Skip to main content

The MailboxConcurrency limit and using Batching in the Microsoft Graph API

If your getting an error such as Application is over its MailboxConcurrency limit while using the Microsoft Graph API this post may help you understand why.

Background  

The Mailbox  concurrency limit when your using the Graph API is 4 as per https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits . This is evaluated for each app ID and mailbox combination so this means you can have different apps running under the same credentials and the poor behavior of one won't cause the other to be throttled. If you compared that to EWS you could have up to 27 concurrent connections but they are shared across all apps on a first come first served basis.

Batching

Batching in the Graph API is a way of combining multiple requests into a single HTTP request. Batching in the Exchange Mail API's EWS and MAPI has been around for a long time and its common, for email Apps to process large numbers of smaller items for a variety of reasons.  Batching in the Graph is limited to a maximum of 20 items per batch.

Problems

When you make a batch request like the following against the Microsoft Graph to Get the child folders or particular root folders in a Mailbox (but it can be basically any other mailbox request)


If you have any more then 4 requests in the batch you will get a concurrency error for each request greater then 4. This goes back to the Mailbox concurrency limit being 4 by default, even though this is one request each of the requests in the batch gets executed asynchronous by default and this is what causes the limit to be exceeded. So the effective default batch limit for Mailboxes is 4.

If you wanted to have all the requests in your 20 item batch fulfilled in the one request you could use the dependsOn header eg


This makes the request fully sequential meaning that only one connection is ever opened to the Exchange Mailbox.

The problem with this is in a lot of real world scenarios its much slower eg enumerating all the folders in my mailbox using depends on with 20 Item batches took 14 seconds with 4 item batches async took 8. (note neither of these is good result vs a Deep Traversal in EWS  but there is currently no alternative in the graph). The batches weren't optimized because of the random hierarchy in my Mailbox but it would make sense that 4 cloud threads is going to win over 1 sequential one even with the greater number of client requests. 

So what should you do
  1. test,test,test to see what works best for you
  2. Make sure you always create a separate App registration for your apps (never reuse)
  3. Think about your context, if there is a chance your going to have multiple instances of your app running at the same time using the same user think about your batching strategy .
  4. Make sure you process the throttling responses, retrying your op at least once shouldn't be a big deal
My 2 cents

The way this API behaves in this scenario fails the pub test for me at the moment. If your using batching in EWS code then this isn't really the equivalent. eg someone spinning up 4 threads in EWS or MAPI to do the equivalent of what batching is doing in the Graph wouldn't be considered optimal (while they have tried to mitigate the need to use batching in the first place vs EWS and MAPI). The other side of the coin is its something you can exploit to gain some performance vs single op graph code.

 

Popular posts from this blog

Testing and Sending email via SMTP using Opportunistic TLS and oAuth in Office365 with PowerShell

As well as EWS and Remote PowerShell (RPS) other mail protocols POP3, IMAP and SMTP have had OAuth authentication enabled in Exchange Online (Official announcement here ). A while ago I created  this script that used Opportunistic TLS to perform a Telnet style test against a SMTP server using SMTP AUTH. Now that oAuth authentication has been enabled in office365 I've updated this script to be able to use oAuth instead of SMTP Auth to test against Office365. I've also included a function to actually send a Message. Token Acquisition  To Send a Mail using oAuth you first need to get an Access token from Azure AD there are plenty of ways of doing this in PowerShell. You could use a library like MSAL or ADAL (just google your favoured method) or use a library less approach which I've included with this script . Whatever way you do this you need to make sure that your application registration  https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-

How to access and restore deleted Items (Recoverable Items) in the Exchange Online Mailbox dumpster with the Microsoft Graph API and PowerShell

As the information on how to do this would cover multiple posts, I've bound this into a series of mini post docs in my GitHub Repo to try and make this subject a little easier to understand and hopefully navigate for most people.   The Binder index is  https://gscales.github.io/Graph-Powershell-101-Binder/   The topics covered are How you can access the Recoverable Items Folders (and get the size of these folders)  How you can access and search for items in the Deletions and Purges Folders and also how you can Export an item to an Eml from that folder How you can Restore a Deleted Item back to the folder it was deleted from (using the Last Active Parent FolderId) and the sample script is located  https://github.com/gscales/Powershell-Scripts/blob/master/Graph101/Dumpster.ps1

Using the MSAL (Microsoft Authentication Library) in EWS with Office365

Last July Microsoft announced here they would be disabling basic authentication in EWS on October 13 2020 which is now a little over a year away. Given the amount of time that has passed since the announcement any line of business applications or third party applications that you use that had been using Basic authentication should have been modified or upgraded to support using oAuth. If this isn't the case the time to take action is now. When you need to migrate a .NET app or script you have using EWS and basic Authentication you have two Authentication libraries you can choose from ADAL - Azure AD Authentication Library (uses the v1 Azure AD Endpoint) MSAL - Microsoft Authentication Library (uses the v2 Microsoft Identity Platform Endpoint) the most common library you will come across in use is the ADAL libraries because its been around the longest, has good support across a number of languages and allows complex authentications scenarios with support for SAML etc. The
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.