Microsoft Dynamics CRM 2011 – Keep user credentials secure (Microsoft Dynamics CRM E-mail Router)


If your organization uses the E-mail Router to send and receive messages on behalf of users or queues, you should increase security. You can do this either by using the HTTPS protocol or by enabling IPSec.

Note:
This issue applies only to users of Microsoft Dynamics CRM (On-Premises Edition).

HTTPS option

In processing e-mail for a user or queue, the E-mail Router requires credentials for the user or queue. Those credentials can be entered in the Microsoft Dynamics CRM Web application in the Set Personal Options dialog box (for users) and in the Queues form (for queues). Alternatively, you can store the credentials in the E-mail Router itself by creating separate profiles for each user or queue. (Storing credentials in the E-mail Router is the only option for Microsoft Dynamics CRM Online.)

Microsoft Dynamics CRM stores these credentials in encrypted form in the database. The E-mail Router uses a key stored in the database to decrypt these credentials. The call that the E-mail Router makes to obtain this key enforces HTTPS. In Microsoft Dynamics CRM 2011, the E-mail Router functions this way by default, which means that you need not take any action to retain this behavior. However, if you do not want to use HTTPS, you must set a particular Windows registry key, as described in the following section.

HTTP option

If you do not want to use HTTPS, you must set a Windows registry key, as follows:

1.    On the Microsoft Dynamics CRM Server, check the value of the registry key DWORD DisableSecureDecryptionKey at the path HKLM\Software\Microsoft\MSCRM. If this registry key is present, set its value to 1. (If the key is not present or set to 0, calls from the E-mail Router to the Microsoft Dynamics CRM Server are made using HTTPS.) Setting the value of this key to 1 (after, if necessary, creating the key as a DWORD) allows the E-mail Router to obtain information from the CRM database over the HTTP protocol.

2.    If you changed the value of DisableSecureDecryptionKey, do the following on the Microsoft Dynamics CRM Server: Restart Internet Information Services (IIS). To do this, click Start, click Run, type IISRESET, and then click OK.

3.    (Recommended) Enable IPSec for all communications between the Microsoft Dynamics CRM Server and the E-mail Router computer. For more information about enabling IPSec, see IPSec (http://go.microsoft.com/fwlink/?linkid=202487).

My above blog is based on Microsoft’s Official information.

I hope this blog about ‘Microsoft Dynamics CRM 2011 – Keep user credentials secure (Microsoft Dynamics CRM E-mail Router)’ was informative. Please feel free to leave your comments.

Advertisements
Post a comment or leave a trackback: Trackback URL.

Trackbacks

  • By Router Security on June 12, 2012 at 6:40 AM

    […] connections to the Internet? If it's a wireless model, does it provide enough range to cover . Microsoft Dynamics CRM 2011 – Keep user credentials secure … If your organization uses the E-mail Router to send and receive messages on behalf of users or […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: