Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
[This article is pre-release documentation and is subject to change.]
With version 9.0, you can connect your customer engagement apps (such as Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Marketing, Dynamics 365 Field Service, and Dynamics 365 Project Service Automation) with Microsoft Exchange Server (on-premises). More information: Setup Guide: Server-side synchronization for CRM Online and Exchange Server (white paper)
Prerequisites
- Exchange Server. The following versions are supported: Exchange Server 2013 SP1, Exchange Server 2016, and Exchange Server 2019. 
- Authentication. During installation, Exchange configures Internet Information Services (IIS). To connect customer engagement apps with Exchange Server, you must enable Windows NT LAN Manager (NTLM) or Basic authentication in Exchange Server. If you configure NTLM authentication, make sure Basic authentication is disabled on Exchange Server. 
For more information about authentication, go to:
- Exchange Server 2013: Authentication and Exchange Web Services (EWS) in Exchange
- Exchange Server 2013: Default settings for Exchange virtual directories
- Exchange Server 2016: Default settings for Exchange virtual directories
- Exchange Server 2019: Default settings for Exchange virtual directories
- ApplicationImpersonation role. You need to create and configure a service account with the ApplicationImpersonation role in Exchange. More information: Impersonation and EWS in Exchange 
- Secured connection. The connection between customer engagement apps and Exchange must be encrypted via TLS/SSL and current cipher suites. 
- Exchange Web Services (EWS). Connections to EWS must be allowed through the firewall. Often a reverse proxy is used for the exterior-facing connection. If your EWS endpoint is not exterior-facing, review IP addresses required. Be sure to add IP addresses to the allow list on your on-premises firewall, based on your Dynamics 365 online environment region to allow connections to your Exchange server that is on-premises. 
Tip
To make sure you've got a good connection to Exchange (on-premises), run the Microsoft Remote Connectivity Analyzer. For information about which tests to run, see Test mail flow with the Remote Connectivity Analyzer.
For ports required, see Network ports for clients and mail flow in Exchange.
To learn more about the protocols and ciphers used to secure the connection between Dynamics 365 and external email services, see Server cipher suites and TLS requirements.
Create an email server profile
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, select Settings.
- Expand Email, then select Server profiles.
- In the command bar, select New server profile.
In the Set up server profile panel:
- For Email Server Type, select Exchange Server (on premises), then enter a meaningful Name for the profile. 
- To set this server profile as the default for new mailboxes, enable Set as default profile for new mailboxes. 
- For Authentication Type, choose one of the following: - Authenticate using Impersonation (Basic Authentication): Enter the impersonation account User name and Password. The credentials specified in the email server profile are used for sending or receiving email for the mailboxes of all users and queues associated with this profile. The credentials must have impersonation or delegation permissions on the mailboxes associated with the profile. This option requires some configuration on the email server, for example configuring impersonation rights on Exchange for the mailboxes associated with the profile.
 - Note - To ensure the credentials are secured, SQL encryption is used to encrypt the credentials stored in the email server profile. - Hybrid Modern Authentication (OAuth): To get the information for this option, follow the steps in Hybrid Modern Authentication (HMA) for Exchange on-premises.
 
- Expand Locations and ports, then follow these steps: - If Authentication Type is set to Authenticate using Impersonation (Basic Authentication), select whether Autodiscover server location is Active or Inactive. 
 If you choose Inactive, enter the incoming and outgoing email server information. Enter the ports for the email server to use for accessing incoming and outgoing email. Select the protocol that will be used for authentication for incoming and outgoing email.
- If Authentication Type is set to Hybrid Modern Authentication (OAuth), enter the location and port for the email server. 
 
- Expand the Advanced section and use the tooltips to configure email processing options. 
- When finished, click Save to apply the changes. 
Configure default email processing and synchronization
Set server-side synchronization to be the default configuration method.
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, click Settings.
- Expand Email, then select Email settings.
On the Email settings page, set up the Synchronization methods as follows:
- Configure the following processing and synchronization options: - Server Profile: Select the profile created in the preceding section. 
- Incoming Email: Choose Server-Side Synchronization or Email Router. 
- Outgoing Email: Choose Server-Side Synchronization or Email Router. 
- Appointments, Contacts, and Tasks: Choose Server-Side Synchronization or Email Router. - If Email processing for unapproved user and queues remains at its default setting (enabled), you'll need to approve emails and queues for user mailboxes as directed in Approve email later in this topic. 
 
- Click Save to apply the changes. 
Configure mailboxes
To set mailboxes to use the default profile, you must first set the server profile and the delivery method for email, appointments, contacts, and tasks.
In addition to administrator permissions, you must have Read and Write privileges on the Mailbox table to set the delivery method for the mailbox.
Choose one of the following methods: set mailboxes to the default profile, or edit mailboxes to set profile and delivery methods.
To set mailboxes to the default profile
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, click Settings.
- Expand Email, then select Mailboxes.
- In the grid view selector, select to Active Mailboxes.
- Select all the mailboxes to associate with the server profile you created.
- In the command bar, click Apply Default Email Settings, verify the settings, then click OK.
By default, the mailbox configuration is tested, and the mailboxes are enabled upon selecting OK.
To edit mailboxes to set the profile and delivery methods
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose the environment you want to modify.
- In the command bar, click Settings.
- Expand Email, then select Mailboxes.
- In the grid view selector, choose Active Mailboxes.
- Select the mailboxes you want to configure, then click Edit in the command bar.
On the Mailbox page, go to the General tab and set up Synchronization methods as follows:
- Config the following processing and synchronization options:
- Server Profile: Select the server profile created earlier.
- Incoming and Outgoing Email: Choose Server-Side Synchronization or Email Router.
- Appointments, Contacts, and Tasks: Set to Server-Side Synchronization.
- Click Save to apply the changes.
Approve email
You need to approve each user mailbox or queue before that mailbox can process email.
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, click Settings.
- Expand Email, then select Mailboxes.
- In the grid view selector, choose Active Mailboxes.
- Select the mailboxes you want to approve, then click Approve Email in the command bar.
- Click OK to apply the changes.
Test the configuration of mailboxes
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, select Settings.
- Expand Email, then select Mailboxes.
- In the grid view selector, choose Active Mailboxes.
- Select the mailboxes you want to test, then select Test & Enable Mailboxes in the command bar.
This tests the incoming and outgoing email configuration of the selected mailboxes and enables them for email processing. If an error occurs in a mailbox, an alert is shown on the Alerts wall of the mailbox and the profile owner. Depending on the nature of the error, customer engagement apps try to process the email again after some time or disable the mailbox for email processing.
The result of the email configuration test is displayed in the Incoming Email Status, Outgoing Email Status, and Appointments, Contacts, and Tasks Status fields of a mailbox record. An alert is also generated when the configuration is successfully completed for a mailbox. This alert is shown to the mailbox owner.
Test email configuration for all mailboxes associated with an email server profile
- Sign in to the Power Platform admin center.
- In the navigation pane, select Manage.
- In the Manage pane, select Environments.
- On the Environments page, choose an environment.
- In the command bar, select Settings.
- Expand Email, then select Server profiles.
- Select the profile you created, then select Test & Enable Mailboxes in the command bar.
When you test the email configuration, an asynchronous job runs in the background. It might take a few minutes for the test to be completed. Customer engagement apps test the email configuration of all the mailboxes associated with the server profile. For the mailboxes configured with server-side synchronization for synchronizing appointments, tasks, and contacts, it also checks to make sure they're configured properly.
Tip
If you're unable to synchronize contacts, appointments, and tasks for a mailbox, you might want to select the Sync items with Exchange from this org only, even if Exchange was set to sync with a different org checkbox. You can learn more about this tip by reading, When would I want to use this check box?.
See also
Troubleshooting and monitoring server-side synchronization
Test mail flow with the Remote Connectivity Analyzer
Server-side synchronization
Autodiscover service
Managing the Autodiscover Service