Skip to main content

The MailboxConcurrency limit and using Batching in the Microsoft Graph API

If your getting an error such as Application is over its MailboxConcurrency limit while using the Microsoft Graph API this post may help you understand why.

Background  

The Mailbox  concurrency limit when your using the Graph API is 4 as per https://docs.microsoft.com/en-us/graph/throttling#outlook-service-limits . This is evaluated for each app ID and mailbox combination so this means you can have different apps running under the same credentials and the poor behavior of one won't cause the other to be throttled. If you compared that to EWS you could have up to 27 concurrent connections but they are shared across all apps on a first come first served basis.

Batching

Batching in the Graph API is a way of combining multiple requests into a single HTTP request. Batching in the Exchange Mail API's EWS and MAPI has been around for a long time and its common, for email Apps to process large numbers of smaller items for a variety of reasons.  Batching in the Graph is limited to a maximum of 20 items per batch.

Problems

When you make a batch request like the following against the Microsoft Graph to Get the child folders or particular root folders in a Mailbox (but it can be basically any other mailbox request)


If you have any more then 4 requests in the batch you will get a concurrency error for each request greater then 4. This goes back to the Mailbox concurrency limit being 4 by default, even though this is one request each of the requests in the batch gets executed asynchronous by default and this is what causes the limit to be exceeded. So the effective default batch limit for Mailboxes is 4.

If you wanted to have all the requests in your 20 item batch fulfilled in the one request you could use the dependsOn header eg


This makes the request fully sequential meaning that only one connection is ever opened to the Exchange Mailbox.

The problem with this is in a lot of real world scenarios its much slower eg enumerating all the folders in my mailbox using depends on with 20 Item batches took 14 seconds with 4 item batches async took 8. (note neither of these is good result vs a Deep Traversal in EWS  but there is currently no alternative in the graph). The batches weren't optimized because of the random hierarchy in my Mailbox but it would make sense that 4 cloud threads is going to win over 1 sequential one even with the greater number of client requests. 

So what should you do
  1. test,test,test to see what works best for you
  2. Make sure you always create a separate App registration for your apps (never reuse)
  3. Think about your context, if there is a chance your going to have multiple instances of your app running at the same time using the same user think about your batching strategy .
  4. Make sure you process the throttling responses, retrying your op at least once shouldn't be a big deal
My 2 cents

The way this API behaves in this scenario fails the pub test for me at the moment. If your using batching in EWS code then this isn't really the equivalent. eg someone spinning up 4 threads in EWS or MAPI to do the equivalent of what batching is doing in the Graph wouldn't be considered optimal (while they have tried to mitigate the need to use batching in the first place vs EWS and MAPI). The other side of the coin is its something you can exploit to gain some performance vs single op graph code.

 
Labels:

Popular posts from this blog

Testing and Sending email via SMTP using Opportunistic TLS and oAuth in Office365 with PowerShell

As well as EWS and Remote PowerShell (RPS) other mail protocols POP3, IMAP and SMTP have had OAuth authentication enabled in Exchange Online (Official announcement here ). A while ago I created  this script that used Opportunistic TLS to perform a Telnet style test against a SMTP server using SMTP AUTH. Now that oAuth authentication has been enabled in office365 I've updated this script to be able to use oAuth instead of SMTP Auth to test against Office365. I've also included a function to actually send a Message. Token Acquisition  To Send a Mail using oAuth you first need to get an Access token from Azure AD there are plenty of ways of doing this in PowerShell. You could use a library like MSAL or ADAL (just google your favoured method) or use a library less approach which I've included with this script . Whatever way you do this you need to make sure that your application registration  https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-
Read more

How to test SMTP using Opportunistic TLS with Powershell and grab the public certificate a SMTP server is using

Most email services these day employ Opportunistic TLS when trying to send Messages which means that wherever possible the Messages will be encrypted rather then the plain text legacy of SMTP.  This method was defined in RFC 3207 "SMTP Service Extension for Secure SMTP over Transport Layer Security" and  there's a quite a good explanation of Opportunistic TLS on Wikipedia  https://en.wikipedia.org/wiki/Opportunistic_TLS .  This is used for both Server to Server (eg MTA to MTA) and Client to server (Eg a Message client like Outlook which acts as a MSA) the later being generally Authenticated. Basically it allows you to have a normal plain text SMTP conversation that is then upgraded to TLS using the STARTTLS verb. Not all servers will support this verb so if its not supported then a message is just sent as Plain text. TLS relies on PKI certificates and the administrative issue s that come around certificate management like expired certificates which is why I wrote th
Read more
All sample scripts and source code is provided by for illustrative purposes only. All examples are untested in different environments and therefore, I cannot guarantee or imply reliability, serviceability, or function of these programs.

All code contained herein is provided to you "AS IS" without any warranties of any kind. The implied warranties of non-infringement, merchantability and fitness for a particular purpose are expressly disclaimed.