Announcing updates to the Planner API in Microsoft Graph
We are pleased to announce new capabilities coming soon to the Planner API in Microsoft Graph, in response to some of our top customer requests. The updates are in two major areas:
- A new set of Business Scenarios capabilities that allows integration of external signals and data into the Planner ecosystem. These capabilities will support both Application permissions and Delegated permissions.
- Providing Application permissions for existing Planner API capabilities, in addition to the support for Delegated permissions already available today.
This will make it easier than ever for your organization to use Tasks in Teams and Planner clients. We expect both sets of improvements to be in public preview in Microsoft Graph in late November.
We’ve heard your feedback (with hundreds of votes in our feedback forum). Until now, Planner APIs have only supported Delegated permissions. Delegated permissions require the presence of a signed-in user, and an app using Delegated permissions receives access only to what the signed-in user can access. The need to leverage a user account has posed challenges to developers, such as the need to add the associated user account to all Office 365 Groups and Teams where the app needs to create and manage tasks.
With the upcoming release, new and existing Planner API capabilities will support Application permissions and Delegated permissions. This Application permissions support will allow developers to create fully automated workflows without the constraints of requiring a signed-in user. This will enable easier development for a variety of scenarios, including:
- Automating task creation in response to external signals (through Business Scenarios capabilities)
- Keeping Planner tasks in sync with external data sources (through Business Scenarios capabilities)
- Fetching task data for export or analysis (through added Application permissions support for the existing Planner API surface)
Business Scenarios for Planner
Business Scenarios represents a new concept in Microsoft Graph intended to help model real-world business processes that can represented in Microsoft products and services. Planner will be the first product to support this concept.
This concept provides a way to integrate external signals and data into a Microsoft 365 service, while providing app isolation and a least privilege access model. It also allows central configuration of certain behaviors for the entities created through a Business Scenario.
Principles of Business Scenarios
Some of the foundational concepts that lead to creation of business scenarios are:
- Control over end user experience and permissions: As an example, apply permissions restrictions for items created by your app, such as configuring which task fields a user can edit and whether they can be deleted by a specific set of users but not others.
- Control over other applications: Scope data access across the tenant to items created via the Business Scenarios that your app owns, so IT administrators can enable your app without being forced to grant access to all data for all users in the tenant, furthering a least privilege access security model. Scenarios also prevent other apps from manipulating your data unless they have been granted access.
- Central configuration: Centrally define how the entities should be created at scale. For example, centrally define the buckets that will be created in each Planner plan created with the Business Scenario, keeping these buckets in sync across plans for thousands of groups.
- Integrate with external systems: Associate an item with an identifier from another system, such as the eventID of the event that triggered the task creation, with support for indexing and retrieval based on that identifier.
Business Scenario capabilities for Planner in Microsoft Graph
Each Business Scenario is represented as an entity in your tenant. Once created, a Business Scenario offers the following functionality:
- Central task configuration: Configure the permissions for tasks created via the Business Scenario. For example, disallow user deletion of tasks created, or allow only the assignee to change the progress state of the task.
- Central plan configuration: Define the plan details, including the set of buckets in the plan that will be used when creating or updating tasks via the Business Scenario.
- Creation and management of tasks: Create a task in any Office 365 Group or Microsoft Teams team in the organization by specifying the Group identifier as the target location; view, update, or delete any task created via the Business Scenario; or query all tasks created via the Business Scenario.
- App isolation: The Business Scenario will create a new, dedicated Planner Plan in the target Group or Team the first time it creates a task there. Creating a dedicated Plan in each Group/Team for each Business Scenario provides a dedicated place for tasks, isolating the tasks from unexpected interactions from other applications.
- Least privilege permissions scope: Business Scenario applications can only access tasks created via the Business Scenario. This means IT Admins can enable these applications for their tenant without providing access to all tasks in the tenant. The Business Scenario will also have a property defining which applications are permitted to use the Business Scenario. This allows multiple apps to work within the same Business Scenario when needed.