Data encryption

  • Article

 

Applies To: Dynamics CRM 2015

Microsoft Dynamics CRM uses standard Microsoft SQL Server cell level encryption for a set of default entity attributes that contain sensitive information, such as user names and email passwords. This feature can help organizations meet FIPS 140-2 compliance.

For Microsoft Dynamics CRM Online and Microsoft Dynamics CRM (on-premises), all new and upgraded organizations use data encryption by default. Data encryption can’t be turned off.

Microsoft Dynamics CRM users who have the system administrator security role can change the encryption key at any time. More information: Change an organization encryption key

Important

For on-premises versions of Microsoft Dynamics CRM:

  • Changing the encryption key requires SSL configured on the Microsoft Dynamics CRM website.

  • It is a best practice is to change the encryption key once every year.

  • The encryption key is required to activate data encryption when you import an organization database into a new deployment or a deployment that has had the configuration database (MSCRM_CONFIG) re-created after the organization was encrypted. You can copy the original encryption key to Notepad and paste it into the Settings > Data Management > Data Encryption dialog box after the organization import is completed.

  • When you re-enter the data encryption key, we recommend that you run the Microsoft Dynamics CRM web application using Internet Explorer to paste the encryption key into the Data Encryption dialog box.

Change an organization encryption key

  1. Go to Settings > Data Management.

  2. Choose Data Encryption.

  3. In the Change Encryption Key box type the new encryption key and then select Change.

  4. Select OK in the confirmation message and then choose Close to exit the Data Encryption page.

  5. We recommend that you copy the key to a safe place. Copy your organization data encryption key

Copy your organization data encryption key

We strongly recommend that you make a copy of your data encryption key. This is particularly important for on-premises deployments that may need to reactivate data encryption after a redeployment or failure recovery.

  1. Sign in to Microsoft Dynamics CRM as a user with the system administrator security role.

  2. Go to Settings > Data Management.

  3. Choose Data Encryption.

  4. In the Data Encryption dialog box, select Show Encryption Key, in the Current encryption key box select the encryption key, and copy it to the clipboard.

    Warning

    When the Microsoft Dynamics CRM (on-premises) website is not configured for HTTPS/SSL, the Data Encryption dialog box will not be displayed. For a more secure deployment, we recommend that you configure the website for HTTPS/SSL. However, if the website is not configured for HTTPS/SSL, use a tool that can be used to modify CRM database tables, such as Microsoft SQL Server Management Studio or the Deployment Web Service, open the configuration database (MSCRM_CONFIG), and in the DeploymentProperties table, set DisableSSLCheckForEncryption to 1.

  5. Paste the encryption key in to a text editor, such as Notepad.

    Warning

    By default, Microsoft Dynamics CRM generates a passphrase that is a random collection of Unicode characters. Therefore, you must save the system-generated passphrase by using an application and file that supports Unicode characters. Some text editors, such as Notepad use ANSI coding by default. Before you save the passphrase using Notepad, select Save As, and then in the Encoding list, select Unicode.

  6. As a best practice, save the text file that contains the encryption key on a computer in a secure location on an encrypted hard drive.

See Also

SQL Server Encryption
FIPS 140 Evaluation
Manage your data
Manage configuration data

© 2016 Microsoft Corporation. All rights reserved. Copyright