Use this setup to connect Microsoft Copilot to RexCommand so your organization can authorize the Copilot connector with its own Azure app registration. This keeps the connection in your tenant and gives RexCommand the values it needs to authenticate against your Microsoft environment.
Microsoft Entra app registration documentation
Prerequisites
- Permission to create an app registration in Microsoft Entra ID.
- A tenant administrator who can grant consent for delegated API permissions.
- Access to the RexCommand Microsoft Copilot connector setup form.
- RexCommand Teams plan
Outcome
- You have an Azure app registration configured for the RexCommand Copilot connector.
- The required Microsoft Graph, Dynamics CRM, and Power Platform API delegated permissions are granted.
- You have the Tenant ID and Client ID ready to enter into RexCommand.
Required permissions
Add the following delegated permissions to the app registration.
| API | Permission | Type | Purpose |
| Microsoft Graph | User.Read | Delegated | Sign-in identity |
| Microsoft Graph | Directory.Read.All | Delegated | Read users and groups for identity resolution |
| Microsoft Graph | Application.Read.All | Delegated | Read app registrations during discovery |
| Dynamics CRM (Dataverse) | user_impersonation | Delegated | Dataverse Bots API calls, including agent definitions and transcripts |
| Power Platform API | EnvironmentManagement.Environments.Read | Delegated | List Power Platform environments |
| Power Platform API | CopilotStudio.Copilots.Invoke | Delegated | Access copilots within environments |
| Power Platform API | CopilotStudio.MakerOperations.Read | Delegated | Read copilot maker metadata |
| Note: All permissions in this article require a tenant administrator to click Grant admin consent for {tenant}. |
Procedure
1. Create the app registration.
a) Navigate to https://portal.azure.com, then click Microsoft Entra ID > App registrations > New registration.
b) In the Register an application screen, type a name such as RexCommand Copilot Connector.
c) Under Supported account types, select Accounts in this organizational directory only (Single tenant).
d) Under Redirect URI, select Single-page application (SPA) and type https://rexcommand.recordpoint.ai.
e) Click Register.
| Info: Use the origin only for the redirect URI. Do not add a path after https://rexcommand.recordpoint.ai. |
2. Copy the values that RexCommand needs.
a) On the Overview page, copy the Application (client) ID.
b) Copy the Directory (tenant) ID.
c) Keep both values available for Step 8.
| Info: RexCommand uses the Tenant ID and Client ID from this app registration. This setup does not require a client secret or certificate. |
3. Confirm the authentication settings.
a) In the left menu, click Authentication.
b) Confirm that Single-page application is listed with https://rexcommand.recordpoint.ai.
c) In Implicit grant and hybrid flows, select Access tokens and ID tokens.
d) In Advanced settings, confirm Allow public client flows is set to No.
| Note: Do not configure app roles, expose an API, or add a client secret for this connection. |
4. Add the Microsoft Graph delegated permissions.
a) Click API permissions > Add a permission > Microsoft Graph > Delegated permissions.
b) Add User.Read, Directory.Read.All, and Application.Read.All.
5. Add the Dynamics CRM delegated permission.
a) Click Add a permission > Dynamics CRM > Delegated permissions.
b) Add user_impersonation.
6. Add the Power Platform API delegated permissions.
a) Click Add a permission.
b) Open APIs my organization uses.
c) Find and select Power Platform API.
d) Under Delegated permissions, add EnvironmentManagement.Environments.Read, CopilotStudio.Copilots.Invoke, and CopilotStudio.MakerOperations.Read.
| Warning: The Power Platform API permission list does not include User.Read. Use only the permissions listed in this step. |
If Power Platform API does not appear in the picker, an administrator can register it with PowerShell:
New-AzureADServicePrincipal -AppId 8578e004-a5c6-46e7-913e-12f58912df43
[LINK TO Microsoft documentation for registering a service principal]
7. Grant admin consent.
a) Return to API permissions.
b) Click Grant admin consent for {tenant}.
c) Confirm each permission shows consent granted.
| Warning: The connection will not complete until an administrator grants consent for every delegated permission in this article. |
8. Enter the app registration values in RexCommand.
a) Open the Microsoft Copilot connector setup form in RexCommand.
b) Type the Tenant ID and Client ID from Step 2.
c) Save the connector settings.
Next steps
After the connector is saved, continue with your Copilot setup in RexCommand and verify the connection from the connector page.