Post-installation and configuration guidelines for Microsoft Dynamics 365

 

Updated: January 9, 2017

Applies To: Dynamics 365 (on-premises), Dynamics CRM 2016

This section describes several of the tasks that the Microsoft Dynamics 365 administrator should consider after the Microsoft Dynamics 365 Server application is installed. This section isn’t meant to be an exhaustive resource used to configure deployments. Instead, use this section as a guideline to determine what best practices to implement and features to configure, based on your organization's needs.

December 2016 update for Dynamics 365 (online and on-premises) is now available. As part of this update, the product name changes from Microsoft Dynamics CRM 2016 to Microsoft Dynamics 365. For more information about the service pack, see the support article December 2016 update for Dynamics 365 (on-premises)

All new and upgraded organizations use data encryption that uses an encryption key to secure data such as user passwords for email mailboxes and Yammer accounts. This encryption key may be required to use Microsoft Dynamics 365 after a redeployment or failure recovery. We strongly recommend that you make a copy of the encryption key and save it to a secure location. More information: Copy your organization data encryption key

With any network design, it is important to consider the security of your organization's client-to-server communications. When making necessary decisions that can help protect data, we recommend that you understand the following information about Microsoft Dynamics 365 network communication and about the technology options that are available that provide more secure data transmissions.

If you installed Microsoft Dynamics 365 or upgraded a Microsoft Dynamics 365 Server that isn’t already configured for HTTPS, Microsoft Dynamics 365 client-to-server communications are not encrypted. When using a website that supports only HTTP, information from Dynamics 365 clients is transmitted in clear text and, therefore, possibly vulnerable to malicious intent, such as "man-in-the-middle" type attacks that could compromise content by adding scripts to perform harmful actions.

Configuring a site for HTTPS will cause a disruption in the Microsoft Dynamics 365 application so plan the configuration when there will be minimal disruption to users. The high-level steps for configuring Microsoft Dynamics 365 for HTTPS are as follows:

  1. In Microsoft Dynamics 365 Deployment Manager, disable the server where the Web Application Server, Organization Web Service, Discovery Web Service, and Deployment Web Service roles are running. If this is a Full Server deployment, all server roles are running on the same computer. For information about how to disable a server, see Microsoft Dynamics 365Deployment Manager Help.

  2. Configure the website where the Web Application Server role is installed to use HTTPS. For more information about how to do this, see Internet Information Services (IIS) Help.

  3. Set the binding in Deployment Manager. This is done on the Web Address tab of the Properties page for the deployment. For more information about how change the bindings see Microsoft Dynamics 365 deployment properties.

  4. If you want to make other Dynamics 365 services more secure and Microsoft Dynamics 365 is installed by using separate server roles, repeat the previous steps for the additional server roles.

After all Microsoft Dynamics 365 Server roles are installed, you can configure the deployment so that remote users can connect to the application through the Internet. To do this, start Rule Deployment Manager and complete the Configure Claims-Based Authentication Wizard followed by the Internet-Facing Deployment Configuration Wizard. Alternatively, you can complete these tasks using Windows PowerShell. More information: Administer the deployment using Windows PowerShell

System_CAPS_importantImportant

For Microsoft Dynamics 365 for tablets to successfully connect to a new deployment of Microsoft Dynamics 365 Server, you must run a Repair of the Microsoft Dynamics 365 Server application on the server running IIS where the Web Application Server role is installed after the Internet-Facing Deployment Configuration Wizard is successfully completed. More information: Uninstall, change, or repair Microsoft Dynamics 365 Server

For more information about configuring Microsoft Dynamics 365 for claims-based authentication, see Configure IFD for Microsoft Dynamics 365.

Sample data is available to help you become familiar with how Microsoft Dynamics 365 works. By using sample data, work with records and see how they relate to each other, how data displays in charts, and see what information is in reports.

Sample data can be added or removed from within the Dynamics 365 application. More information: Add or remove sample data

After you've completed installing Microsoft Dynamics 365, but before the business users in your organization start using it, there are some basic tasks that you, as the Dynamics 365 administrator, should complete. These tasks include defining business units and security roles, adding users, and importing data.

More information: Set up a Dynamics 365 organization

Use solutions to extend functionality and the user interface. Customizers and developers distribute their work as solutions. Organizations use Microsoft Dynamics 365 to import the solution. Find a solution in the Microsoft Dynamics Marketplace.

System_CAPS_importantImportant

Importing a solution or publishing customizations can interfere with normal system operation. We recommend that you schedule solution imports when it’s least disruptive to users.

For more information about how to import a solution, see Import a solution.

By default, the Navigation Tour video prompt appears the first time a user signs in to Microsoft Dynamics 365 (online) or Dynamics 365 (on-premises) using a web browser. The video prompt won’t appear on subsequent sign-ins after the user clicks Don’t show me this again. Notice that, if the user clears the browser cache or signs in from a different computer’s web browser, the video prompt will display again.

For the typical deployment the Navigation Tour video can be a valuable learning tool for users new to Microsoft Dynamics 365. However, for some Dynamics 365 (on-premises) deployments that use Remote Desktop Services or are highly customized, you may want to disable the video. To disable the video prompt, follow these steps from the Microsoft Dynamics 365 Server, where the Front End Server role is running.

You can disable the navigation tour for the entire organization by setting the Display navigation tour to users when they sign in in Settings > Administration > System Settings > General tab to No. If disabled, users aren’t presented with the welcome tour screen every time they sign in to Microsoft Dynamics 365.

System_CAPS_noteNote

You can run the Navigation Tour video at any time from a web browser running Microsoft Dynamics 365. To do this click or tap Settings and then click or tap Open Navigation Tour.

The following information describes how to configure Windows Server 2012 R2 with Active Directory Federation Services (AD FS) 2.2 to support Dynamics 365 applications such as Dynamics 365 for phones, Microsoft Dynamics 365 for tablets, Dynamics 365 for Outlook, Microsoft Social Engagement, or other Dynamics 365 applications that need OAuth support.

System_CAPS_noteNote
  • There are a few issues that were present when configuring AD FS 2.0 and 2.1 that are no longer needed for AD FS 2.2. For example, with 2.0/2.1 you had to configure the MEX endpoint using a script or obtain a hotfix. This isn’t needed with AD FS 2.2. In addition, AD FS 2.2 adds the rule “Pass through all UPN Claims” in the Active Directory claim provider trust by default, so the extra step to add the rule is no longer required.

  • To register Microsoft Social Engagement, see Set up the connection between Dynamics CRM and Social Engagement.

By default, forms authentication is disabled in the intranet zone. You must enable forms authentication by following these steps.

  1. Log on to the AD FS server as an administrator.

  2. Open the ADFS management wizard.

  3. Click Authentication Policies > Primary Authentication > Global Settings > Authentication Methods > Edit.

  4. Click (check) Form Based Authentication on the Intranet tab.

Follow these steps to configure the OAuth provider in Microsoft Dynamics 365.

  1. Log on to the Microsoft Dynamics 365 server as an administrator.

  2. In a Windows PowerShell console window, run the following script.

    $ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
    $ClaimsSettings.Enabled = $true
    Set-CrmSetting -Setting $ClaimsSettings
    
    

The client apps must be registered with AD FS.

  1. Log on to the AD FS server as administrator.

  2. In a PowerShell window, execute the following commands to register each application that is applicable to your deployment.

     Dynamics 365 mobile apps for Apple iPhone, Android, and Windows.

    Add-AdfsClient -ClientId ce9f9f18-dd0c-473e-b9b2-47812435e20d -Name "Microsoft Dynamics CRM for tablets and phones" -RedirectUri ms-app://s-1-15-2-2572088110-3042588940-2540752943-3284303419-1153817965-2476348055-1136196650/, ms-app://s-1-15-2-1485522525-4007745683-1678507804-3543888355-3439506781-4236676907-2823480090/, ms-app://s-1-15-2-3781685839-595683736-4186486933-3776895550-3781372410-1732083807-672102751/, ms-app://s-1-15-2-3389625500-1882683294-3356428533-41441597-3367762655-213450099-2845559172/, ms-auth-dynamicsxrm://com.microsoft.dynamics,ms-auth-dynamicsxrm://com.microsoft.dynamics.iphone.moca,ms-auth-dynamicsxrm://com.microsoft.dynamics.ipad.good,msauth://code/ms-auth-dynamicsxrm%3A%2F%2Fcom.microsoft.dynamics,msauth://code/ms-auth-dynamicsxrm%3A%2F%2Fcom.microsoft.dynamics.iphone.moca,msauth://code/ms-auth-dynamicsxrm%3A%2F%2Fcom.microsoft.dynamics.ipad.good,msauth://com.microsoft.crm.crmtablet/v%2BXU%2FN%2FCMC1uRVXXA5ol43%2BT75s%3D,msauth://com.microsoft.crm.crmphone/v%2BXU%2FN%2FCMC1uRVXXA5ol43%2BT75s%3D, urn:ietf:wg:oauth:2.0:oob
    

    Dynamics 365 for Outlook.

    Add-AdfsClient -ClientId  2f29638c-34d4-4cf2-a16a-7caf612cee15  -Name "Dynamics CRM Outlook Client" -RedirectUri app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
    

    Unified Service Desk client.

    Add-AdfsClient -ClientId  4906f920-9f94-4f14-98aa-8456dd5f78a8  -Name "Dynamics 365 Unified Service Desk" -RedirectUri app://41889de4-3fe1-41ab-bcff-d6f0a6900264/
    

    Microsoft Dynamics 365 developer tools.

    Add-AdfsClient -ClientId  2ad88395-b77d-4561-9441-d0e40824f9bc  -Name "Dynamics 365 Development Tools" -RedirectUri app://5d3e90d6-aa8e-48a8-8f2c-58b45cc67315/
    
  3. To register the Dynamics 365 App for Outlook, in Dynamics 365 (on-premises), go to Settings > Dynamics 365 App for Outlook and register the app there.

© 2016 Microsoft. All rights reserved. Copyright

Community Additions

ADD
Show: