Post-installation and configuration guidelines for Microsoft Dynamics CRM
Applies To: Dynamics CRM 2016
This section describes several of the tasks that the Microsoft Dynamics CRM administrator should consider after the Microsoft Dynamics CRM Server application is installed. This section isn’t meant to be an exhaustive resource used to configure deployments. Instead, use this section as a guideline to determine what best practices to implement and features to configure, based on your organization's needs.
All new and upgraded organizations use data encryption that uses an encryption key to secure data such as user passwords for email mailboxes and Yammer accounts. This encryption key may be required to use Microsoft Dynamics CRM after a redeployment or failure recovery. We strongly recommend that you make a copy of the encryption key and save it to a secure location. More information: Copy your organization data encryption key
With any network design, it is important to consider the security of your organization's client-to-server communications. When making necessary decisions that can help protect data, we recommend that you understand the following information about Microsoft Dynamics CRM network communication and about the technology options that are available that provide more secure data transmissions.
If you installed Microsoft Dynamics CRM or upgraded a Microsoft Dynamics CRM Server that isn’t already configured for HTTPS, Microsoft Dynamics CRM client-to-server communications are not encrypted. When using a website that supports only HTTP, information from CRM clients is transmitted in clear text and, therefore, possibly vulnerable to malicious intent, such as "man-in-the-middle" type attacks that could compromise content by adding scripts to perform harmful actions.
Configuring a site for HTTPS will cause a disruption in the Microsoft Dynamics CRM application so plan the configuration when there will be minimal disruption to users. The high-level steps for configuring Microsoft Dynamics CRM for HTTPS are as follows:
In Microsoft Dynamics CRM Deployment Manager, disable the server where the Web Application Server, Organization Web Service, Discovery Web Service, and Deployment Web Service roles are running. If this is a Full Server deployment, all server roles are running on the same computer. For information about how to disable a server, see Microsoft Dynamics CRM Deployment Manager Help.
Configure the website where the Web Application Server role is installed to use HTTPS. For more information about how to do this, see Internet Information Services (IIS) Help.
Set the binding in Deployment Manager. This is done on the Web Address tab of the Properties page for the deployment. For more information about how change the bindings see Microsoft Dynamics CRM deployment properties.
If you want to make other CRM services more secure and Microsoft Dynamics CRM is installed by using separate server roles, repeat the previous steps for the additional server roles.
After all Microsoft Dynamics CRM Server roles are installed, you can configure the deployment so that remote users can connect to the application through the Internet. To do this, start Rule Deployment Manager and complete the Configure Claims-Based Authentication Wizard followed by the Internet-Facing Deployment Configuration Wizard. Alternatively, you can complete these tasks using Windows PowerShell. More information: Administer the deployment using Windows PowerShell
For Microsoft Dynamics CRM for tablets to successfully connect to a new deployment of Microsoft Dynamics CRM Server, you must run a Repair of the Microsoft Dynamics CRM Server application on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed. More information: Uninstall, change, or repair Microsoft Dynamics CRM Server
For more information about configuring Microsoft Dynamics CRM for claims-based authentication, see Configure IFD for Microsoft Dynamics CRM.
Sample data is available to help you become familiar with how Microsoft Dynamics CRM works. By using sample data, work with records and see how they relate to each other, how data displays in charts, and see what information is in reports.
Sample data can be added or removed from within the CRM application. More information: Add or remove sample data
After you've completed installing Microsoft Dynamics CRM, but before the business users in your organization start using it, there are some basic tasks that you, as the CRM administrator, should complete. These tasks include defining business units and security roles, adding users, and importing data.
More information: Set up a CRM organization
Use solutions to extend functionality and the user interface. Customizers and developers distribute their work as solutions. Organizations use Microsoft Dynamics CRM to import the solution. Find a solution in the Microsoft Dynamics Marketplace.
Importing a solution or publishing customizations can interfere with normal system operation. We recommend that you schedule solution imports when it’s least disruptive to users.
For more information about how to import a solution, see Import a solution.
By default, the Navigation Tour video prompt appears the first time a user signs in to Microsoft Dynamics CRM Online or Microsoft Dynamics CRM (on-premises) using a web browser. The video prompt won’t appear on subsequent sign-ins after the user clicks Don’t show me this again. Notice that, if the user clears the browser cache or signs in from a different computer’s web browser, the video prompt will display again.
For the typical deployment the Navigation Tour video can be a valuable learning tool for users new to Microsoft Dynamics CRM. However, for some Microsoft Dynamics CRM (on-premises) deployments that use Remote Desktop Services or are highly customized, you may want to disable the video. To disable the video prompt, follow these steps from the Microsoft Dynamics CRM Server, where the Front End Server role is running.
You can disable the navigation tour for the entire organization by setting the Display navigation tour to users when they sign in in Settings > Administration > System Settings > General tab to No. If disabled, users aren’t presented with the welcome tour screen every time they sign in to Microsoft Dynamics CRM.
You can run the Navigation Tour video at any time from a web browser running Microsoft Dynamics CRM. To do this click or tap Settings and then click or tap Open Navigation Tour.
The following information describes how to configure Windows Server 2012 R2 with Active Directory Federation Services (AD FS) 2.2 to support CRM applications such as CRM for phones, Microsoft Dynamics CRM for tablets, Dynamics CRM for Outlook, Microsoft Social Engagement, or other Dynamics CRM applications that need OAuth support.
By default, forms authentication is disabled in the intranet zone. You must enable forms authentication by following these steps.
Log on to the AD FS server as an administrator.
Open the ADFS management wizard.
Click Authentication Policies > Primary Authentication > Global Settings > Authentication Methods > Edit.
Click (check) Form Based Authentication on the Intranet tab.
Follow these steps to configure the OAuth provider in Microsoft Dynamics CRM.
The client apps for the Apple iPad, Windows tablets and phones, and Outlook must be registered with AD FS.
Log on to the AD FS server as administrator.
In a PowerShell window, execute the following command to register the mobile apps.
Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d -Name "Microsoft Dynamics CRM for tablets and phones" -RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, ms-app://s-1-15-2-3781685839-595683736-4186486933-3776895550-3781372410-1732083807-672102751/, urn:ietf:wg:oauth:2.0:oob
To register the Outlook client, enter the following command.
Add-AdfsClient -ClientId 2f29638c-34d4-4cf2-a16a-7caf612cee15 -Name "Dynamics CRM Outlook Client" -RedirectUri app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
To register the Dynamics CRM App for Outlook, in Microsoft Dynamics CRM (on-premises), go to Settings > CRM App for Outlook and register the app there.
© 2016 Microsoft. All rights reserved. Copyright