web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / Dynamics CRM on-premis...
Microsoft Dynamics CRM (Archived)

Dynamics CRM on-premise - use Azure Active Directory instead of Azure VM with AD and ADSF

(0) ShareShare
ReportReport
Posted on by Community Member

Hi everyone,

we have Dynamics CRM on-premise with IFD. Our AD server is deployed on separate Azure VM. 
We would like to migrate our AD to Azure Active Directory(AAD) and remove our VM with AD server.

I have found the workaround to set up CRM with AAD
teameasi.com/.../dynamics-crm-using-azure-active-direction-instead-of-adfs
but  I haven't found any official prove from MS that this configuration is supported.

Does Dynamics CRM support AAD? 
Is it possible to do a migration without CRM downtime?

Thank you.

With best regards,
Alexey

*This post is locked for comments

I have the same question (0)
  • Community Member Profile Picture
    Community Member on at

    I'm trying to find information on the same.  I found that page as well, but it references the Classic Azure Portal and I'm having a hard time translating it into the new portal. maybe it's because I don't have Azure AD premium.

  • Suggested answer
    Michel van den Brink Profile Picture
    Michel van den Brink 4,697 on at

    Hello Alexey,

    Yes, you can run Dynamics CRM on-premise with Azure AD.

     

    It's quite a hassle though and there's a small catch, you need an on-premise AD server as well, combined with ADFS (AD Federation Service) and syncing between your Azure AD and on-premise AD.

    Your on-premise Dynamics CRM instance will look to the on-premise AD server and not really know about Azure AD at all.

     

    Setting up an on-prem CRM with ADFS:

    www.interactivewebs.com/.../how-to-set-up-microsoft-crm-2016-ifd-on-windows-2012-r2-server

    Setting up AD Connect (sync) between Azure AD and on-premise AD:

    docs.microsoft.com/.../active-directory-aadconnect

  • Community Member Profile Picture
    Community Member on at

    That’s how we’re set up now and what I’m familiar with. One of our clients wanted to prevent having ADFS installed, and somehow leverage Azure AD directly as the Security Token Service for authenticating users to CRM.  Now that some steps in the article referenced in the original post are deprecated, it seems this setup is not possible. (I’m not surprised since MSFT provides CRM online for organizations that don’t want to maintain infrastructure).

  • Michel van den Brink Profile Picture
    Michel van den Brink 4,697 on at

    Without ADFS I'm afraid it's going to be rather difficult.

    For all our on-premise clients we work with AFDS, I can't say I have a good feeling about consuming the Azure AD STS directly.

  • Community Member Profile Picture
    Community Member on at

    Agreed. This was an idea the client came up with in an effort to reduce servers. We’re not behind it, just tryin to gather info and official documentation :-)

  • Suggested answer
    Jan Hajek Profile Picture
    Jan Hajek 50 on at

    Hi, I would like to point you to an article I wrote - https://blog.thenetw.org/2018/04/03/using-azure-active-directory-for-sso-with-dynamics-365-on-premise/ - about the current options of connecting Dynamics 365 instance directly to Azure AD. Next week, there will be another article more focused on ADFS and using Azure AD as a Claims Provider Trust. Hope it helps.

  • Arpita Saini Profile Picture
    Arpita Saini on at

    Try reading below...I haven't gone through it entirely to confirm it is supported or unsupported but nice article with great info :-

    https://blog.thenetw.org/2018/04/03/using-azure-active-directory-for-sso-with-dynamics-365-on-premise/

  • Pinesh Profile Picture
    Pinesh 20 on at

    https://blog.thenetw.org/2018/04/03/using-azure-active-directory-for-sso-with-dynamics-365-on-premise/

    Anyone had a success using above article to configure CRM 2016 IFD using Azure AD?

  • Suggested answer
    Hüseyin Sahin Profile Picture
    Hüseyin Sahin on at

    The approach explained in the Blog Article is unsupported. If Azure AD federation or Azure AD is supported the software requirements documentation will be updated: https://docs.microsoft.com/en-us/dynamics365/customerengagement/on-premises/overview

    It also requires direct database updates in the MSCRM_CONFIG database which is unsupported to mention one point. The Browser based login will work but SDK and other parts of CRM will fail. 

    As already greatly mentioned before, CRM On Premise - ADFS - Azure AD is the way to go. 

    From another perspective you can use Azure Proxy to publish the CRM URLs via Azure to the outside world to add an additional security layer in-front of the ADFS. 

    ADFS enabled is the current supported status only for now.

    This may change in the future so fingers crossed :) 

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans