This topic provides instructions on how to publish Microsoft Dynamics CRM 4.0 via Forefront Unified Access Gateway (UAG), and how to manage user operations from non-compliant endpoints, as follows:
Publishing Dynamics CRM 4.0 via Forefront UAG
To publish Dynamics CRM 4.0
-
In the Forefront UAG Management console, select the portal in which you want to publish Dynamics.
-
In the main portal properties page, in Applications, click Add.
- On the Select Application page of the Add Application
Wizard, select Web, and then select Microsoft Dynamics
CRM 4.0. Then click Next.
- On the Application Settings page, specify a name for the
application. This name will appear in the portal. Then click
Next.
- On the Endpoint Security page, select an access policy
for accessing the CRM application, download and upload policies,
and a policy for accessing the restricted zones of an application
if relevant. For more information about editing endpoint policies,
see Implementing
access policies for endpoint health validation.
- On the Application Deployment page, select Publish a
Web site. If you want to publish a farm of Dynamics CRM servers
that all share the same configuration, select Publish a farm of
load-balanced Web servers. Then click Next.
- On the Web Servers page, in the Addresses box,
enter the address of the server, and then, in the Addresses
box below, type the organization name. Then click Next.
The organization name is a logical name representing the organization. It is defined in the CRM Deployment Manager, under the Organizations folder. An application server might have more than one organization name defined for it when several organizations share the same server. In such cases, type the organization names as a list below the address of the server.
- On the Authentication page, select Use single
sign-on to send credentials to published applications if users
are required to authenticate to the backend Dynamics CRM
application. Select 401 request, or HTML form, or
Both. Then click Next. After completing the wizard,
you can also configure the application to use Kerberos or ADFS. For
more information, see Implementing backend
authentication mechanisms.
- On the Portal Link page, click Add a portal and
toolbar link to allow users to access the application from the
portal toolbar. Then specify the link settings, and click
Next.
- On the Authorization page, leave the default setting to
allow all portal users to access the application. To allow access
to the Dynamics CRM server for specified users and groups only,
clear Authorize all users. Then click Add to add
users and groups, and click Next. For more information about
setting up portal application authorization, see Implementing users and
groups for application authorization.
- On the completion page of the wizard, click Finish.
- On the Select Application page of the Add Application
Wizard, select Web, and then select Microsoft Dynamics
CRM 4.0. Then click Next.
Managing user operations from non-compliant endpoints
After you finish adding the application to the trunk, you may need to modify the dedicated Microsoft Dynamics CRM 4.0 policies, to comply with the security policy requirements of your organization.
The following table lists the operations that can be controlled using endpoint policies. By default, the value of these policies is True, and they do not prevent users from performing these operations.
Operation | Policy |
---|---|
Prevent end users from exporting to Microsoft Office Excel® and printing. |
Microsoft CRM 4 Enhanced Security |
Preventing end users from uploading, checking in files, and saving files from Microsoft Office applications to the CRM server. |
Microsoft CRM 4 Upload |
Preventing end users from downloading files, exporting to a spreadsheet, or editing datasheets. |
Microsoft CRM 4 Download |
The following procedure describes how you can prevent users from performing the operations described in the table above, unless their computer meets the defined security policy requirements. Users that are blocked are notified accordingly.
To manage user operations on Microsoft Dynamics CRM 4.0 from non-compliant endpoints
-
In an area where you assign policies, click Edit Endpoint Policies.
-
On the Manage Policies and Expressions dialog box, select the application-specific policy (from the policies described in the table above), and then click Edit Policies.
-
Use the Policy Editor to edit the policy according to your requirements.
Users accessing the Microsoft Dynamics CRM 4.0 application from a non-compliant endpoint computer will not be able to perform the described operations.