![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(38.4, 71%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYM%3C/text%3E%3C/svg%3E)
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
The workbook/createSession API only supports delegated permissions with a work or school account. Application permissions are not supported for this API.
From the permissions table for workbook: createSession:
- Delegated (work or school account): Files.ReadWrite (least privileged)
- Delegated (personal Microsoft account): Not supported
- Application: Not supported
Because the call is being made with an Azure AD app registration using application permissions, the service is effectively trying to operate without a signed-in user context and cannot obtain edit rights on the workbook, which results in the EditModeAccessDenied error.
To use createSession successfully:
- Use delegated permissions (
Files.ReadWrite) instead of application permissions. - Ensure the signed-in user has edit access to the target workbook in OneDrive/SharePoint.
- Call:
with an access token obtained on behalf of that user.POST /me/drive/items/{id}/workbook/createSession Content-type: application/json { "persistChanges": true }
If an app-only (daemon/service) scenario is required, a different approach is needed because workbook/createSession itself cannot be used with application permissions.
References: