As Microsoft enhances its security posture across all products and services, there have been recent changes to API functionality that may impact customers who previously relied on app-only permissions to provision Class Notebooks using APIs. You can still provision sites and notebooks at scale using Microsoft Graph APIs by following a supported alternative method. This article outlines the steps and provides links to relevant documentation.

Overview

To continue provisioning Class Notebooks and SharePoint sites at scale:

  1. Use the CreateEducationClass API when creating new sites (one group/site per class)

  2. For pre-existing sites, use the SharePoint CreatePermission API to grant OneNote Class Notebook AppId permisisons to that site.

  3. Once the above steps are complete, existing Class Notebook functionality should be restored and API calls such asĀ GetClassNotebooks, AddTeacher, and addStudent should function as expected.

Step-by-Step Instructions

1. Create New Sites with CreateEducationClass

Use the CreateEducationClass API to create a new Microsoft 365 Group and associated SharePoint site for each class.

  • This API provisions the Group, Site, and associated resources in one call.

  • After the site is created, you can use existing APIs to manage notebooks and permissions.

Reference: CreateEducationClass API documentation

2. Grant Permissions to Existing Sites

For existing Groups or Sites, you must explicitly grant the Class Notebook app access using the Sites.Selected permission model.

Required Permissions

  • App-only access using Sites.Selected scope.

  • Grant the EDU OneNote app full control to the site.

Sample Request

POST https://graph.microsoft.com/v1.0/sites/{sitesId}/permissions
Content-Type: application/json 

{ 
Ā    "roles": ["fullcontrol"], 
Ā    "grantedToIdentities": [{ 
Ā      "application": { 
Ā        "id": "13291f5a-59ac-4c59-b0fa-d1632e8f3292", //Target Applicationā€™s Client Id Ā  
Ā        "displayName": "EDU OneNote" //Target Applicationā€™s Display name 
Ā      } 
    }] 
}

References:Ā 

Create permission API

Develop Applications that use Sites.Selected permissions for SPO sites

Microsoft 365 Developer Blog: Controlling app access on specific SharePoint site collections is now available in Microsoft Graph

3. Use Existing APIs for Notebook Management

Once permissions are correctly configured, existing Class Notebook functionality such as the following APIs should continue to work as before:

  • GetClassNotebooks

  • AddTeacher

  • AddStudent

  • CreateClassNotebook

    • ā€‹ā€‹ā€‹ā€‹ā€‹ā€‹ā€‹Note: as described above, for new Groups/Sites, use CreateEducationClass instead

Facebook LinkedIn Email

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center