Sunday, 14 January 2018

Configuring Dynamics 365 Outlook App On-Premise

Microsoft released the Outlook App with CRM 2016, and then a second much improved version with Dynamics 365, a number of issues and small bugs were identified, but the App is now stable with Update 2.2, I recommend you install this patch to get your Outlook App running smoothly.

A number of people encounter numerous technical hurdles and become frustrated with the lack of documentation available. On this blog post I will go through step-by-step on how to configure the Outlook App for an On-Premise environment, we will configure the following components:
  • CRM OAuth Configuration
  • Exchange Profile
  • ADFS Configuration
  • Pushing the Outlook App to users
Minimum Requirements
  • Dynamics 365 with IFD 
  • Dynamics 365 Update 2.2
  • Minimum ADFS 3.x due to OAuth endpoint
  • Minimum Exchange 2016 or 2013 with Cumulative Update 14 or greater
  • Office 2016 (recommended) although Office 2013 also works fine

How the Outlook App works?
The Outlook App it's an add-in installed on a user Exchange Mailbox. Exchange add-ins have been introduced with Cumulative update 14 for Exchange 2013.

The Outlook App add-in is pushed to the user Mailbox from CRM, no Exchange Server-side configuration or installation is needed, it's all done from CRM. The service account used for Exchange Synchronization requires impersonation rights in order to successfully install the add-in on the user Mailbox.

Minimum Exchange configuration:
  • Exchange Server version 15.0.1236.3.32 (Cumulative Update 14 for Exchange Server 2013) 
  • Exchange 2016

CRM OAuth Configuration
The Dynamics Outlook requires OAuth configuration, on the CRM server execute the following powershell commands:

$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings
$ClaimsSettings.Enabled = $true
Set-CrmSetting -Setting $ClaimsSettings


CRM Exchange Setup
Please refer to my previous blog post on how to configure Exchange Server Side synchronization here: http://quantusdynamics.blogspot.co.uk/2013/11/dynamics-crm-2013-configuring-exchange.html


ADFS Configuration
We need to ensure the Outlook App ID is registered with ADFS to allow OAuth authentication to succeed.

First we need to retrieve the Outlook APP ID from CRM, you can access this information on the Settings Menu > Dynamics 365 App for Outlook

you will see the following screen:























Run the following command on the ADFS server:

Add-AdfsClient -ClientId  YOUR_ID  -Name "Dynamics CRM Outlook Client" -RedirectUri https://my_CRM_domain/crmmailapp/code_auth.aspx


ADFS 4.x (windows server 2016)
If you are using ADFS with Windows server 2016, in addition to the above steps, you also need to grant permissions to the Outlook App, please run the following command in powershell:

Please note the domain used here, is the IFD authentication CRM URL, usually named authcrm.domain

Grant-AdfsApplicationPermission -ClientRoleIdentifier YOUR_APP_ID -ServerRoleIdentifier "https://authcrm.domain.com” -ScopeNames openid


ADFS Authentication Providers
Forms based authentication is required to be enabled on the intranet zone. Open the ADFS management wizard.

Click Authentication Policies > Primary Authentication > Global Settings > Authentication Methods > Edit.

Click Forms Authentication on the Intranet zone.


























Installing the Outlook App
As I've mentioned earlier, the Outlook App is installed on the user mailbox from CRM. There are two methods to push the Outlook App to the user mailbox:
  • User manually pushes the Outlook App
  • Administrator pushes the Outlook App from administration panel
The user can push the Outlook App manually under the the Apps for Dynamics 365 under the Cog on the top right menu:




















On this Page if the CRM user profile is correctly set up with Exchange Server-Side Sync, you should see a blue button to add the Outlook App, as per the below screenshot.

































Clicking on the Outlook App Button, starts the process on the background, the user will see the below message:


































To push the Outlook App to multiple users,  access the Settings menu > Dynamics 365 App for Outlook

The Eligible users section will only list users where the Exchange Server Profile was set up and the incoming and outgoing settings are set for Server-Side Exchange Synchronization, please refer to the below screenshot:

After the user Mailbox is correctly configured, you need to Test & Enable the Mailbox










Check the Dynamics 365 App for Outlook Settings Menu, the account is now visible on the Eligible Users, click Add App for Outlook, the status will change to Pending... this may take up to 2 minutes to complete, depending on your infrastructure.


















When the app is successfully pushed to the user mailbox, you will see a green message: Added to Outlook 









Internet Explorer Settings
The CRM domains need to be added to the Trusted Sites and Protected Mode needs to be enabled

If you come across multiple authentication pop-ups try to enable anonymous authentication:

Run inetcpl.cpl and click on OK.

  • Go to Security Tab. Click on Trusted Sites lower the security level to Low
  • Enable Protected Mode
  • Add both the internal and external CRM domains “https://crm.domain"
  • Click on custom level and scroll down to user authentication section, select anonymous logon and save changes.



2 comments:

  1. Nice to see this blog, because I really need this type of informative blog about Outlook. I’m mostly thankful to for sharing this helpful blog. For any kind of customer support services call 0800-090-3220 or visit Outlook Support Number UK

    ReplyDelete
  2. Nice blog..! I really loved reading through this article. Thanks for sharing such a amazing post with us and keep blogging... Opal Crm Software Company

    ReplyDelete