SQL Server 2016 and Dynamics NAV

SQL Server 2016 released in June this year with many new and interesting capabilities. For further information, please take a look at the product information at this location: http://bit.ly/2dQCx4m Over the last few months, the Dynamics NAV team has been testing compatibility with this new version of SQL Server, and we are now proud to…

from Dynamics NAV Team Blog http://bit.ly/2dsA79s

Design Pattern: Security – Masked Text

Aliases: Masking out Context: In the user interface (UI) of a software system, the user enters protected information such as a password, an access key, a credit card number etc. Problem: The entered information is visible during data entry and whenever any user (the one who entered the data, or a foreign user) opens the…

from Dynamics NAV Team Blog http://bit.ly/2dbxXew

Design Pattern: Security – Single Point of Access

Context: Protected data needs to be used. There are many types of entities which might attempt to use the data. Problem: If no standard way of accessing data exists, then each entity might attempt to build its own system for handing the sensitive data. The data access layer might be implemented over and over again…

from Dynamics NAV Team Blog http://bit.ly/2cMZCT7

New Mobile Samples using Web API

I’m pleased to announce we have published two new mobile samples to GitHub.

Both of these samples demonstrate the same ActivityTracker functionality provided by earlier samples. They have been updated to use the Dynamics CRM Web API and they support iOS9 and Android 6 platforms. The iOS application is written using Swift 2, rather than Objective C.

ActivityTracker is a reference scenario for the sample apps. ActivityTracker helps a user quickly search for contacts, access recent contacts and easily report ‘check-in’ activities in CRM. It is designed for sales and customer service professionals to quickly access and update information on the go. With the published source code, the app can be easily modified by developers for your own scenarios and requirements.

For both samples, you will find complete instructions about how to build the sample applications. Find them here:

Learn more at http://bit.ly/2dal0Cv.

Jim Daly

from Microsoft Dynamics CRM Team Blog http://bit.ly/2dalybt

Design Pattern: Security – Data Encryption

Context: After applying Sensitive Data Encapsulation, all sensitive data is gathered in a known place in the database. This makes it possible to apply further protection best practices. Problem: If any non-authorized actor manages to get access to a copy of the database, the sensitive data is immediately available in clear-text. Forces: Accessibility: anyone who…

from Dynamics NAV Team Blog http://bit.ly/2d5lLeV

Sending encrypted workflow notification emails

Does business require to send encrypted workflow notification emails in synch with your company’s security requirements? The following steps describe how to do it using CRM Online and Office 365.

Office 365 Message Encryption requires the Azure Rights Management service. Once you have a subscription to this service, you can activate it as described in the following procedure. For more information about this requirement, see Prerequisites for using Office 365 Message Encryption.

Necessary steps:

  1. Server side synchronization configuration for your CRM Online instance
  2. Activate Azure Rights Management
  3. Set up Azure Rights Management for Office 365 Message Encryption
  4. Define rules to encrypt email messages
  5. Create a test CRM workflow and test it

1. Server side synchronization configuration for your CRM Online instance

It is assumed that server side synchronization is set up properly for your CRM Online instance using Exchange Online for outgoing emails. More information: Set up server-side synchronization of email, appointments, contacts, and tasks

2. Activate Azure Rights Management

Check whether you have an Azure Right Management subscription.:

Go to http://bit.ly/2dep3ev within Office 365. You should see Azure Rights Management Premium among your subscriptions.

Activate Azure Rights Management subscription


If your subscription does not include it, press the +Add Subscription button and select Azure Rights Management Premium (you can buy it or start a 30-day trial):

Add Azure Rights Management Premium subscription


After a few minutes you should see this under Subscriptions in the Office 365 Admin Center:

Activate Azure Rights Management subscription


More information: how to activate Azure Rights Management (http://bit.ly/2cQzdXj)

3. Set up Azure Rights Management for Office 365 Message Encryption

Once you have Azure Rights Management, the next step is to set up Azure Rights Management for Office 365 (Exchange Online) message encryption. We will use Windows Power Shell to connect to Exchange Online and accomplish this step. (More information how to Connect to Exchange Online using PowerShell)

Open a PowerShell windows as Administrator and execute the following PowerShell commands:

Set-ExecutionPolicy RemoteSigned

$UserCredential = Get-Credential

Enter your Office 365 Global Administrator user credentials.

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://bit.ly/2cQzl9i -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session


Configure the Rights Management Services (RMS) online key-sharing location in Exchange Online. Use the RMS key sharing URL corresponding to your location, as shown in this table:

Location RMS key sharing location
European Union http://bit.ly/2deor8S
North America http://bit.ly/2cQzuJT
South America http://bit.ly/2deorpo
Asia http://bit.ly/2cQyKEC


Since my tenant is located in the European Union, I use the following PowerShell command:

Set-IRMConfiguration -RMSOnlineKeySharingLocation “http://bit.ly/2deor8S

Run the following command to import the Trusted Publishing Domain (TPD) from RMS Online:

Import-RMSTrustedPublishingDomain -RMSOnline -name “RMS Online”

To verify that you successfully configured IRM in Exchange Online to use the Azure Rights Management service, run the following command:

Test-IRMConfiguration -RMSOnline

Among other things, the command checks connectivity with the RMS Online service, downloads the TPD, and checks its validity. If everything is OK, you should see as result of the test: ‘Overall result: pass’.

Run the following commands to disable IRM templates from being available in OWA and Outlook and then enable IRM for your cloud-based email organization to use IRM for Office 365 Message Encryption.

To disable IRM templates in OWA and Outlook:

Set-IRMConfiguration -ClientAccessServerEnabled $false

To enable IRM for Office 365 Message Encryption:

Set-IRMConfiguration -InternalLicensingEnabled $true

To test the IRM functionality, run the following command, where you use your username instead of administrator@encryptedwfmail.onmicrosoft.com:

Test-IRMConfiguration -Sender administrator@encryptedwfmail.onmicrosoft.com

If everything is OK, you should see as result of the test: ‘Overall result: pass’.

More information how to Set up Microsoft Azure Rights Management for Office 365 Message Encryption.

4. Define rules to encrypt email messages

The next step is to define the conditions when we want to encrypt an email. In our case, email encryption is only needed when the body of the email contains the following phrase: ‘(This email was encrypted using Microsoft Office 365)’

It can be defined in the Exchange Admin Center (EAC), which can be accessed within Office 365 via Admin > Exchange:

From the EAC, go to mail flow > rules:

Select + > Create a new rule…

Create a new rule to encrypt email messages


Enter the Name (for example ‘Encrypted CRMONL workflow email’) and click on the More options… button in the opening pop-up window as shown below:

 Specify rule details


Then specify when the rule should be applied. So select The subject or body > subject or body matches these text patterns:

Select when the rule should apply


Enter the phrase (for example: ‘(This email was encrypted using Microsoft Office 365)), press the + sign and finally press Ok as shown below:

Specify words or phrases


The last step to set Office 365 Message Encryption by selecting Modify the message security… > Apply Office 365 Message Encryption as shown below and then press Save:

Set Office 365 Message Encryption 


More information how to Define rules to encrypt or decrypt email messages.

5. Create a test CRM workflow and test it

The final step is to create a workflow where we want to use the email encryption and test it in practice.

We are creating a simple workflow which is fired when an account is created and sends an encrypted notification email. Assuming that the reader is familiar with the Dynamics CRM workflow basic, the relevant parts are highlighted here.

When you define the workflow, specify the

  • Process Name: Account create – encrypted mail
  • Entity: Account
  • Category: Workflow
  • Start condition: Record is created
  • Step: Send email: Create new message

as shown below:

Define a workflow


And add the email properties as the following:

Specify email properties


The key elements of the workflow notification email is the last sentence in the message body – (This email was encrypted using Microsoft Office 365) – which should be the same string as we defined the message encryption rule.

Let’s Save and Activate the workflow, before we can test our work.

Finally, to test our work, first let’s create a new account in CRM:

Create a new account record.


Then we receive the encrypted account creation notification email, which is actually an html email attachment:

Encrypted account creation notification email


When we try to open the html file in a browser, we have two options:

  • Sign in with our Office 365 credentials or
  • Use a one-time passcode

Message when opening the encrypted message in a browser


Now, using the one-time passcode option, we will get another email including the one-time passcode:

Use the one-time passcode option


After specifying the passcode, we can read the workflow notification email:

Read workflow notification email



– Miklos Hoffmann



from Microsoft Dynamics CRM Team Blog http://bit.ly/2depGVn

%d bloggers like this: