good morning dear community,

recently we wanted to deploy ifd and claim based authentification in order to connect our on prem CRM 2016 with Exchange 365 (Online). Upon researching it was stated that we'd need an AD FS feature installed and set up.

Our entire setup consist of three servers:

one for the domain controller and active directory: adserv

the second server is reserverd for sql: sqlserv

and lastly our crm server: crmserv which uses a port 443 and a port 80 binding with a specific hostname set: and using Letsencrpyt ssl certificates

Where should we install adfs if we want to reach crm internally and externally without specifiying a port? The crmserv or the adserv? Are there any specific best practices which you could point us towards?
Is it possible to run adfs with just LetsEncrypt certificates?