Announcements
No record found.
I've been trying to setup CRM Outlook plugin work MFA and I keep getting MSIS7068: Access denied.
It works with ADFS but once multifactor is required it stops working.
*This post is locked for comments
I have same Problem with multifactor ADFS 4 (Certificate+ Cred). I have not even a chance for request for 2 factor on another address certauth.logon.com/.../certificatemixed
First Factor
string adfsAdr =+@"logon.com/adfs/services/trust/13/usernamemixed";
string webPage = realm;
var binding = new UserNameWSTrustBinding();
binding.SecurityMode = SecurityMode.TransportWithMessageCredential;
var factory = new Microsoft.IdentityModel.Protocols.WSTrust.WSTrustChannelFactory(
binding,
new EndpointAddress(adfsAdr));
factory.TrustVersion = TrustVersion.WSTrust13;
factory.Credentials.UserName.UserName = username;
factory.Credentials.UserName.Password = pass;
var rst = new Microsoft.IdentityModel.Protocols.WSTrust.RequestSecurityToken
{
RequestType = WSTrust13Constants.RequestTypes.Issue,
AppliesTo = new EndpointAddress(webPage),
KeyType = WSTrust13Constants.KeyTypes.Bearer
};
factory.ConfigureChannelFactory();
var channel = factory.CreateChannel();
channel.Issue(rst) //Error MSIS7068: Access denied
https://technet.microsoft.com/en-us/library/hh699726.aspx
.
Bookmark this. I had to redo OAuth because Dynamics lost it's claims based Authentication again.
You need to turn on OAuth for Dynamics using powershell.
On Dynamics
Add-PSSnapin Microsoft.Crm.PowerShell
$ClaimsSettings = Get-CrmSetting -SettingType OAuthClaimsSettings$ClaimsSettings.Enabled = $trueSet-CrmSetting -Setting $ClaimsSettings
reboot IIS
Log into ADFS
Add-AdfsClient -ClientId 2f29638c-34d4-4cf2-a16a-7caf612cee15 -Name "Dynamics CRM Outlook Client" -RedirectUri app://6BC88131-F2F5-4C86-90E1-3B710C5E308C/
restart ADFS
If everything works then your clients need to be updated
https://docs.microsoft.com/en-us/dynamics365/customer-engagement/outlook-addin/admin-guide/install
Use Group Policy to update the following registration key:
HKEY_CURRENT_USER\Software\Microsoft\MSCRMClient\{orgid}.
Set AuthenticationProvider to 0
AuthenticationProvider
After the registry change, Dynamics Dynamics 365 for Outlook will automatically check for and use OAuth for MFA.
In addition
You might need to enable the following AD FS endpoint: /adfs/service/trust/13/windowstransport
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Congratulations to our 2026 Super Stars!
We are thrilled to have these Champions in our Community!
These are the community rock stars!
Stay up to date on forum activity by subscribing.
