Securely Publishing Dynamics CRM 4.0 by Using IAG SP2

[Cross post with Microsoft Dynamics CRM team blog ]

We are pleased to announce the upcoming availability of Microsoft Intelligent Application Gateway (IAG) Service Pack 2 (SP2), which provides a number of key enhancements, including a new application optimizer for Microsoft Dynamics CRM 4.0. The IAG team has always viewed CRM implementations as an important scenario, and we feel confident that this update will help you protect your CRM deployments.

Most organizations want to make their CRM application available to remote employees and business partners, but the application often also contains extremely sensitive information. These scenarios require special attention to the related security issues, including providing a means of protecting the CRM server and preventing unattended information leakage. IAG SP2 provides built-in support for all of these requirements – specifically adapted for Dynamics CRM 4.0, and with a very quick and easy administrator experience.

Using the new SP2 application optimizer to publish a Dynamics CRM 4.0 deployment automatically:

· Prevents file downloads from unhealthy or unmanaged computers

· Prevents uploads for computers that aren't running an anti-virus program

· Controls who can export CRM data to Excel, and from which devices

· Cleans the user’s cache and temporary files after a session ends (e.g. if your CEO used “export to Excel” from an Internet kiosk…)

· Adds timeout and logoff functionality to reduce the risk of session hijacking

· Provides strong authentication to CRM servers (for example, smartcards and one-time passwords)

· Supports ADFS

· Provides single sign on (SSO) to and from the CRM server to any other application published by IAG

· Forwards only valid HTTP requests to backend servers

Note: Also keep in mind that because the CRM server is separated at the application level from external users, it is already protected from most malicious attacks.

As always, the IAG team performed extensive testing on Dynamics CRM 4.0 behind IAG to ensure that SP2 doesn't break any CRM functionality or harm performance.

Making it easier to provide Internet access to an organization’s CRM application can unlock new and exciting models that leverage the current CRM deployments:

· Allow secured access from unmanaged computers and devices - such as employees’ home computers, Internet kiosks, and mobile devices.

· Provide business partners with access to a subset of CRM functionality to allow them to update their work without employee involvement. IAG SP2 handles the authentication (e.g. using ADFS) and ensures that partners cannot access sensitive data or parts of the system, or perform actions such as exporting data to Excel.

For example if a subcontractor is providing service for all your customers in a specific region you could allow its employees to access contacts and service for their customers but block them from viewing contracts, quotes, marketing or upload files.

For more information, see https://www.microsoft.com/iag. Additional detail will also be provided later this month at the Convergence EMEA conference in Copenhagen.

Jim Toland, MS Dynamics CRM Engineering for Enterprise team

Meir Mendelovich, IAG Product Group