Microsoft Dynamics 365 (on premises) and Google Chrome 80 SameSite=Lax

To prevent malicious cookie tracking, Google Chrome 80 (scheduled to release on February 4, 2020) made a change in how cookies are handled in its browser. This change is expected to impact many applications including Microsoft Dynamics 365.

Applies to:   Microsoft Dynamics 365 Customer Engagement (on-premises), Microsoft Dynamics CRM 2016, Microsoft Dynamics CRM 2015, Microsoft Dynamics CRM 2013
Original KB number:   4539338

Microsoft Dynamics 365 application impact

If you have done customization and added an embedded iFrame in your application, the authentication for the embedded iFrame will fail. This is because the Google Chrome 80 change sets the default browser setting SameSite=Lax. This setting prevents the embedded iFrame to share the Microsoft Dynamics 365 cookie from the main browser.

Error messages, exceptions, and failures

Your session will show a connection error.


Screenshot of the connection error example.

More information

For recommendations, see Effect on customer websites and Microsoft services and products in Chrome version 80 or later.

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.