web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics 365 | Integration, Dataverse... / Dynamics CRM v9 (On‑Pr...
Microsoft Dynamics 365 | Integration, Dataverse...
Answered

Dynamics CRM v9 (On‑Prem) + AD FS / Entra ID – WS‑Fed, AuthnContext & Windows Hello for Business

(0) ShareShare
ReportReport
Posted on by CU27030254-0
We’re troubleshooting an authentication scenario with Dynamics CRM v9 (on‑premises) using claims‑based auth via AD FS (WS‑Federation), federated onward to Microsoft Entra ID.
CRM sends a WS‑Federation request (via wauth, e.g. urn:oasis:names:tc:SAML:1.0:am:password), which AD FS translates into a SAML request to Entra ID. When users authenticate with Windows Hello for Business (WHfB), Entra returns AADSTS75011 due to an authentication method mismatch (WHfB/X509 vs Password).
We’re trying to confirm the following assumptions and whether any supported workaround exists for CRM v9:
  1. WS‑Federation relying parties cannot express SAML 2.0 RequestedAuthnContext semantics (e.g., unspecified, minimum, MFA‑friendly contexts), only legacy auth methods via wauth.
  2. Even though WS‑Fed can carry SAML 2.0 assertions as a token format, it does not support SAML 2.0 AuthnContext negotiation.
  3. Because CRM v9 is hard‑wired to WS‑Federation, there is no supported way (in CRM, AD FS, or Entra) to relax or suppress the requested authentication method to allow WHfB reuse.
Has anyone successfully enabled Windows Hello for Business with CRM v9 (WS‑Fed) in a supported manner, or is password authentication effectively mandatory for CRM v9 interactive access?
Any authoritative confirmation, product team guidance, or documented experience would be greatly appreciated.
Categories:
Dynamics 365 general
I have the same question (0)
  • Verified answer
    11manish Profile Picture
    11manish 234 on at
    There is no officially supported way to enable Windows Hello for Business for direct interactive login to Dynamics CRM v9 when it is federated through AD FS to Entra ID using the standard claims-based configuration.
     
     
  • CU27030254-0 Profile Picture
    CU27030254-0 on at
    Thanks. Any newer version would support Windows Hello?

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Stars!

Congratulations to our 2025 Community Spotlights

Thanks to all of our 2025 Community Spotlight stars!

Congratulations to the February Top 10 Community Leaders

These are the community rock stars!

Leaderboard > Microsoft Dynamics 365 | Integration, Dataverse, and general topics

#1
11manish Profile Picture

11manish 118

#2
Pallavi Phade Profile Picture

Pallavi Phade 102 Super User 2026 Season 1

#3
ManoVerse Profile Picture

ManoVerse 56 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Welcome to the Microsoft Dynamics 365 forum!
Identifying an Org as CDS or Dynamics
Get batch job history log from D365 FO to Power Automate
Gross and Net Weight of Shipments feeding back into Sales Order (from External Source)

Product updates

Dynamics 365 release plans