Graph API Permissions for Right Click Tools

Last Modified on 11.24.25
Before you can run Right Click Tools that require a service connection to Entra ID, you'll need to register the application with Microsoft and add the required Graph API permissions.
Register the Right Click Tools Console Extension with Microsoft
Configure a Platform
Add Graph API Permissions
API Permissions by Product/Add-On
Configure Your Application ID URI

Register the Right Click Tools Console Extension with Microsoft

To register the Right Click Tools console extension with Microsoft: 

1. Log into https://portal.azure.com using your Azure credentials with full admin rights. 

2. Search for App registrations

3. On the App registrations page, click New registration.

4. Give the application a meaningful display Name.

5. As the Supported account type, select Accounts in any organizational directory (Any Microsoft Entra ID tenant - Multitenant)

6. Click Register.

7. In the Overview pane that opens, copy the Application (client) ID and Directory (tenant) ID as you will need to enter these later in your Recast Management Server.



Configure a Platform

To add a platform in the Microsoft Azure portal:

1. On the Azure portal App registrations page, under Manage, click Authentication.

2. Under Platform Configurations, select Add a platform.

3. Under Configure platforms, select Mobile and desktop applications.

4. Under Redirect URIs, add a custom URI with your App ID in the name: ms-appx-web://microsoft.aad.brokerplugin/<Your-App-ID>

5. Click Configure to add the platform.

6. Under Advanced Settings, toggle Enable the following mobile and desktop flows: to Yes and click to Save this configuration.



Add Graph API Permissions

To add Microsoft Graph API permissions:

1. On the App registrations page, under Manage, click API Permissions.

2. Select Add a permission.

3. Add required permissions for the specific Right Click Tools action you want to use. See API Permissions by Product/Add-on for a list of permissions needed for each Entra/Intune tool.

4. Once the required permissions are added, click Grant admin consent for [Tenant Name].



API Permissions by Product/Add-On

Specific Microsoft Graph API permissions are required for individual Entra/Intune features in Right Click Tools, as well as for access to all features in Right Click Tools Patching and Right Click Tools Privileged Access.

Right Click Tools

Add Devices to Entra GroupApplication permissions
  • Device.Read.All
  • Device.Read.Write.All
  • Group.Read.All
  • Group.Read.Write.All
Delete Device(s) From Azure (Intune/Entra)Application permissions
  • DeviceManagementManagedDevices.ReadWrite.All - for deleting devices from Intune
  • Device.ReadWrite.All - for deleting devices from Entra
Entra ID BitLocker Recovery Keys Application permissions
  • Device.Read.All
Delegated permissions
  • User.Read
  • BitlockerKey.Read.All
  • BitlockerKey.ReadBasic.All
  • DeviceManagementConfiguration.Read.All
  • DeviceManagementManagedDevices.Read.All

Right Click Tools Privileged Access

For all Privileged Access features
Application permissions
  • Device.Read.All
  • GroupMember.Read.All
  • User.Read.All

Right Click Tools Patching

For all Patching features

Application permissions
  • DeviceManagementApps.ReadWrite.All
  • DeviceManagementConfiguration.Read.All
  • GroupMember.Read.All
  • Device.Read.All

Delegated Permissions

  • User.Read



Configure Your Application ID URI

To configure your application ID URI:

1. On the App registrations page, under Manage, click Expose an API.

2. Click to Add an application ID URI.

3. In the Edit application ID URI side panel that opens, enter the Application ID URI.

4. Save your changes.



Related Articles

Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

Copyright © Recast Software, LLC. All rights reserved.
Recast Software, Right Click Tools, and Application Workspace are registered trademarks.