Post-installation and configuration guidelines for Microsoft Dynamics CRM
Applies To: CRM 2015 on-prem
This section describes several of the tasks that the Microsoft Dynamics CRM administrator should consider after the Microsoft Dynamics CRM Server application is installed. This section isn’t meant to be an exhaustive resource used to configure deployments. Instead, use this section as a guideline to determine what best practices to implement and features to configure, based on your organization's needs.
Copy your organization encryption key
All new and upgraded organizations use data encryption that uses an encryption key to secure data such as user passwords for email mailboxes and Yammer accounts. This encryption key may be required to use Microsoft Dynamics CRM after a redeployment or failure recovery. We strongly recommend that you make a copy of the encryption key and save it to a secure location. More information: Copy your organization data encryption key
Make CRM client-to-server network communications more secure
With any network design, it is important to consider the security of your organization's client-to-server communications. When making necessary decisions that can help protect data, we recommend that you understand the following information about Microsoft Dynamics CRM network communication and about the technology options that are available that provide more secure data transmissions.
If you installed Microsoft Dynamics CRM or upgraded a Microsoft Dynamics CRM Server that isn’t already configured for HTTPS, Microsoft Dynamics CRM client-to-server communications are not encrypted. When using a website that supports only HTTP, information from CRM clients is transmitted in clear text and, therefore, possibly vulnerable to malicious intent, such as "man-in-the-middle" type attacks that could compromise content by adding scripts to perform harmful actions.
Configuring a site for HTTPS will cause a disruption in the Microsoft Dynamics CRM application so plan the configuration when there will be minimal disruption to users. The high-level steps for configuring Microsoft Dynamics CRM for HTTPS are as follows:
In Microsoft Dynamics CRM Deployment Manager, disable the server where the Web Application Server, Organization Web Service, Discovery Web Service, and Deployment Web Service roles are running. If this is a Full Server deployment, all server roles are running on the same computer. For information about how to disable a server, see Microsoft Dynamics CRM Deployment Manager Help.
Configure the website where the Web Application Server role is installed to use HTTPS. For more information about how to do this, see Internet Information Services (IIS) Help.
Set the binding in Deployment Manager. This is done on the Web Address tab of the Properties page for the deployment. For more information about how change the bindings see the "Microsoft Dynamics CRM deployment properties" topic in Deployment Manager Help.
If you want to make other CRM services more secure and Microsoft Dynamics CRM is installed by using separate server roles, repeat the previous steps for the additional server roles.
Configure a CRM Internet-facing deployment
After all Microsoft Dynamics CRM Server roles are installed, you can configure the deployment so that remote users can connect to the application through the Internet. To do this, start Rule Deployment Manager and complete the Configure Claims-Based Authentication Wizard followed by the Internet-Facing Deployment Configuration Wizard. Alternatively, you can complete these tasks using Windows PowerShell. More information: Administer the deployment using Windows PowerShell
|For Microsoft Dynamics CRM for tablets to successfully connect to a new deployment of Microsoft Dynamics CRM Server, you must run a Repair of the Microsoft Dynamics CRM Server application on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed. More information: Uninstall, change, or repair Microsoft Dynamics CRM Server|
For more information about configuring Microsoft Dynamics CRM for claims-based authentication, see Configure IFD for Microsoft Dynamics CRM.
Add or remove sample data
Sample data is available to help you become familiar with how Microsoft Dynamics CRM works. By using sample data, work with records and see how they relate to each other, how data displays in charts, and see what information is in reports.
Sample data can be added or removed from within the CRM application. More information: Add or remove sample data
Complete the configuration tasks for new organizations
After you've completed installing Microsoft Dynamics CRM, but before the business users in your organization start using it, there are some basic tasks that you, as the CRM administrator, should complete. These tasks include defining business units and security roles, adding users, and importing data.
More information: Set up a CRM organization
Import a solution from the Microsoft Dynamics Marketplace
Use solutions to extend functionality and the user interface. Customizers and developers distribute their work as solutions. Organizations use Microsoft Dynamics CRM to import the solution. Find a solution in the Microsoft Dynamics Marketplace.
|Importing a solution or publishing customizations can interfere with normal system operation. We recommend that you schedule solution imports when it’s least disruptive to users.|
For more information about how to import a solution, see Import a solution.
How can I disable the Navigation Tour video?
By default, the Navigation Tour video prompt appears the first time a user signs in to Microsoft Dynamics CRM Online or Microsoft Dynamics CRM (on-premises) using a web browser. The video prompt won’t appear on subsequent sign-ins after the user clicks Don’t show me this again. Notice that, if the user clears the browser cache or signs in from a different computer’s web browser, the video prompt will display again.
For the typical deployment the Navigation Tour video can be a valuable learning tool for users new to Microsoft Dynamics CRM. However, for some Microsoft Dynamics CRM (on-premises) deployments that use Remote Desktop Services or are highly customized, you may want to disable the video. To disable the video prompt, follow these steps from the Microsoft Dynamics CRM Server, where the Front End Server role is running.
You can disable the navigation tour for the entire organization by setting the Display navigation tour to users when they sign in in Settings > Administration > System Settings > General tab to No. If disabled, users aren’t presented with the welcome tour screen every time they sign in to Microsoft Dynamics CRM.
|You can run the Navigation Tour video at any time from a web browser running Microsoft Dynamics CRM. To do this click or tap Settings and then click or tap Open Navigation Tour.|
Configure Windows Server 2012 R2 for CRM mobile clients and CRM for Outlook
The following information describes how to configure Windows Server 2012 R2 with Active Directory Federation Services (AD FS) 2.2 to support CRM for phones, Microsoft Dynamics CRM for tablets, and CRM for Outlook.
|There are a few issues that were present when configuring AD FS 2.0 and 2.1 that are no longer needed for AD FS 2.2. For example, with 2.0/2.1 you had to configure the MEX endpoint using a script or obtain a hotfix. This isn’t needed with AD FS 2.2. In addition, AD FS 2.2 adds the rule “Pass through all UPN Claims” in the Active Directory claim provider trust by default, so the extra step to add the rule is no longer required.|
By default, forms authentication is disabled in the intranet zone. You must enable forms authentication by following these steps.
Log on to the AD FS server as an administrator.
Open the ADFS management wizard.
Click Authentication Policies > Primary Authentication > Global Settings > Authentication Methods > Edit.
Click (check) Form Based Authentication on the Intranet tab.
Follow these steps to configure the OAuth provider in Microsoft Dynamics CRM.
The client apps for the Apple iPad, Windows 8 tablets and phone, and Outlook must be registered with AD FS.
Log on to the AD FS server as administrator.
In a PowerShell window, execute the following command to register the mobile apps.
Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d -Name "Microsoft Dynamics CRM for tablets and phones" -RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, ms-app://s-1-15-2-3781685839-595683736-4186486933-3776895550-3781372410-1732083807-672102751/, urn:ietf:wg:oauth:2.0:oob
To register the Outlook client, enter the following command.
Add-AdfsClient -ClientId 2f29638c-34d4-4cf2-a16a-7caf612cee15 -Name "Dynamics CRM Outlook Client" -RedirectUri app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
User training and adoption
More information: Training and Adoption Kit for Microsoft Dynamics CRM.
Send comments about this article to Microsoft.
© 2015 Microsoft. All rights reserved.