OneNote Service Scopes update

This is Sharad from EDU/OneNote team. This blog post is aimed at providing updates with respect to OneNote scopes and related changes in Azure Active Directory.

We are enabling two new permissions (for O365) which will have wider access scope for OneNote resource.

Scope (enterprise) Old Permission text in Azure portal Revised Permission text in Azure portal Purpose
Notes.Read.All View OneNote notebooks in your organization View user’s notes and notes shared with user Allows the user to view OneNote notes that the signed-in user has access to in the organization. The user cannot access password-protected sections.
Notes.ReadWrite.All View and modify OneNote notebooks in your organization View and modify user’s notes and notes shared with user Allows the user to view and modify OneNote notes that the signed-in user has access to in the organization.

These scopes are available as delegate permission (not requiring admin consent). These scopes allow the caller to access anything in the organization (outside calling user’s OneDrive) where caller has access to notes shared under sitecollections/{id}/sites/{id} or groups/{id} or users/{id}. To maintain backward compatibility, these routes will continue to support Notes.Read and Notes.ReadWrite scopes. However, moving forward, one should expect only newer (i.e. Notes.Read.All  and Notes.ReadWrite.All) scopes being supported for these routes. It is recommended to use these newer scopes.

We have also revised the name and description of below OneNote scopes (for O365)

Scope (enterprise) Old Permission text in Azure portal Revised Permission text in Azure portal Permission
Notes.Create Create pages in OneNote notebooks Create user’s notes Allows the user to create OneNote notes for the signed-in user.
Notes.ReadWrite.CreatedByApp Application-only OneNote notebook access View and modify notes created using given application Allows the user to view and modify OneNote notes created by this app. The user cannot view or modify notes created by other apps or under password-protected sections.
Notes.Read View OneNote notebooks View user’s notes Allows the user to view OneNote notes for the signed-in user.The user cannot read notes under password-protected section.
Notes.ReadWrite View and modify OneNote notebooks View, modify user’s notes Allows the user to view and modify OneNote notes for the signed-in user.

More details on scopes and authentication are available here.

Comments

  • Anonymous
    January 25, 2017
    Hi,Do you have an idea of when OneNote permissions will be available in the Azure AD v2 authentication flows?Thanks.