You are correct to be cautious about exposing your CRM externally. No, you do not necessarily need Internet-Facing Deployment (IFD) configured to connect your Dynamics 365 9.1 on-premises environment (using claims-based authentication with ADFS) to Exchange Online.
You can establish a Server-Side Synchronization (SSS) connection between Dynamics 365 on-premises and Exchange Online using OAuth 2.0 authentication, which does not require IFD.
The Microsoft documentation you linked (https://learn.microsoft.com/en-us/dynamics365/customerengagement/on-premises/admin/connect-dynamics-365-on-premises-exchange-online?view=op-9-1) outlines the steps for setting up this connection.
Key Points from the Documentation (that confirm IFD is not mandatory):
- The documentation provides steps for "Connect Dynamics 365 on-premises with Exchange Online using OAuth 2.0". This section does not mention IFD as a prerequisite.
- The process involves registering Dynamics 365 on-premises as an application in your Azure Active Directory (Azure AD) and granting it permissions to access Exchange Online.
- You will use PowerShell cmdlets specific to OAuth management for Dynamics 365 on-premises.
Regarding the ConfigureCrmServerSideSync.ps1 script and the organisation_name parameter:
You are right to point out the different formats for the organization name with IFD and claims. When connecting to Exchange Online without IFD, the organisation_name parameter in the ConfigureCrmServerSideSync.ps1 script should typically be the internal organization name of your Dynamics 365 deployment. This is the name you specified during the initial CRM setup.
You can usually find your internal organization name by:
- Logging into your Dynamics 365 on-premises instance through its internal URL (e.g.,
yourcrmserver/yourorgname).
- Navigating to Settings > Customization > Developer Resources.
- Look for the Organization Unique Name. This is the value you should likely use for the
organisation_name parameter in the script.
Why IFD is NOT Required for SSS with Exchange Online (OAuth):
- OAuth 2.0 Authentication: This modern authentication method relies on secure token exchange between applications and services. It doesn't require the CRM server to be directly accessible from the internet for the initial connection.
- Azure AD as the Trust Broker: Azure AD acts as the trusted intermediary, verifying the identity of your Dynamics 365 on-premises instance and granting it access to Exchange Online based on the permissions you configure in Azure.
In summary, you can confidently proceed with setting up Server-Side Synchronization between your Dynamics 365 9.1 on-premises (claims-based authentication) and Exchange Online without configuring IFD. Follow the steps outlined in the Microsoft documentation for the OAuth 2.0 connection method. Use your internal organization unique name when running the ConfigureCrmServerSideSync.ps1 script. This approach keeps your CRM deployment within your internal network and leverages secure cloud-based authentication for the integration.
