Connect to Exchange Online

Article
08/31/2022
11 minutes to read

With both Microsoft Exchange Online and customer engagement apps (such as Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Marketing, Dynamics 365 Field Service, and Dynamics 365 Project Service Automation) hosted as online services, connecting the two is a simpler, more straightforward configuration.

Important

This feature requires that you have an Microsoft 365 subscription or a subscription to an online service such as SharePoint Online or Exchange Online. For more information, see What is Microsoft 365 and how does it relate to Dynamics 365 (online)?

Get Exchange ready

To use Exchange Online with customer engagement apps, you must have an Exchange Online subscription that either comes as part of a Microsoft 365 subscription or can be subscribed to separately. For information about Exchange Online, go to:

Tip

To make sure you've got a good connection to Exchange Online, run the Microsoft Remote Connectivity Analyzer. For information about which tests to run, see Test mail flow with the Remote Connectivity Analyzer.

For ports required, see Network ports for clients and mail flow in Exchange.

Create an email server profile for Exchange Online

In the Power Platform admin center, select an environment.
On the command bar, select Settings > Email > Server profiles.
On the command bar, select New server profile.
For Email Server Type, select Exchange Online, and then enter a meaningful Name for the profile.
If you want to use this server profile as the default profile for new mailboxes, turn on Set as default profile for new mailboxes.
For Authentication Type, choose one of the following:
- S2S auth (Same Tenant): Use this option when Exchange resides in the same tenant as Dynamics 365. More information: Build web applications using server-to-server (S2S) authentication
- Oauth (Cross Tenant): Use this option when Exchange resides in a different tenant than Dynamics 365. To get the information for this option, follow the steps in Exchange Online cross-tenant authentication. Note that the Locations and ports fields are automatically populated.
Expand the Advanced section, and then use the tooltips to choose your email processing options.
When you're done, select Save.

Verify that you have the profile Microsoft Exchange Online

If you have an Exchange Online subscription in the same tenant as your subscription, customer engagement apps create a default profile named Microsoft Exchange Online for the email connection. To verify that you have this profile, do the following:

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Server profiles.
Select Active Email Server Profiles, and verify that the Microsoft Exchange Online profile is in the list. If the Microsoft Exchange Online profile is missing, verify that you have an Exchange Online subscription and that it exists in the same tenant as your subscription.
If there are multiple profiles, select the Microsoft Exchange Online profile and set it as default.

Configure default email processing and synchronization

Set server-side synchronization to be the default configuration method for newly created users.

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Email settings.
Set the processing and synchronization columns as follows:
- Server Profile: Microsoft Exchange Online
- Incoming Email: Server-Side Synchronization or Email Router
- Outgoing Email: Server-Side Synchronization or Email Router
- Appointments, Contacts, and Tasks: Server-Side Synchronization
Select Save.

All new users will have these settings applied to their mailbox.

Configure mailboxes

New users will have their mailboxes configured automatically with the settings you made in the prior section. For existing users who were added before you made these above settings, you must set the server profile and the delivery method for email, appointments, contacts, and tasks.

In addition to administrator permissions, you must have Read and Write privileges on the Mailbox table to set the delivery method for the mailbox.

Choose one of the following methods: set mailboxes to the default profile, or edit mailboxes to set profile and delivery methods.

To set mailboxes to the default profile

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Mailboxes.
Select Active Mailboxes.
Select all the mailboxes that you want to associate with the Microsoft Exchange Online profile, select Apply Default Email Settings, verify the settings, and then select OK.

By default, the mailbox configuration will be tested and the mailboxes enabled when you select OK.

To edit mailboxes to set the profile and delivery methods

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Mailboxes.
Select Active Mailboxes.
Select the mailboxes that you want to configure, and then select Edit.
In the Change Multiple Records form, under Synchronization Method, set Server Profile to Microsoft Exchange Online.
Set Incoming and Outgoing Email to Server-Side Synchronization or Email Router.
Set Appointments, Contacts, and Tasks to Server-Side Synchronization.
Select Change.

Approve email

To approve emails for customer engagement apps, a user requires:

The Approve Email Addresses for Users or Queues privilege.
The permissions as described in the Permissions model table later in this topic.

Approve your own user mailbox

A Dynamics 365 user can approve their own user mailbox if all of these conditions are met:

Their UPN matches the email address on the mailbox.
The user has Approve Email Addresses for Users or Queues privilege.
The mailbox is not a queue mailbox.

Require admin approval?

Decide which approach you want your organization to follow for mailbox approval.

Flowchart for deciding on your mailbox approval approach.

Note

We're planning to revise the mailbox approval process with scenarios that don't require global admin approval. We'll update this documentation when that becomes available.

Permissions model

The following table describes the permissions required to approve emails.

Terminology

Yes: Can approve email
No: Can't approve email
n/a: Not applicable

Note

This permissions model is being gradually rolled out and will be available as soon as it's deployed to your region. Check the version number provided in the following table for when the change will be provided.

Security roles / Applications in use		Both roles required: Global admin and System admin	Both roles required: Exchange admin and System admin	System admin	Service admin	Exchange admin	Global admin
Customer engagement apps	Exchange Online	Yes¹	Yes¹	No	No	No	No
Customer engagement apps	Exchange (on-premises)	Yes²	Yes²	No²	No	n/a	n/a
Customer Engagement (on-premises)	Exchange Online	n/a	n/a	Yes³	n/a	n/a	n/a
Customer Engagement (on-premises)	Exchange (on-premises)	n/a	n/a	Yes³	n/a	n/a	n/a

¹ We're updating for customer engagement apps and Exchange Online, for version 9.1.0.5805 or later.
² We'll be updating for customer engagement apps and Exchange (on-premises). Check back for version information.
³ We recommend that you include your Exchange admin in the custom business processes your organization follows for this configuration.

To determine your version, sign in, and in the upper-right corner of the screen, select Settings > About.

Require and configure mailbox approval

Follow these steps to approve email addresses for users and queues. By default, admins as described in the preceding permissions model table are required to approve emails.

Add the Approve Email Addresses for Users or Queues privilege

To approve emails, a Dynamics 365 user requires the Approve Email Addresses for Users or Queues privilege. A system admin can assign the Approve Email Addresses for Users or Queues privilege to any security role and assign the security role to any user.

To manually assign the Approve Email Addresses for Users or Queues privilege to a security role

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Users + permissions > Security roles.
Select a security role, and then select the Business Management tab.
Under Miscellaneous Privileges, set the privilege level for Approve Email Addresses for Users or Queues.

Screenshot showing the Approve Email Address for User or Queues privilege.

Approve mailboxes

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Mailboxes.
Select Active Mailboxes.
Select the mailboxes that you want to approve, and then select More Commands (…) > Approve Email.
Select OK.

Remove the requirement to approve mailboxes

Admins, as described in the preceding permissions model table, can change the settings so that mailbox approval isn't required.

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Email settings.
Under Security and permissions, turn off Process emails only for approved users and Process emails only for approved queues. (These settings are enabled by default.)
Select Save.

Test the configuration of mailboxes

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Mailboxes.
Select Active Mailboxes.
Select the mailboxes you want to test, and then select Test & Enable Mailbox.

This tests the incoming and outgoing email configuration of the selected mailboxes and enables them for email processing. If an error occurs in a mailbox, an alert is shown on the Alerts wall of the mailbox and the profile owner. Depending on the nature of the error, customer engagement apps try to process the email again after some time or disable the mailbox for email processing.

To see alerts for an individual mailbox, open the mailbox, and then under Common, select Alerts.

The result of the email configuration test is displayed in the Incoming Email Status, Outgoing Email Status, and Appointments, Contacts, and Tasks Status columns of a mailbox record. An alert is also generated when the configuration is successfully completed for a mailbox. This alert is shown to the mailbox owner.

You can find information about recurring issues and other troubleshooting information in Blog: Test and Enable Mailboxes in Microsoft Dynamics CRM 2015 and Troubleshooting and monitoring server-side synchronization.

Make sure you've got a good connection to Exchange Online by running the Microsoft Remote Connectivity Analyzer. For information about what tests to run, see Test mail flow with the Remote Connectivity Analyzer.

Tip

If you're unable to synchronize contacts, appointments, and tasks for a mailbox, you might want to select the Sync items with Exchange from this org only, even if Exchange was set to sync with a different org checkbox. More information: When would I want to use this check box?

Test email configuration for all mailboxes associated with an email server profile

Do one of the following:
- In the Power Platform admin center, select an environment.
- In the legacy web client in the upper-right corner, select , and then select Advanced settings.
Select Settings > Email > Server profiles.
Select the Microsoft Exchange Online profile, and then select Test & Enable Mailboxes.

When you test the email configuration, an asynchronous job runs in the background. It might take a few minutes for the test to be completed. Customer engagement apps test the email configuration of all the mailboxes associated with the Microsoft Exchange Online profile. For the mailboxes configured with server-side synchronization for synchronizing appointments, tasks, and contacts, it also checks to make sure that they're configured properly.

Tip

Enable server-side synchronization functionality for Exchange Online in China

To connect Dynamics 365 with your Exchange Online tenant in China and use server-side synchronization functionality, follow these steps:

If your org was provisioned before October 17, 2020, contact 21Vianet support to allow your org to connect to Exchange Online. If your org was provisioned after October 17, 2020, this step isn't required.
Run the following PowerShell script to point your Exchange Online email server profile to the required Exchange Web Services (EWS) endpoint.
Configure the mailbox, and then test and enable the mailbox.

Use the following PowerShell script to change the EWS endpoint:

#Specify email server profile Id and orgUrl
param ( 
    [string]$emailServerProfileId = "<profile id>", 
    [string]$orgUrl = "<org url>", 
    [string]$defaultserverlocation = "https://partner.outlook.cn/EWS/Exchange.asmx" 
) 
Install-Module Microsoft.Xrm.Data.PowerShell -Force
$conn = Connect-CrmOnline -Credential $cred -ServerUrl $orgUrl 
$emailserverprofile = Get-CrmRecord -conn $conn -EntityLogicalName emailserverprofile -Id $emailServerProfileId -Fields defaultserverlocation
$emailserverprofile.defaultserverlocation = $defaultserverlocation; 
Set-CrmRecord -conn $conn -CrmRecord $emailserverprofile