Office 365 Securet is being throttled.

Possible 503 errors reported in CloudSOC investigate.

Microsoft will dynamically throttle API requests in order to protect SharePoint resources from being overwhelmed and degrading the SharePoint platform.

It is possible that CloudSOC could make a high number of API calls when mass changes are made to SharePoint data including: data migration, rights or data modification.

When throttling occurs, CloudSOC will resend and process the requests following Microsoft best practices.

The Broadcom CASB team works directly with Microsoft to ensure best practices are followed in order to be efficient. Microsoft dynamic throttling is not based on a total number of api calls. 

Potential Actions:

• No action required unless symptoms are unmanageable: (Major delays in inspection, SharePoint interface issues)
• Broadcom support can verify the API calls are related to specific activity.
• Microsoft support can verify the number of API calls are related to the o365 Securet App.

Possible symptoms of throttling include:

• A 503 messages may appear in CloudSOC investigate for activity?
• O365 securlet activity may be delayed in CloudSOC investigate for SharePoint events? (Gatelet activity is not affected).
• Microsoft SharePoint online customers could receive a Microsoft notification that their subscription is throttled because of excessive resource consumption from the app 'Office 365 Securlet'. The notification warns that the apps processes might fail.
• 429 error, "Please wait" could be reported by CloudSOC or SharePoint back-end logs.