Office 365 Securet is throttled.
Possible 503 errors reported in CloudSOC investigate.
Does the o365 securlet rescan affect MSFT throttling?
Microsoft limits the API calls to its platform to prevent the overuse of resources and to maintain its performance and reliability.
Here’s Microsoft’s documentation on API throttling - https://learn.microsoft.com/en-us/graph/throttling . The exact quota of API is not specified. According to Microsoft, throttling limits vary based on the scenario.
It is possible that the consumers of the API, like CloudSOC could make a high number of API calls, especially when mass changes are made to SharePoint/ OneDrive/ Email data including: data migration, rights or data modification. Consequently, those API calls could be throttled by Microsoft.
When throttling occurs, CloudSOC will resend and process the API requests following Microsoft best practices. The Broadcom CASB team continues to work directly with Microsoft to ensure best practices are followed in order to be efficient.Potential Actions:
Impact of the O365 Securlet Re-scan Feature:
Symantec currently offers a re-scan of all exposed content. A customized re-scan of all content, including the unexposed content and limiting by user, site or time-frame can be performed by contacting support. Symantec is currently working on a feature that would support such customized re-scans.
The securlet re-scan will issue additional API calls which could cause additional throttling from Microsoft and could delay the receipt of events from Microsoft.
The re-scan message warns that the process could take from hours to days.
Without running a re-scan your documents are still protected as the document will be re-scanned the next time the document is touched.
Microsoft's throttling guide
Possible symptoms of throttling include: