This topic provides instructions on how to publish Microsoft Dynamics CRM 4.0 via Forefront Unified Access Gateway (UAG), and how to manage user operations from non-compliant endpoints, as follows:

Publishing Dynamics CRM 4.0 via Forefront UAG

To publish Dynamics CRM 4.0

  1. In the Forefront UAG Management console, select the portal in which you want to publish Dynamics.

  2. In the main portal properties page, in Applications, click Add.

    1. On the Select Application page of the Add Application Wizard, select Web, and then select Microsoft Dynamics CRM 4.0. Then click Next.

    2. On the Application Settings page, specify a name for the application. This name will appear in the portal. Then click Next.

    3. On the Endpoint Security page, select an access policy for accessing the CRM application, download and upload policies, and a policy for accessing the restricted zones of an application if relevant. For more information about editing endpoint policies, see Implementing access policies for endpoint health validation.

    4. On the Application Deployment page, select Publish a Web site. If you want to publish a farm of Dynamics CRM servers that all share the same configuration, select Publish a farm of load-balanced Web servers. Then click Next.

    5. On the Web Servers page, in the Addresses box, enter the address of the server, and then, in the Addresses box below, type the organization name. Then click Next.

      The organization name is a logical name representing the organization. It is defined in the CRM Deployment Manager, under the Organizations folder. An application server might have more than one organization name defined for it when several organizations share the same server. In such cases, type the organization names as a list below the address of the server.

    6. On the Authentication page, select Use single sign-on to send credentials to published applications if users are required to authenticate to the backend Dynamics CRM application. Select 401 request, or HTML form, or Both. Then click Next. After completing the wizard, you can also configure the application to use Kerberos or ADFS. For more information, see Implementing backend authentication mechanisms.

    7. On the Portal Link page, click Add a portal and toolbar link to allow users to access the application from the portal toolbar. Then specify the link settings, and click Next.

    8. On the Authorization page, leave the default setting to allow all portal users to access the application. To allow access to the Dynamics CRM server for specified users and groups only, clear Authorize all users. Then click Add to add users and groups, and click Next. For more information about setting up portal application authorization, see Implementing users and groups for application authorization.

    9. On the completion page of the wizard, click Finish.

Managing user operations from non-compliant endpoints

After you finish adding the application to the trunk, you may need to modify the dedicated Microsoft Dynamics CRM 4.0 policies, to comply with the security policy requirements of your organization.

The following table lists the operations that can be controlled using endpoint policies. By default, the value of these policies is True, and they do not prevent users from performing these operations.

Operation Policy

Prevent end users from exporting to Microsoft Office Excel® and printing.

Microsoft CRM 4 Enhanced Security

Preventing end users from uploading, checking in files, and saving files from Microsoft Office applications to the CRM server.

Microsoft CRM 4 Upload

Preventing end users from downloading files, exporting to a spreadsheet, or editing datasheets.

Microsoft CRM 4 Download

The following procedure describes how you can prevent users from performing the operations described in the table above, unless their computer meets the defined security policy requirements. Users that are blocked are notified accordingly.

To manage user operations on Microsoft Dynamics CRM 4.0 from non-compliant endpoints

  1. In an area where you assign policies, click Edit Endpoint Policies.

  2. On the Manage Policies and Expressions dialog box, select the application-specific policy (from the policies described in the table above), and then click Edit Policies.

  3. Use the Policy Editor to edit the policy according to your requirements.

    Users accessing the Microsoft Dynamics CRM 4.0 application from a non-compliant endpoint computer will not be able to perform the described operations.