0.0.0.0/0 UDR with the NextHopType value set as Internet to maintain direct Internet connectivity. By default, Azure Firewall doesn't support forced tunneling to an on-premises network.

    However, if your configuration requires forced tunneling to an on-premises network, Microsoft will support it on a case by case basis. Contact Support so that we can review your case. If accepted, we'll allow your subscription and ensure the required firewall Internet connectivity is maintained.
    FQDNs in network rules For good performance, do not exceed more than 1000 FQDNs across all network rules per firewall.

    Azure Route Server limits

    Resource Limit
    Number of BGP peers supported 8
    Number of routes each BGP peer can advertise to Azure Route Server 1 1000
    Number of routes that Azure Route Server can advertise to ExpressRoute or VPN gateway 200
    Number of VMs in the virtual network (including peered virtual networks) that Azure Route Server can support 2 2000

    1 If your NVA advertises more routes than the limit, the BGP session will get dropped. In the event BGP session is dropped between the gateway and Azure Route Server, you'll lose connectivity from your on-premises network to Azure.

    2 The number of VMs that Azure Route Server can support isn't a hard limit, and it depends on how the Route Server infrastructure is deployed within an Azure Region.

    ExpressRoute limits

    Resource Limit
    ExpressRoute circuits per subscription 50
    ExpressRoute circuits per region per subscription, with Azure Resource Manager 10
    Maximum number of IPv4 routes advertised to Azure private peering with ExpressRoute Standard 4,000
    Maximum number of IPv4 routes advertised to Azure private peering with ExpressRoute Premium add-on 10,000
    Maximum number of IPv6 routes advertised to Azure private peering with ExpressRoute Standard 100
    Maximum number of IPv6 routes advertised to Azure private peering with ExpressRoute Premium add-on 100
    Maximum number of IPv4 routes advertised from Azure private peering from the VNet address space for an ExpressRoute connection 1,000
    Maximum number of IPv6 routes advertised from Azure private peering from the VNet address space for an ExpressRoute connection 1,000
    Maximum number of routes advertised to Microsoft peering with ExpressRoute Standard 200
    Maximum number of routes advertised to Microsoft peering with ExpressRoute Premium add-on 200
    Maximum number of ExpressRoute circuits linked to the same virtual network in the same peering location 4
    Maximum number of ExpressRoute circuits linked to the same virtual network in different peering locations 16 (For more information, see Gateway SKU.)
    Number of virtual network links allowed per ExpressRoute circuit See the Number of virtual networks per ExpressRoute circuit table.

    Number of virtual networks per ExpressRoute circuit

    Circuit size Number of virtual network links for Standard Number of virtual network links with Premium add-on
    50 Mbps 10 20
    100 Mbps 10 25
    200 Mbps 10 25
    500 Mbps 10 40
    1 Gbps 10 50
    2 Gbps 10 60
    5 Gbps 10 75
    10 Gbps 10 100
    40 Gbps* 10 100
    100 Gbps* 10 100

    *100 Gbps ExpressRoute Direct Only

    Note

    Global Reach connections count against the limit of virtual network connections per ExpressRoute Circuit. For example, a 10 Gbps Premium Circuit would allow for 5 Global Reach connections and 95 connections to the ExpressRoute Gateways or 95 Global Reach connections and 5 connections to the ExpressRoute Gateways or any other combination up to the limit of 100 connections for the circuit.

    NAT Gateway limits

    Resource Limit
    Public IP addresses 16 per NAT gateway

    Network Watcher limits

    Resource Limit Note
    Azure Network Watcher 1 per region Network Watcher is created to enable access to the service. Only one instance of Network Watcher is required per subscription per region.
    Packet capture sessions 10,000 per region Number of sessions only, not saved captures.

    The following limits apply to Azure private link:

    Resource Limit
    Number of private endpoints per virtual network 1000
    Number of private endpoints per subscription      64000
    Number of private link services per subscription       800
    Number of IP Configurations on a private link service    8 (This number is for the NAT IP addresses used per PLS)
    Number of private endpoints on the same private link service  1000
    Number of private endpoints per key vault 64
    Number of key vaults with private endpoints per subscription 400
    Number of private DNS zone groups that can be linked to a private endpoint 1
    Number of DNS zones in each group 5

    Traffic Manager limits

    Resource Default limit
    Profiles per subscription 2001
    Endpoints per profile 200

    1If you need to increase these limits, contact Azure Support.

    Virtual Network Gateway limits

    Resource Limit
    VNet Address Prefixes 600 per VPN gateway
    Aggregate BGP routes 4,000 per VPN gateway
    Local Network Gateway address prefixes 1000 per local network gateway
    S2S connections Depends on the gateway SKU
    P2S connections Depends on the gateway SKU
    P2S route limit - IKEv2 256 for non-Windows / 25 for Windows
    P2S route limit - OpenVPN 1000
    Max. flows 100K for VpnGw1/AZ / 512K for VpnGw2-4/AZ

    Virtual WAN limits

    Resource Limit
    Virtual WAN hubs per region 1
    Virtual WAN hubs per virtual wan Azure regions
    VPN (branch) connections per hub 1,000
    Aggregate throughput per Virtual WAN Site-to-site VPN gateway 20 Gbps
    Throughput per Virtual WAN VPN connection (2 tunnels) 2 Gbps with 1 Gbps/IPsec tunnel
    Point-to-Site users per hub 10,000
    Aggregate throughput per Virtual WAN User VPN (Point-to-site) gateway 20 Gbps
    Aggregate throughput per Virtual WAN ExpressRoute gateway 20 Gbps
    ExpressRoute Circuit connections per hub 8
    VNet connections per hub 500 minus total number of hubs in Virtual WAN
    Aggregate throughput per Virtual WAN Hub Router 50 Gbps for VNet to VNet transit
    VM workload across all VNets connected to a single Virtual WAN hub 2000

    Notification Hubs limits

    Tier Free Basic Standard
    Included pushes 1 million 10 million 10 million
    Active devices 500 200,000 10 million
    Tag quota per installation or registration 60 60 60

    For more information on limits and pricing, see Notification Hubs pricing.

    Service Bus limits

    The following table lists quota information specific to Azure Service Bus messaging. For information about pricing and other quotas for Service Bus, see Service Bus pricing.

    Quota name Scope Value Notes
    Maximum number of namespaces per Azure subscription Namespace 1000 (default and maximum) Subsequent requests for additional namespaces are rejected.
    Queue or topic size Entity

    1, 2, 3, 4 GB or 5 GB

    In the Premium SKU, and the Standard SKU with partitioning enabled, the maximum queue or topic size is 80 GB.

    Total size limit for a premium namespace is 1 TB per messaging unit. Total size of all entities in a namespace can't exceed this limit.

    Defined upon creation/updation of the queue or topic.

    Subsequent incoming messages are rejected, and an exception is received by the calling code.
    Number of concurrent connections on a namespace Namespace Net Messaging: 1,000.

    AMQP: 5,000.
    Subsequent requests for additional connections are rejected, and an exception is received by the calling code. REST operations don't count toward concurrent TCP connections.
    Number of concurrent receive requests on a queue, topic, or subscription entity Entity 5,000 Subsequent receive requests are rejected, and an exception is received by the calling code. This quota applies to the combined number of concurrent receive operations across all subscriptions on a topic.
    Number of topics or queues per namespace Namespace 10,000 for the Basic or Standard tier. The total number of topics and queues in a namespace must be less than or equal to 10,000.

    For the Premium tier, 1,000 per messaging unit (MU).
    Subsequent requests for creation of a new topic or queue on the namespace are rejected. As a result, if configured through the Azure portal, an error message is generated. If called from the management API, an exception is received by the calling code.
    Number of partitioned topics or queues per namespace Namespace Basic and Standard tiers: 100.

    Partitioned entities aren't supported in the Premium tier.

    Each partitioned queue or topic counts toward the quota of 1,000 entities per namespace.
    Subsequent requests for creation of a new partitioned topic or queue in the namespace are rejected. As a result, if configured through the Azure portal, an error message is generated. If called from the management API, the exception QuotaExceededException is received by the calling code.

    If you want to have more partitioned entities in a basic or a standard tier namespace, create additional namespaces.

    Maximum size of any messaging entity path: queue or topic Entity - 260 characters.
    Maximum size of any messaging entity name: namespace, subscription, or subscription rule Entity - 50 characters.
    Maximum size of a message ID Entity - 128
    Maximum size of a message session ID Entity - 128
    Message size for a queue, topic, or subscription entity Entity Incoming messages that exceed these quotas are rejected, and an exception is received by the calling code. 256 KB for Standard tier
    100 MB for Premium tier.

    The message size includes the size of properties (system and user) and the size of payload. The size of system properties varies depending on your scenario.
    Message property size for a queue, topic, or subscription entity Entity The exception SerializationException is generated.

    Maximum message property size for each property is 32 KB.

    Cumulative size of all properties can't exceed 64 KB. This limit applies to the entire header of the brokered message, which has both user properties and system properties, such as sequence number, label, and message ID.

    Maximum number of header properties in property bag: byte/int.MaxValue.

    Number of subscriptions per topic Entity Subsequent requests for creating additional subscriptions for the topic are rejected. As a result, if configured through the portal, an error message is shown. If called from the management API, an exception is received by the calling code. 2,000 per-topic for the Standard tier and Premium tier.
    Number of SQL filters per topic Entity Subsequent requests for creation of additional filters on the topic are rejected, and an exception is received by the calling code. 2,000
    Number of correlation filters per topic Entity Subsequent requests for creation of additional filters on the topic are rejected, and an exception is received by the calling code. 100,000
    Size of SQL filters or actions Namespace Subsequent requests for creation of additional filters are rejected, and an exception is received by the calling code. Maximum length of filter condition string: 1,024 (1 K).

    Maximum length of rule action string: 1,024 (1 K).

    Maximum number of expressions per rule action: 32.
    Number of shared access authorization rules per namespace, queue, or topic Entity, namespace Subsequent requests for creation of additional rules are rejected, and an exception is received by the calling code. Maximum number of rules per entity type: 12.

    Rules that are configured on a Service Bus namespace apply to all types: queues, topics.
    Number of messages per transaction Transaction Additional incoming messages are rejected, and an exception stating "Can't send more than 100 messages in a single transaction" is received by the calling code. 100

    For both Send() and SendAsync() operations.
    Number of virtual network and IP filter rules Namespace   128

    Site Recovery limits

    The following limits apply to Azure Site Recovery:

    LIMIT IDENTIFIER DEFAULT LIMIT
    Number of vaults per subscription 500
    Number of servers per Azure vault 250
    Number of protection groups per Azure vault No limit
    Number of recovery plans per Azure vault No limit
    Number of servers per protection group No limit
    Number of servers per recovery plan 50

    SQL Database limits

    For SQL Database limits, see SQL Database resource limits for single databases, SQL Database resource limits for elastic pools and pooled databases, and SQL Database resource limits for SQL Managed Instance.

    The maximum number of private endpoints per Azure SQL Database logical server is 250.

    Azure Synapse Analytics limits

    Azure Synapse Analytics has the following default limits to ensure customer's subscriptions are protected from each other's workloads. To raise the limits to the maximum for your subscription, contact support.

    Synapse Workspace Limits

    Resource Default limit Maximum limit
    Synapse workspaces in an Azure subscription 2 2

    Synapse Pipeline Limits

    Resource Default limit Maximum limit
    Synapse pipelines in a Synapse workspace 800 800
    Total number of entities, such as pipelines, data sets, triggers, linked services, Private Endpoints, and integration runtimes, within a workspace 5,000 Contact support.
    Total CPU cores for Azure-SSIS Integration Runtimes under one workspace 256 Contact support.
    Concurrent pipeline runs per workspace that's shared among all pipelines in the workspace 10,000 10,000
    Concurrent External activity runs per workspace per Azure Integration Runtime region
    External activities are managed on integration runtime but execute on linked services, including Databricks, stored procedure, HDInsight, Web, and others. This limit does not apply to Self-hosted IR.
    3,000 3,000
    Concurrent Pipeline activity runs per workspace per Azure Integration Runtime region
    Pipeline activities execute on integration runtime, including Lookup, GetMetadata, and Delete. This limit does not apply to Self-hosted IR.
    1,000 1,000
    Concurrent authoring operations per workspace per Azure Integration Runtime region
    Including test connection, browse folder list and table list, preview data. This limit does not apply to Self-hosted IR.
    200 200
    Concurrent Data Integration Units1 consumption per workspace per Azure Integration Runtime region
    Maximum activities per pipeline, which includes inner activities for containers 40 40
    Maximum number of linked integration runtimes that can be created against a single self-hosted integration runtime 100 Contact support.
    Maximum parameters per pipeline 50 50
    ForEach items 100,000 100,000
    ForEach parallelism 20 50
    Maximum queued runs per pipeline 100 100
    Characters per expression 8,192 8,192
    Minimum tumbling window trigger interval 5 min 15 min
    Maximum timeout for pipeline activity runs 7 days 7 days
    Bytes per object for pipeline objects3 200 KB 200 KB
    Bytes per object for dataset and linked service objects3 100 KB 2,000 KB
    Bytes per payload for each activity run4 896 KB 896 KB
    Data Integration Units1 per copy activity run 256 256
    Write API calls 1,200/h 1,200/h

    This limit is imposed by Azure Resource Manager, not Azure Synapse Analytics.
    Read API calls 12,500/h 12,500/h

    This limit is imposed by Azure Resource Manager, not Azure Synapse Analytics.
    Monitoring queries per minute 1,000 1,000
    Maximum time of data flow debug session 8 hrs 8 hrs
    Concurrent number of data flows per integration runtime 50 Contact support.
    Concurrent number of data flows per integration runtime in managed vNet 20 Contact support.
    Concurrent number of data flow debug sessions per user per workspace 3 3
    Data Flow Azure IR TTL limit 4 hrs 4 hrs
    Meta Data Entity Size limit in a workspace 2 GB Contact support.

    1 The data integration unit (DIU) is used in a cloud-to-cloud copy operation, learn more from Data integration units (version 2). For information on billing, see Azure Synapse Analytics Pricing.

    2 Azure Integration Runtime is globally available to ensure data compliance, efficiency, and reduced network egress costs.

    3 Pipeline, data set, and linked service objects represent a logical grouping of your workload. Limits for these objects don't relate to the amount of data you can move and process with Azure Synapse Analytics. Synapse Analytics is designed to scale to handle petabytes of data.

    4 The payload for each activity run includes the activity configuration, the associated dataset(s) and linked service(s) configurations if any, and a small portion of system properties generated per activity type. Limit for this payload size doesn't relate to the amount of data you can move and process with Azure Synapse Analytics. Learn about the symptoms and recommendation if you hit this limit.

    Dedicated SQL pool limits

    For details of capacity limits for dedicated SQL pools in Azure Synapse Analytics, see dedicated SQL pool resource limits.

    Web service call limits

    Azure Resource Manager has limits for API calls. You can make API calls at a rate within the Azure Resource Manager API limits.

    Azure Files and Azure File Sync

    To learn more about the limits for Azure Files and File Sync, see Azure Files scalability and performance targets.

    Storage limits

    The following table describes default limits for Azure general-purpose v2 (GPv2), general-purpose v1 (GPv1), and Blob storage accounts. The ingress limit refers to all data that is sent to a storage account. The egress limit refers to all data that is received from a storage account.

    Azure recommends that you use a GPv2 storage account for most scenarios. You can easily upgrade a GPv1 or a Blob storage account to a GPv2 account with no downtime and without the need to copy data. For more information, see Upgrade to a GPv2 storage account.

    Resource Limit
    Number of storage accounts per region per subscription, including standard, and premium storage accounts. 250
    Default maximum storage account capacity 5 PiB 1
    Maximum number of blob containers, blobs, file shares, tables, queues, entities, or messages per storage account. No limit
    Default maximum request rate per storage account 20,000 requests per second1
    Default maximum ingress per general-purpose v2 and Blob storage account 25 Gbps1
    Default maximum ingress for general-purpose v1 storage accounts 10 Gbps1
    Default maximum egress for general-purpose v2 and Blob storage accounts 50 Gbps1
    Maximum number of IP address rules per storage account 200
    Maximum number of virtual network rules per storage account 200
    Maximum number of resource instance rules per storage account 200
    Maximum number of private endpoints per storage account 200

    1 Azure Storage standard accounts support higher capacity limits and higher limits for ingress and egress by request. To request an increase in account limits, contact Azure Support.

    For more information on limits for standard storage accounts, see Scalability targets for standard storage accounts.

    Storage resource provider limits

    The following limits apply only when you perform management operations by using Azure Resource Manager with Azure Storage.

    Resource Limit
    Storage account management operations (read) 800 per 5 minutes
    Storage account management operations (write) 10 per second / 1200 per hour
    Storage account management operations (list) 100 per 5 minutes

    Azure Blob storage limits

    Resource Target
    Maximum size of single blob container Same as maximum storage account capacity
    Maximum number of blocks in a block blob or append blob 50,000 blocks
    Maximum size of a block in a block blob 4000 MiB
    Maximum size of a block blob 50,000 X 4000 MiB (approximately 190.7 TiB)
    Maximum size of a block in an append blob 4 MiB
    Maximum size of an append blob 50,000 x 4 MiB (approximately 195 GiB)
    Maximum size of a page blob 8 TiB2
    Maximum number of stored access policies per blob container 5
    Target request rate for a single blob Up to 500 requests per second
    Target throughput for a single page blob Up to 60 MiB per second2
    Target throughput for a single block blob Up to storage account ingress/egress limits1

    1 Throughput for a single blob depends on several factors, including, but not limited to: concurrency, request size, performance tier, speed of source for uploads, and destination for downloads. Specifically, call the Put Blob or Put Block operation with a blob or block size that is greater than 4 MiB for standard storage accounts. For premium block blob or for Data Lake Storage Gen2 storage accounts, use a block or blob size that is greater than 256 KiB.

    2 Page blobs are not yet supported in accounts that have the Hierarchical namespace setting on them.

    The following table describes the maximum block and blob sizes permitted by service version.

    Service version Maximum block size (via Put Block) Maximum blob size (via Put Block List) Maximum blob size via single write operation (via Put Blob)
    Version 2019-12-12 and later 4000 MiB Approximately 190.7 TiB (4000 MiB X 50,000 blocks) 5000 MiB (preview)
    Version 2016-05-31 through version 2019-07-07 100 MiB Approximately 4.75 TiB (100 MiB X 50,000 blocks) 256 MiB
    Versions prior to 2016-05-31 4 MiB Approximately 195 GiB (4 MiB X 50,000 blocks) 64 MiB

    Azure Queue storage limits

    Resource Target
    Maximum size of a single queue 500 TiB
    Maximum size of a message in a queue 64 KiB
    Maximum number of stored access policies per queue 5
    Maximum request rate per storage account 20,000 messages per second, which assumes a 1-KiB message size
    Target throughput for a single queue (1-KiB messages) Up to 2,000 messages per second

    Azure Table storage limits

    The following table describes capacity, scalability, and performance targets for Table storage.

    Resource Target
    Number of tables in an Azure storage account Limited only by the capacity of the storage account
    Number of partitions in a table Limited only by the capacity of the storage account
    Number of entities in a partition Limited only by the capacity of the storage account
    Maximum size of a single table 500 TiB
    Maximum size of a single entity, including all property values 1 MiB
    Maximum number of properties in a table entity 255 (including the three system properties, PartitionKey, RowKey, and Timestamp)
    Maximum total size of an individual property in an entity Varies by property type. For more information, see Property Types in Understanding the Table Service Data Model.
    Size of the PartitionKey A string up to 1 KiB in size
    Size of the RowKey A string up to 1 KiB in size
    Size of an entity group transaction A transaction can include at most 100 entities and the payload must be less than 4 MiB in size. An entity group transaction can include an update to an entity only once.
    Maximum number of stored access policies per table 5
    Maximum request rate per storage account 20,000 transactions per second, which assumes a 1-KiB entity size
    Target throughput for a single table partition (1 KiB-entities) Up to 2,000 entities per second

    Virtual machine disk limits

    You can attach a number of data disks to an Azure virtual machine (VM). Based on the scalability and performance targets for a VM's data disks, you can determine the number and type of disk that you need to meet your performance and capacity requirements.

    Important

    For optimal performance, limit the number of highly utilized disks attached to the virtual machine to avoid possible throttling. If all attached disks aren't highly utilized at the same time, the virtual machine can support a larger number of disks.

    For Azure managed disks:

    The following table illustrates the default and maximum limits of the number of resources per region per subscription. The limits remain the same irrespective of disks encrypted with either platform-managed keys or customer-managed keys. There is no limit for the number of Managed Disks, snapshots and images per resource group.

    Resource Limit
    Standard managed disks 50,000
    Standard SSD managed disks 50,000
    Premium managed disks 50,000
    Standard_LRS snapshots1 75,000
    Standard_ZRS snapshots1 75,000
    Managed image 50,000

    1An individual disk can have 500 incremental snapshots.

    For standard storage accounts:

    A Standard storage account has a maximum total request rate of 20,000 IOPS. The total IOPS across all of your virtual machine disks in a Standard storage account should not exceed this limit.

    For unmanaged disks, you can roughly calculate the number of highly utilized disks supported by a single standard storage account based on the request rate limit. For example, for a Basic tier VM, the maximum number of highly utilized disks is about 66, which is 20,000/300 IOPS per disk. The maximum number of highly utilized disks for a Standard tier VM is about 40, which is 20,000/500 IOPS per disk.

    For premium storage accounts:

    A premium storage account has a maximum total throughput rate of 50 Gbps. The total throughput across all of your VM disks should not exceed this limit.

    For more information, see Virtual machine sizes.

    Disk encryption sets

    There's a limitation of 1000 disk encryption sets per region, per subscription. For more information, see the encryption documentation for Linux or Windows virtual machines. If you need to increase the quota, contact Azure support.

    Managed virtual machine disks

    Standard HDD managed disks

    Standard Disk Type S4 S6 S10 S15 S20 S30 S40 S50 S60 S70 S80
    Disk size in GiB 32 64 128 256 512 1,024 2,048 4,096 8,192 16,384 32,767
    IOPS per disk Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 1,300 Up to 2,000 Up to 2,000
    Throughput per disk Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 300 MB/sec Up to 500 MB/sec Up to 500 MB/sec

    Standard SSD managed disks

    Standard SSD sizes E1 E2 E3 E4 E6 E10 E15 E20 E30 E40 E50 E60 E70 E80
    Disk size in GiB 4 8 16 32 64 128 256 512 1,024 2,048 4,096 8,192 16,384 32,767
    IOPS per disk Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 500 Up to 2,000 Up to 4,000 Up to 6,000
    Throughput per disk Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 60 MB/sec Up to 400 MB/sec Up to 600 MB/sec Up to 750 MB/sec
    Max burst IOPS per disk 600 600 600 600 600 600 600 600 1000
    Max burst throughput per disk 150 MB/sec 150 MB/sec 150 MB/sec 150 MB/sec 150 MB/sec 150 MB/sec 150 MB/sec 150 MB/sec 250 MB/sec
    Max burst duration 30 min 30 min 30 min 30 min 30 min 30 min 30 min 30 min 30 min

    Premium SSD managed disks: Per-disk limits

    Premium SSD sizes  P1 P2 P3 P4 P6 P10 P15 P20 P30 P40 P50 P60 P70 P80
    Disk size in GiB 4 8 16 32 64 128 256 512 1,024 2,048 4,096 8,192 16,384 32,767
    Provisioned IOPS per disk 120 120 120 120 240 500 1,100 2,300 5,000 7,500 7,500 16,000 18,000 20,000
    Provisioned Throughput per disk 25 MB/sec 25 MB/sec 25 MB/sec 25 MB/sec 50 MB/sec 100 MB/sec 125 MB/sec 150 MB/sec 200 MB/sec 250 MB/sec 250 MB/sec 500 MB/sec 750 MB/sec 900 MB/sec
    Max burst IOPS per disk 3,500 3,500 3,500 3,500 3,500 3,500 3,500 3,500 30,000* 30,000* 30,000* 30,000* 30,000* 30,000*
    Max burst throughput per disk 170 MB/sec 170 MB/sec 170 MB/sec 170 MB/sec 170 MB/sec 170 MB/sec 170 MB/sec 170 MB/sec 1,000 MB/sec* 1,000 MB/sec* 1,000 MB/sec* 1,000 MB/sec* 1,000 MB/sec* 1,000 MB/sec*
    Max burst duration 30 min 30 min 30 min 30 min 30 min 30 min 30 min 30 min Unlimited* Unlimited* Unlimited* Unlimited* Unlimited* Unlimited*
    Eligible for reservation No No No No No No No No Yes, up to one year Yes, up to one year Yes, up to one year Yes, up to one year Yes, up to one year Yes, up to one year

    *Applies only to disks with on-demand bursting enabled.

    Unmanaged virtual machine disks

    Standard unmanaged virtual machine disks: Per-disk limits

    VM tier Basic tier VM Standard tier VM
    Disk size 4,095 GB 4,095 GB
    Maximum 8-KB IOPS per persistent disk 300 500
    Maximum number of disks that perform the maximum IOPS 66 40

    Premium unmanaged virtual machine disks: Per-account limits

    Resource Limit
    Total disk capacity per account 35 TB
    Total snapshot capacity per account 10 TB
    Maximum bandwidth per account (ingress + egress)1 <=50 Gbps

    1Ingress refers to all data from requests that are sent to a storage account. Egress refers to all data from responses that are received from a storage account.

    Premium unmanaged virtual machine disks: Per-disk limits

    Premium storage disk type P10 P20 P30 P40 P50
    Disk size 128 GiB 512 GiB 1,024 GiB (1 TB) 2,048 GiB (2 TB) 4,095 GiB (4 TB)
    Maximum IOPS per disk 500 2,300 5,000 7,500 7,500
    Maximum throughput per disk 100 MB/sec 150 MB/sec 200 MB/sec 250 MB/sec 250 MB/sec
    Maximum number of disks per storage account 280 70 35 17 8

    StorSimple System limits

    Limit identifier Limit Comments
    Maximum number of storage account credentials 64
    Maximum number of volume containers 64
    Maximum number of volumes 255
    Maximum number of schedules per bandwidth template 168 A schedule for every hour, every day of the week (24*7).
    Maximum size of a volume 64 TB
    Maximum number of iSCSI connections 512
    Maximum number of iSCSI connections from initiators 512
    Maximum number of access control records per device 64
    Maximum number of volumes per backup policy 24
    Maximum number of backups retained per backup policy 64
    Maximum number of schedules per backup policy 10
    Maximum number of snapshots of any type that can be retained per volume 256 This includes local snapshots and cloud snapshots.
    Maximum number of snapshots that can be present in any device 10,000
    Maximum number of volumes that can be processed in parallel for backup, restore, or clone 16
    • If there are more than 16 volumes, they will be processed sequentially as processing slots become available.
    • New backups of a cloned or a restored volume cannot occur until the operation is finished.
    Restore and clone recover time < 2 minutes
    • The volume is made available within 2 minutes of restore or clone operation, regardless of the volume size.
    • The volume performance may initially be slower than normal as most of the data and metadata still resides in the cloud. Performance may increase as data flows from the cloud to the StorSimple device.
    • The total time to download metadata depends on the allocated volume size. Metadata is automatically brought into the device in the background at the rate of 5 minutes per TB of allocated volume data. This rate may be affected by Internet bandwidth to the cloud.
    • The restore or clone operation is complete when all the metadata is on the device.
    • Backup operations cannot be performed until the restore or clone operation is fully complete.
    Thin-restore availability Last failover
    Maximum client read/write throughput (when served from the SSD tier)* 920/720 MB/s with a single 10GbE network interface Up to 2x with MPIO and two network interfaces.
    Maximum client read/write throughput (when served from the HDD tier)* 120/250 MB/s
    Maximum client read/write throughput (when served from the cloud tier)* 11/41 MB/s Read throughput depends on clients generating and maintaining sufficient I/O queue depth.

    * Maximum throughput per I/O type was measured with 100 percent read and 100 percent write scenarios. Actual throughput may be lower and depends on I/O mix and network conditions.

    Stream Analytics limits


    Limit identifier Limit Comments
    Maximum number of Streaming Units per subscription per region 200 A request to increase streaming units for your subscription beyond 200 can be made by contacting Microsoft Support.
    Maximum number of inputs per job 60 There is a hard limit of 60 inputs per Stream Analytics job.
    Maximum number of outputs per job 60 There is a hard limit of 60 outputs per Stream Analytics job.
    Maximum number of functions per job 60 There is a hard limit of 60 functions per Stream Analytics job.
    Maximum number of Streaming Units per job 120 There is a hard limit of 120 Streaming Units per Stream Analytics job.
    Maximum number of jobs per region 1500 Each subscription may have up to 1500 jobs per geographical region.
    Reference data blob MB 100 Reference data blobs cannot be larger than 100 MB each.

    Virtual Machines limits

    Virtual Machines limits

    Resource Limit
    Virtual machines per cloud service 1 50
    Input endpoints per cloud service 2 150

    1 Virtual machines created by using the classic deployment model instead of Azure Resource Manager are automatically stored in a cloud service. You can add more virtual machines to that cloud service for load balancing and availability.

    2 Input endpoints allow communications to a virtual machine from outside the virtual machine's cloud service. Virtual machines in the same cloud service or virtual network can automatically communicate with each other.

    Virtual Machines limits - Azure Resource Manager

    The following limits apply when you use Azure Resource Manager and Azure resource groups.

    Resource Limit
    VMs per subscription 25,0001 per region.
    VM total cores per subscription 201 per region. Contact support to increase limit.
    VM per series, such as Dv2 and F, cores per subscription 201 per region. Contact support to increase limit.
    Availability sets per subscription 2,500 per region.
    Virtual machines per availability set 200
    Proximity placement groups per resource group 800
    Certificates per availability set 1992
    Certificates per subscription Unlimited3

    1 Default limits vary by offer category type, such as Trial and Standard Pay-in-Advance Offer, and by series, such as Dv2, and F. For example, the default for Enterprise Agreement subscriptions is 350. For security, subscriptions default to 20 cores to prevent large core deployments. If you need more cores, submit a support ticket.

    2 Properties such as SSH public keys are also pushed as certificates and count towards this limit. To bypass this limit, use the Azure Key Vault extension for Windows or the Azure Key Vault extension for Linux to install certificates.

    3 With Azure Resource Manager, certificates are stored in the Azure Key Vault. The number of certificates is unlimited for a subscription. There's a 1-MB limit of certificates per deployment, which consists of either a single VM or an availability set.

    Note

    Virtual machine cores have a regional total limit. They also have a limit for regional per-size series, such as Dv2 and F. These limits are separately enforced. For example, consider a subscription with a China East total VM core limit of 30, an A series core limit of 30, and a D series core limit of 30. This subscription can deploy 30 A1 VMs, or 30 D1 VMs, or a combination of the two not to exceed a total of 30 cores. An example of a combination is 10 A1 VMs and 20 D1 VMs.

    There are limits, per subscription, for deploying resources using Compute Galleries:

    • 100 compute galleries, per subscription, per region
    • 1,000 image definitions, per subscription, per region
    • 10,000 image versions, per subscription, per region

    Virtual machine scale sets limits

    Resource Limit
    Maximum number of VMs in a scale set 1,000
    Maximum number of VMs based on a custom VM image in a scale set 600
    Maximum number of scale sets in a region 2,500

    See also