Need to approve email addresses in CRM 2011

Need to approve email addresses in CRM 2011

As we are running CRM 2011 as dogfood, I found an interesting new feature of CRM 2011. When adding a new user, you have to approve their email for it to work properly, for instance in Outlook where you otherwise will get an error saying that the sending user does not have an email address.

So, if you get this error, just add an email address and press the “Approve Email” button in the ribbon.

Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB

Interesting blog article on Microsofts Dynamics in the cloud

The Cloud is hot. Everybody seems to be talking cloud computing like it is the holy grail of computing. I try to have a bit more cold headed view of it since I am often faced with the complexities of integrating systems with each other, I often find that it can be very complex to integrate two systems residing in machines next to each other, adding a level of complexity by placing these machines on the internet does make integration more complex and costly.

The cloud does have its advantages though, for smaller companies, like my own, there is no need to own and run large servers. We, at CRM-Konsulterna, do not run any servers at all. The one server that we actually need, our lab environment, is actually hosted aswell, but on a infrastructure level.

I was tipped by Software Advice about an interesting article on Microsofts push on cloud computing for Microsoft Dynamics. You can read it here: It addresses some quite interesting points from a Dynamics perspective, not only CRM.

I think that you need to understand the background in order to understand why Microsoft are pushing this so hard. The traditional on-premise deployment type of systems has always been Microsofts strongest area and Microsoft has for several reasons, like risk reduction, scalability etc. to have a business that is partner based. It is also heavily focused on adressing the IT part of customers business, which is natural when coming from their background.

The recent years have shown that companies like Google and deliver very competent cloud based services and this seriously endagers Microsofts core business model since it shortcuts Microsoft offers by adressing the business decions makers directly and circomventing the IT-departments. This is a outspoken stragegy for companies like

So, what Microsoft tries to do is to compete on the cloud market and the on-premise market at the same time while still trying to hold on to their partner network and maintain their loyalty. This is of course quite complicated since many Microsoft partners have made a living by installing and selling Microsoft software. There are new models for cloud based service reselling but it does feel like there is going to be a bit of a downside for many partners.

From our perspective, as CRM-consultants, we are happy to offer CRM in any flavor since our main businesses is not selling the licenses but around helping our customers leverage the power of the system by adapting it to their needs. Hence it does not really matter if it on-premise or in the cloud.

However, from a technical perspective, we do recommend either partner hosted or on-premise since that substantially reduces the pains of integrations and adaptions compared to a Microsoft hosted solution. So, our recommendation to our customers is usually to choose partner hosted as that relieves  them of the burden of managing the server etc. and at the same time gives us all the advantages of adapting the system to their needs.

The fact that Hunter Richards mentions about the different architectures of the Dynamics ERP products is true but does not really affect Microsoft CRM since it has a good Cloud platform, even though there are some adaptations that only can be done on on-premise or partner hosted systems, it is a very competent and flexible Cloud system and the new version CRM 2011 is even better.

It will also be interesting to see how Microsoft will mange the partner channel in the future. It is something they, with their current business model cannot do without but at the same time something that slows them down a bit since partners naturally are slower to move than inhouse consultants.

Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB

CRM 2011 Release Candidate and installation

As most of you dedicated CRM nerds most certainly already know, the Release Candidate for CRM 2011 has been released.

As we at CRM-Konsulterna want to act as we preach, we have of course installed it and are now trying it out.

We are a small company and do not yet have an AD except one for our development environments on our virtual server host that we rent. So, our computers are not part of the domain that the CRM resides in.

An interesting thing about the Outlook client installation was that when we tested the connection, it worked just fine, but when trying to press the OK button in the configuration wizard, it just complained with the following error message “The server address (URL) is not valid.”.

After some digging, I found that the reason was that the stored URL that the discovery service returns is actually the computer name, and since our working computers arn’t part of the CRM:s AD, it couldn’t find it.

The simple fix is to add an entry in the local hosts file located in “C:WindowsSystem32driversetchosts” (if you installed windows to C:Windows of course).

There is probably some entry in the database, where this is located as well, I had a quick look but didn’t find it. If you know where, please let me know. The registry serverurl in the MSCRM key does not seem to be right. At least it does not change the webservice displayed in the customizations pages of CRM.

CRM 2011 looks and feels, really good, there are some minor buggs but it is a large step from CRM 4 which is a very good application as well.

Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB

Customer databases and Wikileaks

The latest news concerning wikileaks have some very important implications on CRM systems or xRM systems in general for that matter. How do you set the system up to avoid large information losses? There are some general things to be taken into consideration and some specifics for Microsoft Dynamics CRM.

For many companies, the list of customers, cases, interesting leads and business opportunities are among the most critical information the company has. If it gets into the wrong hands, the effects can be anything from embarssing to fatal. The latest weeks news concerning wikileaks has put this risk into some new light and it is a good time for companies to really put the right focus on this and handle the problem before it is too late. A competent CRM system like Microsoft Dynamics CRM, can, if security issues have not be properly addressed, be a great tool to very quickly export a lot of very business critical information.

There are some general tips that you really should address:

– How critical is the data? Which data is the most critical? Try to focus on the most important data instead of trying to set up fine masked security to cover all data. This will give you a bigger bang for the buck and also get the changes up and running quickly. Remember the fact that the chains often breaks at the weakest link, so focus on this link first.

– What legal aspects of the data do you have? Do all employees sign non-disclosure agreements and do they understand the severity of actually taking along some data to a competitor. In reality it is very hard to drive legal actions based on this but making sure all employees have understood the severity, will act proactivly to reduce the risk.

– Who can access the data? Usually not only the employees, IT-consultants, CRM- and ERP-consultants, and other contracted people might also have access.Trying to reduce the number of contractors, and signing company global NDA:s with contractors is usually a good idea.
– Where is the data stored? In these cloud computing times, this is not always a simple question. Data might be stored in a country with very rigid anti-terrorist or anti-piracy laws allowing government or other agencies to demand access to the data. If these government agencies judge that it be in their contrys best interest to send this information forward, this might also be done. Might sound a bit paranoid, but security policy is more about being paranoid than being naive. I would recommed hosting the system yourself or at a local partner. Preferably a partner of similar size to your own company since this will give you the same amount of flexibility and beaurocracy. This local partner will also be under the same national laws as your own company and have a more intimate relationship with your business than a huge corporation with a global hosting service.
– What is the weak link in the handling of data? It does not really matter if the CRM system in the cloud has astronomical encryption in the database and data transfers, if the people using the system have the same password in the CRM system as they have in all other online services like Facebook or Hotmail. Numerous examples have shown that people do share passwords between sites, and that cracking one site usually unlocks a lot more. An example can be a person using the same password for their local childcare portal as they do for their CRM at the global company they work for. The simple childcare portal, might be easily hacked with normal methods like SQL-injection and the passwords generated from this can then be used to access the global company CRM.
There are still more general principles to follow, I will not list them all here, if you have any you find particulary important, please leave a comment!
So, how do we handle this in Microsoft Dynamics CRM? There are several techniques that can be used but it is a constant battle between giving your users the power to really work with the data and making sure that the data is safe. Bellow are some of the more common ways of handling this:
– Security Roles and business units. The basic security architeture of Microsoft Dynamics CRM is really versatile and has very good support for separating users and data into different business units and then setting user roles to restrict access based on these business units. For instance, a team of telesales personell with a very high turnover of employees, can be set to only have read and write access to their own customers and opportunities and their team manager has the task of delegating the ownership of leads or opportunities to them. By using different roles, the senior sales team can on the other hand have access to all customers and business opportunities in the system. If a good separation of data can be done based on business units and security roles, this is a very good method since it is easy to set up and change, and still has very deep functionality in Dynamics CRM, going all the way down to the Filtered Views in the Dynamics CRM SQL-database.

– Disabling Excel export. Probably the most risky function in Dynamics CRM in regards to data theft from employees, is the Excel button. It can export any data the user has access to. There is a flag in the security roles, where this function can be switched off. It should be for all but powerusers, analysts and management.

– Limiting Excel export size. There is a way of manipulating the Dynamics CRM database to only allow a certain amount of rows in an excel export. As I have understood it, it is really a way of easing the load on the server and not really meant as a means of protecting data. It can only be set on a system wide way, which will limit the use of Excel for all users. You can read more about it in this blog entry, have a look in the comments, since it tells you how to set this for CRM 4.

– Custom Plugin code. Writing code that uses more complex functionality and filters the data can also be used. It need to trigger on the Retrieve, RetrieveMultiple and Execute methods. This is of course the moste versatile method. Even though it can be used to filter data that is accessed from the Dynamics CRM GUI it does not affect the Filtered Views in the database, so it is not a 100% solution but will work in most cases.

– Unsupported customizations. There is of course the dark side of customizations as well, by rewriting the database with new stored procedures, views, by modifying the existing CRM functionality, very deep changes can be made. This is not something I recommend since it will usually require deep reverse engineering and will seriously affect the upgradablity of the Dynamics CRM system.

This is a complex area and I would be happy to discuss it with you. Please leave a comment with your views on the subject. All comments are moderated to avoid spam.

Gustaf Westerlund
CEO, Chief Architect and co-Founder at CRM-konsulterna AB