Dear Sir/Madam, 

We have CRM 365 v9 application running on internet facing server, recent security hardenings from Web application firewall has blocked the CRM built in services 

we were asked to justify that these services are part of CRM application and are expected behaviour 

we need your help to provide us any document support showing CRM web services are part of CRM application and are actions from CRM side 

Also would like to check is there any additional control we can put in place to avoid malicious request after whitelisting these URLs from WAF side 

All .asmx files from the CRMWEB folder are blocked now 

e.g of URLs blocked are 

/AppWebServices/Annotation.asmx

/AppWebServices/AdvancedFind.asmx

/AppWebServices/Bulkdelete.asmx

/AppWebServices/ImportJob.asmx

/AppWebServices/Workflow.asmx

would appreciate your response asap 

thanks

Lakshmi