Walkthrough: Configure Dynamics 365 for integration with Microsoft Azure

Applies To: Dynamics 365 (online), Dynamics 365 (on-premises), Dynamics CRM 2016, Dynamics CRM Online

This walkthrough guides you through configuring on-premises or Internet-facing deployments of Microsoft Dynamics 365 for posting the execution data context to the Microsoft Azure Service Bus when Azure ACS authorization is used.

Perform the following tasks before continuing with this walkthrough:

1. Obtain a certificate from an issuing authority or create a self signed certificate for development and testing purposes. You can do this by using the New-SelfSignedCertificate PowerShell command or the IIS Manager tool.

2. Install the certificate in the Personal\Certificates store of the server running the Microsoft Dynamics 365 asynchronous service. You can do this by using the Certificatesnap-in of the Microsoft Management Console (mmc.exe).

3. Export a public key file in Base64 format from the certificate by using mmc.exe.

4. Verify that Windows PowerShell is installed on your Microsoft Dynamics 365 server.

Configure certificate read access

The system user account under which the Microsoft Dynamics 365 asynchronous service runs must have read access to your certificate in the certificate store. Either a user account that is identified by the deployment administrator during server setup or NetworkService is used. You can verify the account used by running the Services administrative tool. In the tool, look up the service named “Microsoft Dynamics 365Asynchronous Processing Service” and see what account that service is running under.

You must grant read access by the above mentioned account to your certificate in the certificate store. You can do this by setting an ACL on the certificate by using the Certificate snap-in of the mmc (Microsoft Management Console) or by typing the following command.

winhttpcertcfg -g -c <certLocation> -s <subjectStr> -a <accountName>

Substitute the correct values, described in the following table, for the <> parameters shown in the command.

Configure the MSCRM_Config database

Follow these procedures to configure the Microsoft Dynamics 365MSCRM_Config database.

Register the Microsoft Dynamics 365 PowerShell cmdlets

1. Log on to the administrator account on your Microsoft Dynamics 365 server.

2. In a Windows PowerShell command window, enter the following command.

   Add-PSSnapin Microsoft.Crm.PowerShell
   

   This command adds the Dynamics 365Windows PowerShell snap-in to the current session. The snap-in is registered during installation and setup of the Microsoft Dynamics 365 server.

Set the Microsoft Dynamics 365 certificate

1. Enter the following command in the Windows PowerShell window.

   Set-CrmCertificate –CertificateType AppFabricIssuer –Name <issuerName> -StoreName My –StoreLocation LocalMachine -StoreFindType FindBySubjectDistinguishedName –DataFile <certificateFilename>
   

   In this command, the issuer name <issuerName> can be any name. However, you’ll be using this same issuer name when you configure Microsoft Azure Active Directory Access Control Service (ACS). The -DataFile parameter value is the file name or path of the public certificate file.

2. List the installed certificates in the MSCRM_CONFIG database. You should see the certificate that you just added.

   Get-CrmCertificate
   

See Also

Administer the deployment using Windows PowerShell
WinHttpCertCfg.exe, a Certificate Configuration Tool
Azure extensions for Microsoft Dynamics 365
Walkthrough: Configure Microsoft Azure (ACS) for integration with Dynamics 365

Microsoft Dynamics 365

© 2016 Microsoft. All rights reserved. Copyright