Decisions Microsoft Graph permissions explained

When you enable admin consent for the Decisions app, you are presented with a list of Microsoft Graph permissions. This article will help you better understand why Decisions requests them and how they are used.

Delegated Permissions

All permissions requested by Decisions are Delegated Permissions. Decisions acts on behalf of a user and is limited by both the application permissions and the end-user’s permissions. By using Delegated Permissions, users of Decisions will never get access to any resources they not already have access to in your organizations Office 365 tenant.

Microsoft Graph Permissions

The following sections detail each Microsoft Graph permission scope and how Decisions uses it.

The list of permissions that you will be prompted to approve:

The list of permissions that you will be prompted to approve

Read and write all OneNote notebooks that user can access

Used to set-up private notebooks for meetings to take notes and prepare remarks and questions. It also allows for group meeting minutes to be stored within their shared OneNote notebook, should the group opt to use OneNote.

Read user mailbox settings

Used to identify a user’s language preferences. 

Sign in and read user profile

Used to sign in to Decisions.

Read all users' basic profiles

Used to display first and last name, photo and email address of group members and external participants.

Read and write all groups

Used to create folder structures in the Office 365 Group’s SharePoint site for meeting agendas, related files and group conversations. 

Read and write access to user mail

Used to create draft emails to meeting attendees.

*OfficeJS (Microsoft javascript library for Office Add-ins) does not currently allow Decisions to compose new email messages as that API is still in preview. Once available from Microsoft, Decisions will no longer need this permission scope. 

Send mail as a user

Used to allow Decisions to send meeting participants notifications, such as agenda updates and links to the meeting for co-authors. Emails go to meeting participants or to the distribution list selected by the meeting owner. 

Have full access to user calendars

Used to read information from user’s calendar to enable features like the meeting list and search. It also gives the user an option to delete specific meetings from the calendar, when the item is deleted from Decisions.

Have full access to user files

Used to provide users with support for personal file annotations. Annotated files are stored privately in the user’s OneDrive for Business. 

Read all files that user can access

Used to read files that are shared with the user in order to merge those files into the PDF Meeting Book.

Create, read, update and delete user tasks and projects

Used to sync tasks and decisions to Microsoft Planner. It also allows users to export tasks and decisions to Excel.

Read directory data

Used to gather basic information about the Office 365 tenant when registered, such as tenant name and verified domains. It is also necessary for verifying group memberships.


Please refer to the Microsoft Graph Permissions reference for full details on what permission scopes grants access too.